hjt log advice needed

03-24-2005

Logfile of HijackThis v1.99.1
Scan saved at 3:40:47 PM, on 3/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1
for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\hp\KBD\kbd.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe"
/server
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program
Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program
Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet
Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall-beta.trendmicro.com...ll/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...?1111117462171
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data
Transfer Control) - http://racing.youbet.com/wr_4_0/controls/ybrequest.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
Scanner) -
http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) -
http://racing.youbet.com/controls/YBUICtrl.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer
Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanx

--
He released government from the restraint of law.
____Lord Acton on Niccolo Machiavelli (1469-1527), George W. Bush, and the
Straussian neocons

Ellis_Jay

03-24-2005

"ellis_jay" <> wrote in message
news:LfudncZySMgqq97fRVn-...
> Logfile of HijackThis v1.99.1
> Scan saved at 3:40:47 PM, on 3/24/2005
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
> C:\Program Files\Alwil Software\Avast4\ashServ.exe
> C:\windows\system\hpsysdrv.exe
> C:\hp\KBD\kbd.exe
> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
> C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
> C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
> C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
> C:\WINDOWS\System32\svchost.exe
> c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1
> for hijackthis[1].zip\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://us7.hpwis.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> http://srch-us7.hpwis.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://srch-us7.hpwis.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://srch-us7.hpwis.com/
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.comcast.net/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://us7.hpwis.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> http://srch-us7.hpwis.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://srch-us7.hpwis.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://srch-us7.hpwis.com/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.comcast.net/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
> Microsoft
> Internet Explorer provided by Comcast
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
> Settings,ProxyOverride = localhost
> R3 - Default URLSearchHook is missing
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
> C:\HP\EXPLOREBAR\HPTOOLKT.DLL
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
> O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
> O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
> O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
> O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
> O4 - HKLM\..\Run: [KBD] C:\hp\KBD\kbd.exe
> O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
> O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe"
> O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
> Studios\WinPatrol\winpatrol.exe
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe"
> /server
> O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program
> Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
> O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
> Files\Java\jre1.5.0_01\bin\jusched.exe
> O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - Global Startup: SpySubtract.lnk = C:\Program
> Files\InterMute\SpySubtract\SpySub.exe
> O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
> http://www.comcast.net/ (file missing)
> O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
> http://www.comcastsupport.com/ (file missing)
> O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
> http://online.comcast.net/help/ (file missing)
> O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
> C:\Program
> Files\AIM95\aim.exe
> O9 - Extra button: Yahoo! Messenger -
> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\MSMSGS.EXE
> O9 - Extra 'Tools' menuitem: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\MSMSGS.EXE
> O12 - Plugin for .bcf: C:\Program Files\Internet
> Explorer\Plugins\NPBelv32.dll
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O16 - DPF: ppctlcab -
> http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
> O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
> http://housecall-beta.trendmicro.com...ll/xscan60.cab
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> scanner) -
> http://security.symantec.com/sscv6/S...in/AvSniff.cab
> O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
> (PPSDKActiveXScanner.MainScreen) -
> http://ppupdates.ca.com/downloads/scanner/axscanner.cab
> O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
> http://www.xblock.com/download/xclean_micro.exe
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
> http://v5.windowsupdate.microsoft.co...?1111117462171
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> Class) -
> http://security.symantec.com/sscv6/S.../bin/cabsa.cab
> O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data
> Transfer Control) - http://racing.youbet.com/wr_4_0/controls/ybrequest.cab
> O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
> http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
> O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
> Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
> O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
> Scanner) -
> http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
> O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
> http://us.dl1.yimg.com/download.yaho...tocomplete.cab
> O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) -
> http://racing.youbet.com/controls/YBUICtrl.cab
> O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer
> Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
> O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
> O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
> Software\Avast4\ashServ.exe
> O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program
> Files\Alwil
> Software\Avast4\ashMaiSv.exe" /service (file missing)
> O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
> Software\Avast4\ashWebSv.exe" /service (file missing)
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
> C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
>
> thanx
>
> --
> He released government from the restraint of law.
> ____Lord Acton on Niccolo Machiavelli (1469-1527), George W. Bush, and the
> Straussian neocons
>
> Ellis_Jay
>
>
Try pasting to http://www.hijackthis.de/

03-24-2005

http://hijackthis.de/en

"ellis_jay" <> wrote in message
news:LfudncZySMgqq97fRVn-...
> Logfile of HijackThis v1.99.1
> Scan saved at 3:40:47 PM, on 3/24/2005
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
<snip>

03-24-2005

We can see from line one Running processes_C:\WINDOWS\System32\smss.exe
that you are a distgusting pervert.
I must point your attention to smss.exe, which as everyone knows is a "sado
masocistis sex servent", with EXTRA.
I suggest politions should stick to their own sick perverted rooms, and
leave the commoners alone.
I do not wish to go into detail of what winlogon.exe means, but is it
windows icons nonces logon.extreme.
I dont wont to know how my car works but I do.
I dont want to know about why the Americans are fighting over Oil, but I do.
I want to know why cars are not running on hydrogen & oxygen, but I do.
And most of all, I dont wont to know about your **** problems that make your
computer not work!.

