# please help....media Pipe



## CricketNY (Feb 26, 2004)

Hi,
My son must of downloaded a program called media pipe....its from www.movieland.com I can't get rid of it..it says I have to pay ot have it taken off of my computer. I am now getting this damn pop-up with a girl talking about how i have to pay. I tired emailing them last night and when i hit send a screen came up asking if i wanted to get rid of it for free and i said yes. Well it didnt work and now i have this pop up that i can't close.
I tried running adware and that didn't help.
PLEASE could someone help before i kill my son who should of known better.
Thanks so much,
Cricket


----------



## D_Trojanator (May 13, 2005)

Hi my name is *David*









*Click here *   to download HJTsetup.exe
Save *HJTsetup.exe* to your desktop.

Double click on the *HJTsetup.exe* icon on your desktop.
By default it will install to *C:\Program Files\Hijack This*.
Continue to click *Next* in the setup dialogue boxes until you get to the "*Select Addition Tasks*" dialogue.
Put a check by *Create a desktop icon * then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch *Hijack This*.
Click on the *"Do a system scan and save a log file"* button. It will scan and then ask you to save the log.
Click *Save* to save the log file and then the log will open in notepad.
Click on "*Edit* > *Select All*" then click on "*Edit * > *Copy*" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.*


----------



## CricketNY (Feb 26, 2004)

HERE IS THE LOG...I HAVE to RUN TO THE STORE, WILL CHECK BACK IN A HALF HOUR...THANK YOU.

Logfile of HijackThis v1.99.1
Scan saved at 2:32:57 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1124394718\ee\AOLHostManager.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\AOL\1124394718\ee\AOLServiceHost.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\AltPayments\AltPayments.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\AOL\1124394718\ee\AOLServiceHost.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124394718\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://cricketny.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://mercury.kare11.com/AxisCamControl.bin
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://www.tierpark-goerlitz.de/wg_webeye.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BE964208-66F0-48FB-8F53-0C2BC35A610A} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl3.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?326
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3028.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## D_Trojanator (May 13, 2005)

Go to add/remove and uninstall *WeatherBug*, and *P2PNetworking* + *ViewPointManager*

Hi and Welcome to *techguy.com*!









My name is *David*









*Please do both of the following before we start if possible!*:

*1)* Please print off these intructions - they will be needed later when internet access is not available.
*2**)* Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
At the moment you may feel like you battling with your computer to keep it running smoothly like so --->







but doing the following things should most certainly help getting it back to how it was ---->








You may even feel this this







in extreme cases!

*It may look like a lot below * - follow the instructions as *carefully* as possible and everything should be *kool*!
________________________________________________

Please download *Ewido Security Suite* (free), and install it.
When installing, under *Additional Options* uncheck both *Install background guard* and *Install scan via context menu*. 
When you run Ewido for the first time, you could get a warning "Database could not be found!". Click *Ok*. 
The program will prompt you to update. Click the *Ok* button. 
The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
On the left-hand side of the main screen click the *Update* button. 
Click on *Start*. The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido._* Do NOT run it yet.*_

(If you have problems updating, you can use *this link* to manually update Ewido. 
*Make sure that Ewido is closed when installing the update*.)

*DO NOT RUN IT YET!*

________________________________________________

*CleanUp!*

Download Cleanup from *Here* 

 A window will open and choose *SAVE*, then *DESKTOP* as the destination.
 On your Desktop, click on *Cleanup40.exe icon.*
 Then, click *RUN* and place a checkmark beside "*I Agree*"
 Then click *NEXT* followed by *START* and *OK.*
 A window will appear with many choices, *keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.*
 Click* OK*

*DO NOT RUN IT YET!*

________________________________________________

Download *Pocket Killbox*, unzip it, and save to your Desktop. *Do NOT run it yet*. 
________________________________________________

*Click here* for info on how to boot to safe mode if you don't already know how.

________________________________________________

*Make sure that you can see hidden files (Windows XP*). 

Click "*Start*". 
Click "*My Computer*". 
Select the "*Tools*" menu and click "*Folder Options*". 
Select the "*View*" tab. 
Under the "*Hidden files and folders*" heading, select "*Show hidden files and folders*". 
Uncheck the "*Hide protected operating system files (recommended)*" option. 
Click "*Yes*" to confirm. 
Uncheck the "*Hide file extensions for known file types*". 
Click "*OK*".

