ok hijackthis is the only one that works here it is
btw sorry for the long absence, the cable company cut off the net for a bit
_______________________________________
____________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:22 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\WINDOWS\System32\CTsvcCDA.exe
E:\Program Files\NMSU\VPN Client\cvpnd.exe
E:\WINDOWS\TEMP\NTCA8832.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\Program Files\DynDNS Updater\DynDNS.exe
E:\WINDOWS\system32\drivers\spools.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\WINDOWS\TEMP\winlagon.exe
E:\WINDOWS\TEMP\winlagon.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\WINDOWS\system32\PROMon.exe
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\Kuma Games\hcsystray\hc_tray.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\WINDOWS\System32\NMSSvc.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
E:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\explorer.exe
E:\DOCUME~1\jupiter\LOCALS~1\Temp\~e5d141.tmp
E:\DOCUME~1\jupiter\LOCALS~1\Temp\csrssc.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
F3 - REG:win.ini: load=????
F3 - REG:win.ini: run=????
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - E:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: E:\WINDOWS\system32\hdxjd4g.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - E:\WINDOWS\system32\hdxjd4g.dll
O2 - BHO: E:\WINDOWS\system32\djki397g.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - E:\WINDOWS\system32\djki397g.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - E:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ntuser] E:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] E:\Documents and Settings\jupiter\cftmon.exe
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ntuser] E:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] E:\Documents and Settings\jupiter\cftmon.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] E:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] E:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Jnskdfmf9eldfd] E:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Hhjg5jfd93dftdf] E:\WINDOWS\TEMP\winlagon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WintelUpdate] E:\WINDOWS\TEMP\5CE8.tmp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows update loader] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [kavir] E:\WINDOWS\kavir.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: hc_tray.lnk = E:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Registration .LNK = E:\Program Files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open RSS Feed - E:\Program Files\Feed Mix\getlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkID=39204O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/bingame/popcaploader_v10.cabO20 - Winlogon Notify: crypt - E:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: __c0022FF9 - E:\WINDOWS\system32\__c0022FF9.dat
O22 - SharedTaskScheduler: Hkjr94jdfdgj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - E:\WINDOWS\system32\hdxjd4g.dll
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - E:\WINDOWS\system32\djki397g.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - E:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - E:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Program Files\NMSU\VPN Client\cvpnd.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - E:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - E:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Online Services - Unknown owner - E:\WINDOWS\TEMP\NTCA8832.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - E:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CD Guard Drivers Auto Removal (v1) (psrem01) - Protection Technology - E:\WINDOWS\system32\psrem01.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - E:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Unknown owner - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZipToA - Iomega Corporation - E:\WINDOWS\System32\ZipToA.exe
--
End of file - 12609 bytes