anyway, i've read into other posts and have tried to rename the wininet.dll file but windows won't let me since it's currently in use.
the progs i've ran are:
-cleanup!
-lavasoft's adaware
-cwshredder
-spybot s&d
-ewido security suite
-trend housecall
-and lastly hijackthis.
thanks in advance for your help.
here's my log from hijackthis ::
Logfile of HijackThis v1.99.1
Scan saved at 7:01:07 PM, on 7/10/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\AOLServiceHost.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - _{39C763CA-7420-2A12-3515-F5A456076FF8} - (no file)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101097927\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vmtune] gdlib.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [Uint32] qwe.exe
O4 - HKLM\..\Run: [TorontoMail] ms-its.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164157_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164158_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [avpmondll] driver32.exe
O4 - HKCU\..\Run: [nmdllw] ERTYDF.exe
O4 - HKCU\..\Run: [Serviceprocess] runload32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} (CheckControl Class) - http://www.content-l...ad/ccaccess.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C289BD10-714C-4574-ADFF-864FD4D28E13}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O19 - User stylesheet: (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
and here is my scan report from ewido ::
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:30:50 PM, 7/10/2005
+ Report-Checksum: D09D27FD
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Dsi -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\MaxSpeed -> Spyware.Maxspeed : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut -> TrojanDownloader.Wareout : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\Options -> TrojanDownloader.Wareout : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\Registration -> TrojanDownloader.Wareout : Ignored
:mozilla.10:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.12:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.14:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.21:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Adtech : Ignored
:mozilla.22:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Adtech : Ignored
:mozilla.35:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.36:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.37:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
C:\Documents and Settings\Jeremy Williamson\Local Settings\Temporary Internet Files\Content.IE5\2H8V61AJ\index[1].htm -> Not-A-Virus.Exploit.VBS.Phel.a : Ignored
C:\Documents and Settings\Jeremy Williamson\Local Settings\Temporary Internet Files\Content.IE5\U5WZSJS1\exploit[1].exe -> TrojanDropper.Vidro.p : Ignored
C:\WINNT\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Ignored
C:\WINNT\system32\ccaccess.dll -> Heuristic.Win32.Hijacker1 : Ignored
C:\WINNT\system32\rdsndin.exe -> Spyware.FindSpy : Ignored
::Report End