________________________________________________

Please run *HijackThis!* again and do another scan. Check the following entries only:

*
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint 
Manager\ViewMgr.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124394718\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common 
Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime

O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program 
Files\p2pnetworks\mpp2pl.exe" /H

O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 
C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - 
http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab

O16 - DPF: {BE964208-66F0-48FB-8F53-0C2BC35A610A} (UMediaPlayer Class) - 
http://www.umediaserver.net/bin/UMediaControl3.cab *

Please close *all * browsers and open windows except  HJT, then click the *Fix Checked * button. 
Close HJT

________________________________________________

*Restart your computer into safe mode now* Perform the following steps in safe mode:

________________________________________________

Double-click on* Killbox.exe  * to run it. Now put a tick by *Standard File Kill*. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click *Yes*. Continue with that same procedure until you have copied and pasted all of these in the "*Paste Full Path of File to Delete*" box.








Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

*C:\ProgramFiles\p2pnetworks\mpp2pl.exe
C:\Program Files\AltPayments\AltPayments.exe *

Exit the Killbox.

________________________________________________

Manually delete these two folders:

*C:\ProgramFiles\p2pnetworks
C:\Program Files\AltPayments*

*Please close ALL open Windows, Programs and Folders,* and run a full scan with Ewido.
Click on *Scanner * 
Click on *Settings * 
Under *How to scan* all boxes should be checked 
Under *Unwanted Software* all boxes should be checked 
Under *What to scan* select *Scan every file * 
Click on *Ok* 
Click on *Complete System Scan* to start the scan process. 
Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says *Perform action on all infections*, then choose *clean *and click *Ok. *

* Run Cleanup: 
 Click on the "*Cleanup*" button and let it run.
 Once its done, *close the program*.
________________________________________________
*Reboot to normal mode*

________________________________________________

Post new hijackthis log and the ewido log!








David


----------



## D_Trojanator (May 13, 2005)

Also go to add/remove and uninstall MediaPipe if it's therer
DAvid


----------



## CricketNY (Feb 26, 2004)

hi,
I thnik i have it solved..at least in the last 5 minutes there hasnt been that darn pop- up.
I could not find this when i ran hijackthis.....
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint 
Manager\ViewMgr.exe
I was able to go into my computer /program files and then delete the Media pipe folder...wouldnt let me do it before.

I ran hijackthis again and here is the log.....
Logfile of HijackThis v1.99.1
Scan saved at 5:20:47 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Common Files\AOL\1124394718\ee\AOLHostManager.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\AOL\1124394718\ee\AOLServiceHost.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1124394718\ee\AOLServiceHost.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://cricketny.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://mercury.kare11.com/AxisCamControl.bin
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://www.tierpark-goerlitz.de/wg_webeye.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?326
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3028.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for all the help you have given me so far  ,
Cricket


----------



## D_Trojanator (May 13, 2005)

Fix these with these like you did beofre:

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsol...ArcadeRdxIE.cab
_________________

Clean Log!!








How's everything running? :up: or :down: ?
David


----------



## D_Trojanator (May 13, 2005)

Did you try to uninstall MediaPipe? If not, try!

With IE closed, run Hijack This again. 
Put a checkmark on these entries and hit "fix checked":

*O4 - HKLM\..\Run: [MediaPipe] "C:\Program Files\MediaPipe\MediaPipe.exe" /H

O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H

O4 - HKLM\..\Run: [MediaPipeTrayIcon] "C:\Program Files\MediaPipe\MPTray.exe" /H

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) *

Download *KillBox* here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
*DO NOT* run it yet.

Boot into *Safe Mode*

Double-click on *Killbox.exe * to run it. 
Now put a tick by Standard File Kill. 
In the "*Full Path of File to Delete"* box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the *X* in the middle after you enter each file. 
It will ask for confimation to delete the file. 
Click *Yes*. 
Continue with that same procedure until you have copied and pasted all of these in the "*Paste Full Path of File to Delete*" box.

