i can safely delete from this hijackthis log.i tried a few forums but they seem to be unavailable.my computer has had tons of spyware and viruses(since the kids snuck on).
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:36:44 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP9731\Program\Updates from HP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis_v2.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O1 – Hosts: 202.67.220.239 win.mail.ru
O2 – BHO: (no name) – {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} – (no file)
O2 – BHO: (no name) – {00000012-890e-4aac-afd9-eff6954a34dd} – (no file)
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: (no name) – {029e02f0-a0e5-4b19-b958-7bf2db29fb13} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {06dfedaa-6196-11d5-bfc8-00508b4a487d} – (no file)
O2 – BHO: (no name) – {12F02779-6D88-4958-8AD3-83C12D86ADC7} – (no file)
O2 – BHO: (no name) – {1adbcce8-cf84-441e-9b38-afc7a19c06a4} – (no file)
O2 – BHO: (no name) – {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} – (no file)
O2 – BHO: RealPlayer Download and Record Plugin for Internet Explorer – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 – BHO: (no name) – {4c8c03f4-1dd2-11b2-a384-b58436937e0f} – C:\WINDOWS\pcvgfidw.dll
O2 – BHO: (no name) – {51641ef3-8a7a-4d84-8659-b0911e947cc8} – (no file)
O2 – BHO: (no name) – {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} – (no file)
O2 – BHO: (no name) – {54645654-2225-4455-44A1-9F4543D34546} – (no file)
O2 – BHO: (no name) – {669695bc-a811-4a9d-8cdf-ba8c795f261e} – (no file)
O2 – BHO: (no name) – {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} – (no file)
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 – BHO: (no name) – {79D0393B-5F37-45A1-962A-32E4D4FEC707} – C:\WINDOWS\system32\borlndm.dll
O2 – BHO: (no name) – {8746E46A-7415-4223-A709-BEDA260B7DED} – C:\WINDOWS\system32\vtstq.dll
O2 – BHO: (no name) – {944864a5-3916-46e2-96a9-a2e84f3f1208} – (no file)
O2 – BHO: (no name) – {a4a435cf-3583-11d4-91bd-0048546a1450} – (no file)
O2 – BHO: (no name) – {ACF92699-B3B6-4126-AE02-FAAA922FF90E} – C:\Program Files\Windows Media Player\safepC:\DOCUME~1\HP_Owner\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
O2 – BHO: (no name) – {B07BE832-8D3F-4B9C-8EEA-3E8AD646BCC7} – (no file)
O2 – BHO: (no name) – {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} – (no file)
O2 – BHO: (no name) – {bb936323-19fa-4521-ba29-eca6a121bc78} – (no file)
O2 – BHO: (no name) – {c2680e10-1655-4a0e-87f8-4259325a84b7} – (no file)
O2 – BHO: (no name) – {c4ca6559-2cf1-48b6-96b2-8340a06fd129} – (no file)
O2 – BHO: (no name) – {c5af2622-8c75-4dfb-9693-23ab7686a456} – (no file)
O2 – BHO: (no name) – {C7EB2A3D-AD12-4A63-A65E-692C6C518C00} – C:\WINDOWS\repair\gvauala.dll (file missing)
O2 – BHO: (no name) – {ca1d1b05-9c66-11d5-a009-000103c1e50b} – (no file)
O2 – BHO: (no name) – {d8efadf1-9009-11d6-8c73-608c5dc19089} – (no file)
O2 – BHO: (no name) – {E08DE81E-7E47-4777-84C5-C45DA13BCF91} – C:\WINDOWS\system32\qommlij.dll
O2 – BHO: (no name) – {e9147a0a-a866-4214-b47c-da821891240f} – (no file)
O2 – BHO: (no name) – {e9306072-417e-43e3-81d5-369490beef7c} – (no file)
O3 – Toolbar: HP view – {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} – c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 – HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 – HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 – HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 – HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 – HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 – HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 – HKLM\..\Run: [VTTimer] VTTimer.exe
O4 – HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 – HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 – HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 – HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\printray.exe
O4 – HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 – HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 – HKLM\..\Run: [ubermdkj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ubermdkj.dll"
O4 – HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – Startup: .protected
O4 – Global Startup: .protected
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 – Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP9731\Program\Updates from HP.exe
O8 – Extra context menu item: &Search – http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
