My wife's friend is from Iraq. My wife and her like to download from the internet and I think something they downloaded might be the trouble but I'm not sure.
Logfile of HijackThis v1.99.1
Scan saved at 1:36:02 PM, on 8/1/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\ossvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\SCHAS.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ieaus.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINNT\system32\USBMonit.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\INCAInternet\nProtectPersonal\BasedCode\nploginv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINNT\system32\npmonk.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\mycom\Desktop\Internet Downloads\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [WinPoET] "C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [WebSteal] C:\WINNT\system32\WebSteal.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\USBMonit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [OKUpdate] "C:\Program Files\OKCodec\Update\OKUpdate.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [nProtectPersonal(BasedCode)] "C:\Program Files\INCAInternet\nProtectPersonal\BasedCode\nploginv.exe"
O4 - HKLM\..\Run: [PC-Radar] C:\Program Files\PC-Radar\PC_Radar.exe
O4 - HKLM\..\Run: [PCRPopup] C:\Program Files\PC-Radar\PCRPopup.exe
O4 - HKLM\..\Run: [PC_Radar] C:\Program Files\PC-Radar\PC_Radar.exe Icon
O4 - HKLM\..\Run: [SpyMedic] C:\Program Files\SpyMedic\SpyMedic.exe /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ¿ⓒ¿iE - {B430274F-B58A-4f0d-87FA-C520DB4D3D1A} - http://line1152.ojak.com (file missing)
O9 - Extra 'Tools' menuitem: &¿ⓒ¿iE - {B430274F-B58A-4f0d-87FA-C520DB4D3D1A} - http://line1152.ojak.com (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://www.pdbox.co.kr
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg4.cyworl...mageUpload2.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://update.nprote...ebInstallV2.cab
O16 - DPF: {0C90C10C-96D0-43CE-906B-A64201E7A473} (NxPlayer Control) - http://file.popdj.tv...ls/NxPlayer.CAB
O16 - DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} (StreamNote2 Control) - http://cmet.yu.ac.kr...StreamNote2.cab
O16 - DPF: {1A99AD04-C72C-484A-9EEE-1B29B1243263} (ADKiller Control) - http://down.ad-kille...ex/ADKiller.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {1E8CC24D-DAB8-4212-B9F8-4D95016A6BA4} - http://www.bestcode....79/icon0079.cab
O16 - DPF: {20AC97A6-EA84-437D-89F4-05EA923ADAD3} (RewardNetwork clxLauncher Class) - http://codebase.clea...er/WScleanx.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://211.63.175.12...down/INIS60.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2D394D05-A066-4678-BA38-E85882B09B2E} (Controller Class) - http://www.cosmotan....net/myspeed.cab
O16 - DPF: {316ED558-1FBB-4975-BE33-5C1D294BD0C2} (YBMFonts Control) - http://www.ybmallina...ab/YBMFonts.CAB
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.c..._2006_02_11.cab
O16 - DPF: {3CAED5A4-3FF0-4006-87F3-F75FB5A90A74} (iFreeTrans Control) - http://www.fotoris.c...eeTransCtrl.cab
O16 - DPF: {3DA11B9D-C8BF-4ADE-A180-159399C536D9} (BtShellDgb20Com Class) - http://download5.ban...t/BtCxDgb20.cab
O16 - DPF: {3DDB716E-8BA8-43B5-A926-6FB04193FFA0} (Maws_KRail Class) - http://www.barota.co...nFPS_KORAIL.cab
O16 - DPF: {3E086D34-0ED5-4A8E-BB6A-C4DF5AC4357B} (XGrid Control) - http://download5.ban.../DaeguXGrid.cab
O16 - DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} (IB_OnAir.IBOnAir) - http://ionair.sbs.co...ir/IB_OnAir.CAB
O16 - DPF: {50640DA2-6367-400D-9B77-18F6969F1D47} (WebPriKTF Control) - http://www.ktfmember.../WebPri_KTF.cab
O16 - DPF: {5C899971-E9D6-4496-8077-98378408E340} (MPControl Control) - http://mplay.sbs.co....SiMPControl.cab
O16 - DPF: {5EC11B70-4EF8-4822-A4D6-5418C954594E} - http://khants.com/me...on/lovefree.CAB
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandor...e/SVPorsche.cab
O16 - DPF: {6AD54F1E-D241-48B4-ACFF-37BA1B1BF7AD} (SMInstallCom Class) - http://ax.spymedic.c...edicWebInst.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150086510222