*C:\Program Files\MediaPipe\MediaPipe.exe

C:\Program Files\p2pnetworks\mpp2pl.exe

C:\Program Files\MediaPipe\MPTray.exe *
______________________

Manually delete these folders:

*C:\Program Files\p2pnetworks

C:\Program Files\MediaPipe*
_________________________

Reboot to normal mode and post a new HJT log
David


----------



## D_Trojanator (May 13, 2005)

nruhlig - please post your problem and log in the security forum in a new thread!
David


----------



## D_Trojanator (May 13, 2005)

Hi *TkHesson* 

I have asked for this to be moved to its own thread to make it less confusing!

David


----------



## shannonlogic (Oct 26, 2005)

Can Anyone Help Me Out With This Dang Media Pipe Bull-sh*t???? I Have Been Readin All Of This And Need The Same Assistance.... How Do I Get This D_trojanator Directly? Please Help... Or Reply So I Can At Least Get On The Right Track... Thanx


----------



## D_Trojanator (May 13, 2005)

Hi Shannon - You are being helped here at the moment:

http://forums.techguy.org/t411339.html

Please carry on there.

David


----------



## D_Trojanator (May 13, 2005)

Hi *jhannansr* 

I have asked for this to be moved to its own thread to make it less confusing!

David :up:


----------



## c.stewart (Oct 31, 2005)

sorry im carl im having the same kinda problem wondering if u could have a look through here i think im missing a file 
really greatfull

Logfile of HijackThis v1.99.1
Scan saved at 21:32:40, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\zangoclient\zanu.exe
C:\WINDOWS\system32\msupdate.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\AltPayments\AltPayments.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe
C:\Program Files\Ahead\nero\nero.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\zangoclient\zanuhook.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\PROGRA~1\Accoona\atoolbar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [msie] msie.exe
O4 - HKLM\..\Run: [zanu] c:\program files\zangoclient\zanu.exe
O4 - HKLM\..\Run: [msupdate] msupdate.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKLM\..\RunServices: [msie] msie.exe
O4 - HKLM\..\RunServices: [msupdate] msupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: office.exe
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe


----------



## Titans (Oct 20, 2005)

hi everyone again ill run the hijacthis again and can u guys tell me what to delete, and also my internet on myspace.com is slower than usual so ill post it here very quickly.


----------



## Titans (Oct 20, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 7:08:48 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascarsimracing.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {797FA1DD-30E7-4093-A892-E8C2A556A583} (CFM2005TurboDMCrs.UserControl1) - http://www.racelm.com/rlm/cfmturbo/cfm2005turboDMCrs.CAB
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak02.pictures.aol.com/ygp/aol/plugin/screensaver/YGPPicScreensaver.en-US.9.1.6.20.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CC1E9F72-AFBE-4C67-B6E1-AB992035E562} (CFM2005TurboDMCrsnorun.UserControl1) - http://www.racelm.com/rlm/cfmturbo/cfm2005turboDMCrsnorun.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Jag11 (May 30, 2005)

To *c.stewart* and *Titans*,

It would be hard for D_Trojanator and the others to help all of you in one thread, it will be confusing.

Go here:

http://forums.techguy.org/forumdisplay.php?f=54

and click on the button that states: "*New Thread*"


----------



## djh1 (Nov 2, 2005)

I'm having the same problem. Could you look at my log?

Logfile of HijackThis v1.99.1
Scan saved at 12:03:32 AM, on 02/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AltPayments\AltPayments.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LimeWire\LimeWire 4.2.2\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca/news?ned=ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095733936540
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123701022031
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


----------



## Jag11 (May 30, 2005)

hi djh1,

welcome to tsg. please go here:

http://forums.techguy.org/forumdisplay.php?f=54

and create a new thread for your problem. Just click the "New Thread" button, and you're done. Just don't post your problems on other people's thread, that will confuse the one who helps the owner of the thread.


----------



## littlejesse (Nov 2, 2005)

I have this movieland.com popup on my computer and I don't know where it came from. It's this woman talking saying that I owe them money but my husband and I are the only ones with access to the computer and we certainly didn't download this. How do I remove it or contact them to tell them that I owe them nothing? I'm helpless here.

