Logfile of HijackThis v1.98.2
Scan saved at 10:36:57 AM, on 12/14/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\xl.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\System32\gtxlvdkb.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: (no name) - {88ED9C90-793B-BA47-E0F4-D5D238A5DD4B} - C:\WINNT\Ejveofoo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: Search - {0B4E2416-817B-7DD9-8622-99880D2E0A5E} - C:\WINNT\Ejveofoo.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [zszywrizseb] C:\WINNT\System32\gtxlvdkb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [coss_bms_olife] C:\WINNT\System32\coss_bms_olife.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSxdm126
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\lsp.dll' missing
O15 - Trusted Zone: http://www.gliconline.com
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot4_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.game...nts/y/ft3_x.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thoug.../install011.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Advanced) - https://w3.gliconlin...cripts/smsx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} (GuardianDownload.Download) - http://w3.gliconline...ianDownload.CAB
O16 - DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} (prjDownloadHelp.ctlDownloadHelp_2) - http://w3.gliconline...nloadHelp_2.CAB
O16 - DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} (prjShowHelp_3.ctlShowHelp_3) - http://w3.gliconline...lshowHelp_3.CAB
O16 - DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} (VbpCommonControls.ctlCommonControls) - http://w3.gliconline...monControls.CAB
O16 - DPF: {465FAD36-B01B-40B7-836C-FA4B5AC6684E} (Install Class) - file://D:\DL_Installer.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://apexlogin.ag...indows-i586.cab
O16 - DPF: {8EB7A892-8135-11D1-842A-00A02495BC15} (AppLauncherCtrl2 Class) - http://w3.gliconline...ppLauncher2.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} (VbRuntime.RuntimeControls) - http://w3.gliconline...L_VbRuntime.CAB
O16 - DPF: {ADFA388B-1546-11D4-9D1E-00C04F59F6E9} (Project1.UserControl1) - https://w3.gliconlin...ctiveXdummy.CAB
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f1.pg.photos....plorer1_9us.cab
O16 - DPF: {F15AA72F-AABF-11D4-98D4-00B0D076D242} (PTH_ClientControl.DI) - https://w3.gliconlin...ipts/PTHtab.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{4797B80E-327A-46BF-899E-A9DB66689B02}: NameServer = 206.13.29.12,4.2.2.2
Please help. Thank you