HELP! Pop ups killing me and allaboutsearching STILL hijacking

DennisL · Jun 10, 2004

Logfile of HijackThis v1.97.7
Scan saved at 3:52:45 PM, on 6/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cusrvc.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\System32\NMSSvc.exe
C:\LDClient\wuser32.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\NWTRAY.EXE
C:\PROGRA~1\4TRAY~1\software active store.exe
C:\Program Files\Aim95\aim.exe
C:\Program Files\Bitsum Technologies\Anti-Windows Messenger\AntiMsMsg.exe
C:\Novell\GroupWise\Notify.exe
C:\Winnt\Printkey.exe
C:\WINNT\Profiles\dlee\Desktop\BHODemon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Novell\GroupWise\GrpWise.exe
C:\WINNT\Profiles\dlee\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Parkland Hospital
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pmhproxy.pmh.org:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINNT\system32\regsvrac32.dll (disabled by BHODemon)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Ace ante] C:\PROGRA~1\4TRAY~1\software active store.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\Aim95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AntiWindowsMessenger] C:\Program Files\Bitsum Technologies\Anti-Windows Messenger\AntiMsMsg.exe
O4 - HKCU\..\RunOnce: [v55wv.exe] C:\WINNT\System32\v55wv.exe
O4 - Global Startup: Shortcut to Notify.exe.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Shortcut to Printkey.exe.lnk = ?
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\Plus!\MICROS~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\PLUGINS\NPDOCBOX.DLL
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v47/collapse/collapse.cab
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab
O16 - DPF: {8C28EFD7-767B-11D1-8400-000000000000} - https://consulta2355/components/Brio.Insight.en.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.pcsecurityshield.com/control/avxnew.dll
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fvgen1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3B68056-8629-4E1F-A92E-B1D2CFF03B3A} (IEPrinter Class) - http://pmh-interqual/rm/iqm/html/RMUtilsIE.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6CA85E-00C2-4D5F-B979-E4007BF53C51}: Domain = PMH.ORG
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6CA85E-00C2-4D5F-B979-E4007BF53C51}: NameServer = 198.215.78.166,172.18.0.120

nickson2 · Jun 11, 2004

Welcome to Geeks, have you tried running Spybot and Ad-aware?

Log in or Sign up

HELP! Pop ups killing me and allaboutsearching STILL hijacking

DennisL Private E-2

nickson2 Master Sergeant

Log in or Sign up

HELP! Pop ups killing me and allaboutsearching STILL hijacking

DennisL Private E-2

nickson2 Master Sergeant

Useful Searches