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.p.../data/imweb.cab
O16 - DPF: {7BAE772F-FD08-48BB-A96B-63B3A5003C2F} (ezPay Control) - http://www.finger.co...ezpay/ezPay.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.soft.../xw_install.cab
O16 - DPF: {871B98F4-FD46-4562-BF53-ABC4840C4582} (CWFSCtrl Class) - http://download5.ban...TW-sToolkit.cab
O16 - DPF: {9286CE38-DD84-4980-91A3-E0534F37362F} (dcinsidePhoto.Uploader) - http://www.dcinsidep...insidePhoto.CAB
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {93F79C47-F414-4EEE-95C5-A0F0ACE59A0E} (ALDx Class) - http://www.altools.co.kr/ALDX.cab
O16 - DPF: {95ECBC00-7121-4379-BD64-69B42A0F1123} (MapID Control) - http://www.mapid.net...X/MapID_V10.cab
O16 - DPF: {9675ABBF-8D0B-4956-868C-934B5A7928D4} (Npv Control) - https://pg.banktown....netizen/npv.cab
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://sso.ebs.co.kr...Login/eGEBS.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co....ahooCabinet.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.diodeo.com/MagicLockOCX.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c..._2006_02_11.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co...57/WStarter.cab
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) -
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A2A4336A-E49E-44E8-B152-E98E841CFA24} (Update Control) - http://www.chzero.co...roMapUpdate.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachene...13/kdfense8.cab
O16 - DPF: {A56A1518-A259-4109-98B3-06A30F09AB1B} (JXMailViewer Control) - http://www.ktfmember...mailActiveX.cab
O16 - DPF: {A6961817-0A05-412F-BC05-9D84570E2400} (Icon0091 Control) - http://www.bestcode....91/icon0091.cab
O16 - DPF: {A78856A6-334B-43AF-96F5-58574005910D} (CEinstaller Object) - https://secure200.ip.../Einstaller.cab
O16 - DPF: {A8497454-CB7D-4877-A633-3932BF776A6A} (Webinstall Control) - http://211.214.161.1...58/OneSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackor...ate/ilkactx.cab
O16 - DPF: {B5BFFF5D-CA0D-4593-AB84-7F8ACB2AC42A} (MAPntCtrl Class) - http://www.barota.co...MAOnFPS_PNT.cab
O16 - DPF: {BAE923B7-8344-485E-B82D-82402F30B019} (DaumImageCtl Class) - http://pimg.hanmail....abs/DaImage.cab
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) - http://neis.dge.go.k...taller_full.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O16 - DPF: {C5AA81DF-6853-4923-B6E9-0D29007D79CE} (ChatRef Control) - http://ifamily.kbs.c...own/KBSChat.cab
O16 - DPF: {C5BAFC64-419D-11D4-BE28-0050CE181ABE} (IssacWeb Class) - http://www.billkorea...st/ISSACWeb.cab
O16 - DPF: {CEB5C2A3-180A-4121-BDAC-B9B92859D652} (MaPrtRail Class) - http://www.barota.co...rtChk_KRAIL.cab
O16 - DPF: {CFCBEE6F-BE54-4682-84F6-0E3FCDFAE3E2} (NowCAFE Control) -
O16 - DPF: {D44C7CBF-FB35-41CF-8D6C-C0A2143EB46C} (Yessign3 Control) - http://www.yessign.o...rt/yessign3.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprote...ccard/npkcx.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.co...test/Online.cab
O16 - DPF: {D95F5F60-5BB7-4655-BACE-FC5371EFC3E0} (Npx2 Control) - http://update.nprote...bccard/npx2.cab
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - http://update.nprote...egubank/npz.cab
O16 - DPF: {DCD7F1D9-8E57-45F8-8C0C-4400CD84C8BF} (Imhtml Control) - http://activexdown.p...data/imhtml.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanma...ctivex/dmcm.cab
O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - https://pg.banktown....tPmntClient.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co..../KVPISPCTLD.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) -
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Open Search Keyword Services (ossvc) - Brainnames - C:\WINNT\system32\ossvc.exe
O23 - Service: RtKit - Ralink Technology Inc. - (no file)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ineterner Explorer Add Update Services (updatecheck) - Brainnames - C:\WINNT\system32\ieaus.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\iVasion\WinPoET\WrOS.EXE
Edited by BuzzLightYear, 06 August 2006 - 06:57 PM.