Webmaster World Forum http://www.webmasterworld.com

Page is a not externally linkable
- WebmasterWorld
-- Webmaster General
---- Help with Spyware please!

Didgery - 5:48 am on Apr 29, 2005 (gmt 0)

I'm not much good with computers - Spybot S&D has gotten rid of most of our spyware and adware trouble but there are still popups, including a lot of "Aurora" messages and some "registry cleaner" messages as well as ads for online colleges,health products, etc, etc, etc. I ran HijackThis and came up with the following Logfile - being a beginner, I'm not sure what to do next. Help? Thanks so much!

Logfile of HijackThis v1.99.1
Scan saved at 10:33:04 PM, on 4/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\3197dbf6\3197dbf6.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\3197dbf6\46793539.exe
C:\Program Files\3197dbf6\3197dbf6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jones\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [srch-us4.hpwis.com...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [us4.hpwis.com...]
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitemhg32.exe
O4 - HKLM\..\Run: [3197dbf6] C:\Program Files\3197dbf6\3197dbf6.exe
O4 - HKLM\..\Run: [ws8j35U] nvqpress.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [licecn] C:\WINDOWS\System32\licecn.exe
O4 - HKCU\..\Run: [hBrtRRYmR] msxepad.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} - [content.hiwirenetworks.net...]
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [us.chat1.yimg.com...]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [207.188.7.150...]
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - [toolbar.google.com...]
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [instantsupport.hp.com...]
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} - https://www4.lsac.org/OIFActiveX/ofmctlnew.cab
O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - [download.sidestep.com...]
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - [a840.g.akamai.net...]
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Thread source:: http://www.webmasterworld.com/webmaster/8550.htm
Brought to you by WebmasterWorld: http://www.webmasterworld.com