Thanks Much Warren for you Help! I've tried the first 3
suggestions to no avail. I have posted the Hijackthis log
as you requested. Please let me know what I can delete.
Again, thanks for your help:
Logfile of HijackThis v1.97.7
Scan saved at 3:22:51 PM, on 1/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys\Odyssey Client for
Linksys\odClientService.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\Program Files\KODAK\KODAK EASYSHARE
Software\bin\ptssvc.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\RoamMgr.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\System32\DSentry.exe
C:\Program Files\Common Files\Adaptec
Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-
Web\hpgs2wnd.exe
C:\WINNT\system32\PELMICED.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Linksys\Odyssey Client for
Linksys\OdTray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\KODAK\Kodak EasyShare
software\bin\EasyShare.exe
C:\Program Files\3M\PSNotes\psnotes.exe
C:\Program Files\Linksys\Wireless-G Notebook
Adapter\WPC54CFG.exe
C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\winlogon.exe
C:\Program Files\Broderbund\Screen Shot Deluxe 4.0
\Sshot4.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WinZip\WINZIP32.EXE
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://www.windowws.cc/sp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://www.windowws.cc/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.windowws.cc/sp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = res://mshp.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
res://mshp.dll/sp.html#10213
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://teen-biz.com/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet
Explorer,SearchAssistant =
http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,CustomizeSearch =
http://www.008i.com/search.html
N3 - Netscape 7: user_pref
("browser.search.defaultengine", "engine://C%3A%5CProgram%
20Files%5CNetscape%5CNetscape%5Csearchplugins%
5CSBWeb_01.src"); (C:\Documents and
Settings\tendres\Application
Data\Mozilla\Profiles\default\v30ew586.slt\prefs.js)
O1 - Hosts: 205.177.124.66 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-
E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-
4759FF704C22} - C:\Documents and
Settings\tendres\Application Data\msis\msiesh.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - C:\Program Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-
11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program
Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program
Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\System32\DSentry.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common
Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-
StopW.EXE
O4 - HKLM\..\Run: [MSConfig]
\\Protecta\Share\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegShave] C:\Progra~1
\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-
Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program
Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program
Files\Linksys\Odyssey Client for Linksys\OdTray.exe"
O4 - HKLM\..\Run: [WinAuth] C:\WINNT\winlogon.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RKKOYULHE] C:\WINNT\UUQJNPTW.exe
O4 - Startup: Screen Shot Deluxe 4.0.lnk = C:\Program
Files\Broderbund\Screen Shot Deluxe 4.0\Sshot4.exe
O4 - Global Startup: Kodak EasyShare software.lnk =
C:\Program Files\KODAK\Kodak EasyShare
software\bin\EasyShare.exe
O4 - Global Startup: Post-it® Software Notes.lnk =
C:\Program Files\3M\PSNotes\psnotes.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter
Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook
Adapter\WPC54CFG.exe
O4 - Global Startup: winlogon.exe
O8 - Extra context menu item: Open using &Advanced JPEG
Compressor - C:\Program Files\Advanced JPEG
Compressor\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793}
(SurferNETWORK Plugin) -
http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN
Money Charting) -
http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl
..CAB?38000.4708912037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS
Investor Ticker) -
http://fdl.msn.com/public/investor/v9.5/ticker.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters:
SearchList = belllabs.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters:
SearchList = belllabs.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
SearchList = belllabs.com
O19 - User stylesheet: C:\WINNT\Web\tips.ini
O19 - User stylesheet: C:\WINNT\hh.htt (HKLM)