Thanks,
Jessica


----------



## destructor (Nov 2, 2005)

hello my name is destructor. Yeah I got the same problem with media pipe. here is my log...
Logfile of HijackThis v1.99.1
Scan saved at 1:25:13 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\AltPayments\AltPayments.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130108041328
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: WUSB54GSv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe (file missing)

please help me.


----------



## Daneen (Nov 4, 2005)

I have the same problem... here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 7:17:46 PM, on 11/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AltPayments\AltPayments.exe
C:\Program Files\aim\aim.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbSrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/redirect.html?redirectID=99104
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbHostIE.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbHostIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [hmpnmvyf] C:\WINDOWS\System32\rancygoc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126826434765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126826425671
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Scorpion15 (Nov 4, 2005)

I have the same problem as well...Here's my log...PLEASE HELP ME!!!

Logfile of HijackThis v1.99.1
Scan saved at 10:35:53 PM, on 03/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\winupd32.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\windows\system32\bxaopp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\windows\system32\calc.exe
C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Aqryr\Zvlix.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MediaPipe\MPTray.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\MediaPipe\DownloadManager.exe
C:\Program Files\AltPayments\AltPayments.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://msn.sympatico.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: (no name) - {25F23C66-9D97-B26E-80C8-860A730EF492} - (no file)
O2 - BHO: ShowBarObj Class - {43AE45CB-DDA7-454B-9650-93A4C090BDB8} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58A86F29-8779-3C82-8725-12550CF37B4B} - (no file)
O2 - BHO: (no name) - {59AE6C2C-8C75-43F5-8723-665504802A3B} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {E5D82791-814A-86B7-2452-E65B562F6197} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-ca\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Windows Automatic Updating System] winupd32.exe
O4 - HKLM\..\Run: [Plug And Play] msnmsg.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [bxaopp] c:\windows\system32\bxaopp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Rpheizfm] C:\Program Files\Aqryr\Zvlix.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MediaPipe] "C:\Program Files\MediaPipe\MediaPipe.exe" /H
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [MediaPipeTrayIcon] "C:\Program Files\MediaPipe\MPTray.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKLM\..\RunServices: [Windows Automatic Updating System] winupd32.exe
O4 - HKLM\..\RunServices: [Plug And Play] msnmsg.exe
O4 - HKLM\..\RunServices: [blah service] Windows.exe
O4 - HKCU\..\Run: [Plug And Play] msnmsg.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52....com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097092031774
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128127149154
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0558104A-F074-4225-A8BE-5787ACCCF516}: NameServer = 206.47.244.53 206.47.244.109
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


----------



## littlejesse (Nov 2, 2005)

I wrote before about the movieland problem. Here's my log:
Please help!?!

Logfile of HijackThis v1.99.1
Scan saved at 6:32:27 PM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\PROGRA~1\MYWEBS~2\bar\2.bin\mwsoemon.exe
C:\Program Files\FCEngine\FCEngine.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\AOL\1112442617\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1112442617\ee\AOLServiceHost.exe
c:\program files\common files\aol\1112442617\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1112442617\ee\AOLServiceHost.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {CF490793-3A68-4931-9C10-A29A856D36F3} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {117BC1E7-6947-5FE4-0D41-5C2EC283E0FD} - C:\WINDOWS\system32\xurpzm.dll (file missing)
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\system32\vbrundll.dll
O2 - BHO: (no name) - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - (no file)
O2 - BHO: (no name) - {4AA870AC-8427-42a4-B92E-ECD956197489} - (no file)
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsv6DB.dll
O2 - BHO: (no name) - {88AC9CA9-3554-5FAF-1664-5B9E198979F5} - C:\WINDOWS\system32\xhh.dll (file missing)
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasztoy.dll
O2 - BHO: (no name) - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - (no file)
O2 - BHO: (no name) - {A9A08296-733E-429D-25F0-47EF4ED004A0} - C:\WINDOWS\system32\ocddelqa.dll (file missing)
O2 - BHO: (no name) - {BD81ACA9-1867-6A9B-3B54-6BB329B954C5} - C:\WINDOWS\system32\xhh.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {FA9A9B16-27AE-5F59-8E61-79C5480E45B5} - C:\WINDOWS\system32\tfi.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4B64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1112442617\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\system32\regsync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\JESSIC~1\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [vhfapgs] C:\WINDOWS\vhfapgs.exe
O4 - HKLM\..\Run: [kghblix] C:\WINDOWS\kghblix.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKLM\..\Run: [BASSCuB] C:\WINDOWS\sxfcukb.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0A\AOL.EXE" -b
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0AB5CBCF-6984-4122-BCF7-BE33BF5B1CF1} - http://www.topmoxie.com/external/builds/upromise/upro1050.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://66.29.7.159/toolbar/cabs/free_access.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://mrsupergames.aavalue.com/toolbars/msg/msg-toolbar.cab
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## General.Tso (Nov 7, 2005)

