I ran Adaware .
I ran spybot.
I tried Panda AV .
I am running AVG7.5 right now .
This stuff keeps going on . Help please .
This is my latest hijack this log .
Logfile of HijackThis v1.99.1
Scan saved at 3:52:00 PM, on 10/23/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\LxrJD31s.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\WINNT\system32\pctspk.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program
Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\system32\ICROSO~1\javaw.exe
C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnf.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go
ogleToolbarNotifier.exe
C:\WINNT\W?nSxS\i?xplore.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My
Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://ar15.com/forums/
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -
{3A369038-28D5-5A07-D6AA-73B5E8C0DDB9} -
C:\WINNT\system32\jrtbm.dll
R3 - URLSearchHook: (no name) -
_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: HelperObject Class -
{00C6482D-C502-44C8-8409-FCE54AD9C208} -
C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{3A369038-28D5-5A07-D6AA-73B5E8C0DDB9} -
C:\WINNT\system32\jrtbm.dll
O2 - BHO: (no name) -
{51E02A43-AAD4-C7FE-63C2-07E2F8A4AF29} -
C:\WINNT\system32\bxjnvvc.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt -
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} -
C:\Program Files\TechSmith\SnagIt
6\SnagItIEAddin.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [CPortPatch]
C:\WINNT\DockQuickInstall\cppch.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program
Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program
Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program
Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck]
C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [CamMonitor] C:\Program
Files\Hewlett-Packard\Digital
Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinLibUpdate] libupdate.exe
O4 - HKLM\..\Run:
[Ezthemes_WhenUSaveNow_Installer] C:\Program
Files\Ezthemes_WhenUSaveNow_Installer\Ezthemes_Whe
nUSaveNow_Installer.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program
Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go
ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aaaa]
"C:\WINNT\system32\ICROSO~1\javaw.exe" -vt tzt
O4 - Global Startup: WinZip Quick Pick.lnk =
C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ieSpell Options -
res://C:\Program
Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling -
res://C:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -
C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -
C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -
C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -
C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C}
-
http://a1540.g.akama.../20060104/qtins
tall.info.apple.com/snape/us/win/QuickTimeInstalle
r.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.micros...ftupdate/v6/V5C
ontrols/en/x86/client/muweb_site.cab?1141292438886
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoft...scan/as5free/as
inst.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{08B86E2E-E805-4
49D-BEED-4B04EE390178}: NameServer = 209.112.160.2
209.112.130.2
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server
(Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative
Service (dmadmin) - VERITAS Software Corp. -
C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown
owner - C:\WINNT\SYSTEM32\LxrJD31s.exe