[ihateviruses]

I've run adaware, search and destory, and even the cw shredder, but the files they remove won't stop the ads. I'm new to hijack this, so if I screwed something up, I apologize. Following is the report:

Logfile of HijackThis v1.99.1
Scan saved at 1:33:52 AM, on 4/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\Explorer.EXE
C:\Windows\System32\NALNTSRV.EXE
C:\Windows\System32\niSvcLoc.exe
C:\OfficeScn\ntrtscan.exe
C:\Windows\System32\MsPMSPSv.exe
C:\Windows\system32\nipalsm.exe
C:\Windows\system32\nipalsm.exe
c:\OfficeScn\ofcdog.exe
C:\Windows\system32\ltmsg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Windows\System32\dpmw32.exe
C:\Windows\system32\NWTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\OfficeScn\pccntmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Agilent\IO Libraries\bin\iproc82357.exe
C:\Program Files\Agilent\IO Libraries\bin\iproc488.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe
C:\OfficeScn\tmlisten.exe
C:\OfficeScn\pccntupd.exe
C:\Windows\system32\ntvdm.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
C:\windows\system32\sicnaub.exe
C:\windows\system32\calc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\GOODGERM\DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com...PT/0409/bF7.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NDPS] C:\Windows\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "c:\OfficeScn\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteukk32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: IO Control.lnk = ?
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095169501952
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\Windows\System32\cusrvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Windows\System32\NALNTSRV.EXE
O23 - Service: nidevldu - National Instruments Corporation - C:\Windows\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\Windows\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\Windows\System32\niSvcLoc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScn\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScn\tmlisten.exe

[Advertisements]

before anyone spends time trying to help me, just want to say that i fixed the problem. I started up in safe mode, and ran all of the programs again, as well as deleted some highly suspicious files, etc. Thanks for looking and trying to help!

[ihateviruses]

before anyone spends time trying to help me, just want to say that i fixed the problem. I started up in safe mode, and ran all of the programs again, as well as deleted some highly suspicious files, etc. Thanks for looking and trying to help!

[Michelle]

Want me to doublecheck?

Just post your new HijackThis log and I'll take a peek

Michelle

[edit] As there has been no response from the original poster, this topic is now closed. If you have any other problems, please post a new topic.

Edited by bananafanafo, 26 April 2005 - 06:45 PM.