Hello, Im Aaron, and for a few days i have had this as well...media pipe...and the chick who wants my money..i have downloaded hijackthis....and heres my log

Logfile of HijackThis v1.99.1
Scan saved at 8:54:46 PM, on 11/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

If you can help it would be much appreciated...
Thanks


----------



## cfarina (Nov 7, 2005)

Dave I am having the same problem as Cricket and I am sending you a copy of the log. Can you help me. If so, I would be glad to make a contribution for your services.

Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:57:58 AM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~1.EXE
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MCIEPlugIn Class - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


----------



## blondeau9 (Nov 8, 2005)

hi my name is lisa, i have a problem with movieland, i have downloaded highjack this and here is my log
Logfile of HijackThis v1.99.1
Scan saved at 7:58:23 AM, on 11/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AltPayments\AltPayments.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYCA_ZNxdm795YYCA
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.3.2.25/canasta/canasta-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.1.5.21/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.1.5.28/poppit2/poppit2-ob-assets.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110156343140
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


----------



## themensaguy (Nov 9, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 11:18:33 AM, on 11/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1124332566\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124332566\ee\AOLServiceHost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MediaPipe\AltPayments.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1124332566\ee\AOLServiceHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wm.edu/it/mynotebook
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wm.edu/it/mynotebook
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124332566\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MediaPipe] "C:\Program Files\MediaPipe\MediaPipe.exe" /H
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [MediaPipeTrayIcon] "C:\Program Files\MediaPipe\MPTray.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ibm.com
O15 - Trusted Zone: *.wm.edu
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1112048258975
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe


----------



## blondeau9 (Nov 8, 2005)

i'm not sure how to use this program. i am having a problem with movieland. thie woman talking and asking for money is getting to the point that i don't want to turn on my computer, because it pops up every time i do. i have sent my log and did everything i was told to do but this program keeps coming up. please let me know how to get rid of it once and for all.
thank you 
lisa blondeau


----------



## cfarina (Nov 7, 2005)

Lisa:

Run the program and look for any registers that say MediaPipe or Alt Payment, like the example listed below. Check the box next to them and then click "FIX". Your problem will definitely go away.

O4 - HKLM\..\Run: [MediaPipe] "C:\Program Files\MediaPipe\MediaPipe.exe" /H
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [MediaPipeTrayIcon] "C:\Program Files\MediaPipe\MPTray.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"


----------



## odusunited (Nov 11, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 9:34:00 PM, on 11/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\AltPayments\AltPayments.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPRV10.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/id/8874568/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKLM\..\Run: [NAMEDPIPE SYSTEM] \namedpipe.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [NAMEDPIPE SYSTEM] \namedpipe.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Startup: E-mail.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


----------



## edge147 (Nov 12, 2005)

Hey your amazing

I don't understand much about spyware or any threats for that matter.I tried symantec to remove it but no end.I even had to pay the 20.00 one time fee thanks to someone and they said they would remove it.Nope, the payment notice is still on my screen.Anyway I saw what one person did so I followeed the same advice.Logfile of HijackThis v1.99.1
Scan saved at 9:24:28 PM, on 11/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\AltPayments\AltPayments.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.mdg.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mdg.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.mdg.ca
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128654726312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128654707406
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

thank you, i hope you can help?


----------



## EAFiedler (Apr 25, 2000)

Closing this thread.

Anyone else with the same problem please start a *New Thread*.

Thank You.


----------