Sad. what a waste of Intelligence?.

"ellis_jay" <> wrote in message
news:LfudncZySMgqq97fRVn-...
> Logfile of HijackThis v1.99.1
> Scan saved at 3:40:47 PM, on 3/24/2005
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
> C:\Program Files\Alwil Software\Avast4\ashServ.exe
> C:\windows\system\hpsysdrv.exe
> C:\hp\KBD\kbd.exe
> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
> C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
> C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
> C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
> C:\WINDOWS\System32\svchost.exe
> c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1
> for hijackthis[1].zip\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://us7.hpwis.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> http://srch-us7.hpwis.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://srch-us7.hpwis.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://srch-us7.hpwis.com/
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.comcast.net/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://us7.hpwis.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> http://srch-us7.hpwis.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://srch-us7.hpwis.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://srch-us7.hpwis.com/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.comcast.net/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
> Microsoft
> Internet Explorer provided by Comcast
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
> Settings,ProxyOverride = localhost
> R3 - Default URLSearchHook is missing
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
> C:\HP\EXPLOREBAR\HPTOOLKT.DLL
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
> O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
> O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
> O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
> O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
> O4 - HKLM\..\Run: [KBD] C:\hp\KBD\kbd.exe
> O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
> O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe"
> O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
> Studios\WinPatrol\winpatrol.exe
> O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
> Files\Sonic\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe"
> /server
> O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program
> Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
> O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
> Files\Java\jre1.5.0_01\bin\jusched.exe
> O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - Global Startup: SpySubtract.lnk = C:\Program
> Files\InterMute\SpySubtract\SpySub.exe
> O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
> http://www.comcast.net/ (file missing)
> O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
> http://www.comcastsupport.com/ (file missing)
> O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
> http://online.comcast.net/help/ (file missing)
> O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
> C:\Program
> Files\AIM95\aim.exe
> O9 - Extra button: Yahoo! Messenger -
> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\MSMSGS.EXE
> O9 - Extra 'Tools' menuitem: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\MSMSGS.EXE
> O12 - Plugin for .bcf: C:\Program Files\Internet
> Explorer\Plugins\NPBelv32.dll
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O16 - DPF: ppctlcab -
> http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
> O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
> http://housecall-beta.trendmicro.com...ll/xscan60.cab
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> scanner) -
> http://security.symantec.com/sscv6/S...in/AvSniff.cab
> O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
> (PPSDKActiveXScanner.MainScreen) -
> http://ppupdates.ca.com/downloads/scanner/axscanner.cab
> O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
> http://www.xblock.com/download/xclean_micro.exe
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
> http://v5.windowsupdate.microsoft.co...?1111117462171
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> Class) -
> http://security.symantec.com/sscv6/S.../bin/cabsa.cab
> O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data
> Transfer Control) - http://racing.youbet.com/wr_4_0/controls/ybrequest.cab
> O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
> http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
> O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
> Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
> O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
> Scanner) -
> http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
> O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
> http://us.dl1.yimg.com/download.yaho...tocomplete.cab
> O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) -
> http://racing.youbet.com/controls/YBUICtrl.cab
> O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer
> Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
> O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
> O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
> Software\Avast4\ashServ.exe
> O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program
> Files\Alwil
> Software\Avast4\ashMaiSv.exe" /service (file missing)
> O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
> Software\Avast4\ashWebSv.exe" /service (file missing)
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
> C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
>
> thanx
>
> --
> He released government from the restraint of law.
> ____Lord Acton on Niccolo Machiavelli (1469-1527), George W. Bush, and the
> Straussian neocons
>
> Ellis_Jay
>
>

03-25-2005

I don't see anything wrong with it except that you have a lot of HP crap
loading and running. What problems are you having?

--

The best live web video on the internet http://www.seedsv.com/webdemo.htm
Sharpvision simply the best http://www.seedsv.com

"ellis_jay" <> wrote in message
news:LfudncZySMgqq97fRVn-...
> Logfile of HijackThis v1.99.1
> Scan saved at 3:40:47 PM, on 3/24/2005
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Anouther HJT Log	Cooter	Computer Support	4	11-19-2005 10:03 PM
HJT Log	ssyed01@sympatico.ca	Computer Support	8	07-02-2005 01:45 PM
wareout.exe (need help with HJT log)	Dimitri	Computer Support	9	03-02-2005 09:44 PM
HJT Log File	Stickywax	Computer Support	2	12-31-2004 12:29 AM
HJT Log - was Uninstall Google Toobar	Michael Payne	Computer Support	1	10-03-2004 04:33 AM