Thanks in advance for any assistance I will be given. I have WindowsXP, and I acquired some nasty malware on my computer when I unwisely downloaded some untrustworthy software (which has since been removed). I ran he Cleanup!, as well as Ad-aware SE, Spybot S&D, and Symantec Antivirus, but I still can't get rid of them.
I will be attaching my HijackThis log momentarily...
Logfile of HijackThis v1.99.1
Scan saved at 11:36:50 AM, on 7/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINDOWS\System32\PSof1.exe
C:\WINDOWS\system32\pabjlr.exe
C:\WINDOWS\system\nsfglo.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\rdoiop.exe
C:\Program Files\Cas\Client\casclient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiles\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiles\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVDSolution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HPShare-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"-osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitekex32.exe
O4 - HKLM\..\Run: [53nR33S] recpxmib.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pabjlr.exe reg_run
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [K045RTeEi] rdoiop.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - HKCU\..\Run: [fuok] C:\PROGRA~1\COMMON~1\fuok\fuokm.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self SupportTool\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\ProgramFiles\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\ProgramFiles\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\ProgramFiles\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\ProgramFiles\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\ProgramFiles\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\ProgramFiles\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\ProgramFiles\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\ProgramFiles\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\ProgramFiles\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} -C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ProgramFiles\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ProgramFiles\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://v5.windowsupdate.microsoft.com/v5co...eb_site.cab?1115751496972
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -http://www.pacimedia.com/install/pcs_0029.exe
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{998C0AC3-8EBF-4F00-AF2F-81356854B78B}: NameServer =151.164.14.201 151.164.1.8
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\ProgramFiles\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\ProgramFiles\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\ProgramFiles\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\SymantecAntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SymantecAntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Edited by ~Kat~, 23 July 2005 - 10:55 AM.