O8 – Extra context menu item: &Yahoo! Search – file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Yahoo! &Dictionary – file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra button: Messenger – {4528BBE0-4E08-11D5-AD55-00010333D0AD} – C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 – Extra ‘Tools’ menuitem: Yahoo! Messenger – {4528BBE0-4E08-11D5-AD55-00010333D0AD} – C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 – Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 – Trusted IP range: http://202.67.220.225
O15 – Trusted IP range: http://59.148.220.121
O15 – Trusted IP range: http://62.4.84.53
O15 – Trusted IP range: http://82.98.235.58
O15 – Trusted IP range: http://85.12.25.90
O16 – DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} – http://profile.homescanonline.com/hso/binary/NetMeter_preinstaller_activex_en_4.70.28.0_HOMESCAN.cab
O16 – DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} –
O16 – DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) – http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 – DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) – http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 – DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) – http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 – DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) – http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 – DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games – Installer) – http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 – DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) – http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 – DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) – http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 – DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) – http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 – DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) – http://zone.msn.com/bingame/popcaploader_v10.cab
O16 – DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) – http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
O20 – Winlogon Notify: qommlij – C:\WINDOWS\SYSTEM32\qommlij.dll
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – ALWIL Software – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\Intel 32\IDriverT.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
—
End of file – 13132 bytes
Tagged with: ashmaisv • ashwebsv • c program • common files • ctfmon exe • documents and settings • files windows • hijackthis log • hp digital • iexplore exe • igfxtray exe • internet explorer • kbd exe • mdm • program updates • running processes • software microsoft • spoolsv exe • trend micro • windows defender
Filed under: Computer Diagnostic Software
Google AD-Aware and get the free download then update it and do a deep scan it will help you. Good luck
I would suggest that you leave manual deleting as a last resort. Before doing so, instead follow my malware removal guide here: http://prometechus.blogspot.com/2007/09/viruses-spyware.html
You may also want to try HijackReader to make more sense of your log. Best of luck
HijackThis is a powerful tool and self-help guides, automated analysers and unqualified ‘help’ is a pretty sure way to screw your computer even worse.
It looks like you’ve got a few problems on there and the best advice I can offer is to get assistance from a trained analyst at a specialist malware-removal forum, e.g.
http://www.malwareremoval.com/forum/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html
http://www.spywarewarrior.com/index.php
These guys (and girls) are all volunteers and are all pretty busy, so expect to wait a day or two for a reply.
Before you submit your HJT log to a specialist forum it would be a good idea to download a good anti-spyware program, such as AVG Anti-Spyware or SuperAntiSpyware, and remove whatever crap is found.
They’ll also advise you to update Java and Adobe Reader, or to uninstall Adobe and use Foxit Reader. It’s about 1/10th the size and faster to open.
It looks like you’ve also got RealPlayer and QuickTime, you need to make sure they are up-to-date too. All these four programs, and Flash player, have had vulnerabilities maliciously exploited recently, which is why there are updated versions.
You need to keep *all* your software up-to-date with the latest security patches. The easiest way is to use Secunia PSI. This is a great little freebie which scans your software and informs you when security patches are available. It also provides info and links to the official download sites.
Secunia PSI:
https://psi.secunia.com/
AVG free anti-spyware:
http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0
SuperAntiSpyware free:
http://www.superantispyware.com/
Foxit Reader:
http://www.foxitsoftware.com/pdf/rd_intro.php
I didn’t notice Flash player on your pc but if you have got it, here’s a link to the special Adobe uninstaller:
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14157