Forum Home
Press F1
 
Thread ID: 64784 2005-12-28 02:03:00 Howiper trojan - how to remove it? ppsforks (9488) Press F1
Post ID Timestamp Content User
416144 2005-12-28 02:03:00 Acquired "howiper" on my laptop. (WinXP) Any suggestions for removal?
Thanks! 		ppsforks (9488)
416145 2005-12-28 02:06:00 Hi

C:\WINDOWS\SYSTEM\HOWIPER.EXE <-----Delete if there.

Then download HijackThis (www.cyberanswers.org). It will create a directory folder for you in C\Program files. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help determine what,if any, spyware/malware is on your computer. 		Pancake (6359)
416146 2005-12-28 06:51:00 try these too
stinger
A2 ( A squared)
Both are free trojan cleaners 		beama (111)
416147 2005-12-28 11:31:00 Hello there. Check out this thread for virus, trojan etc. removal: Link (pressf1.pcworld.co.nz)

Cheers :) 		Renmoo (66)
416148 2006-01-23 18:18:00 Hi

C:\WINDOWS\SYSTEM\HOWIPER.EXE <-----Delete if there.

Then download HijackThis (www.cyberanswers.org). It will create a directory folder for you in C\Program files. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help determine what,if any, spyware/malware is on your computer.


I was not able to delete the file (access denied)

Here is my log file

Can you help?


Logfile of HijackThis v1.99.1
Scan saved at 1:13:53 PM, on 1/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 1.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetDrive\netdrive.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {9103D14F-B225-F8C5-0F75-45F31ADAFA45} - MONITER.dll (file missing)
R3 - URLSearchHook: (no name) - {CE90AE15-3A9D-4ACF-6BE9-614C5D8B64C1} - Kargo.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\Palm\FireConverterBrowserHelperObject.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\system32\dxdllreg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 1.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] G:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [StatusCheck] Testimonials.exe
O4 - HKLM\..\Run: [stuffmon] NopeZ.exe
O4 - HKLM\..\Run: [uio] TemplateDongle.exe
O4 - HKLM\..\Run: [utsgmon] 34763.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dmxdi.exe] C:\WINDOWS\system32\dmxdi.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ABCXYZ] Testimonials.exe
O4 - HKCU\..\Run: [br0ken] SpyElim.exe
O4 - HKCU\..\Run: [abrek] MSTCPDLL.exe
O4 - HKCU\..\Run: [bingo9] ___.exe
O4 - HKCU\..\Run: [PasswdMon] jopplerg.exe
O4 - HKCU\..\Run: [teqq32] prgsys0984.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - www.pestscan.com
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - www.pestscan.com
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - download.games.yahoo.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - download.games.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{01A36711-7BEC-4D25-BE53-DB65B2C1A027}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{05B00BB3-B963-4F73-A67A-398683A64A3C}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DF1D0B5-B394-4F9D-8F65-D360548493C9}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{13189133-0FAC-465B-889C-4487C9C8A7CE}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{15C1F5AD-2EBF-4984-BBED-08B748FD05CD}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{18FEA6ED-3006-4EB0-94F5-297375CB72D8}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{510BF0B9-14C5-4D85-AD3C-1E4823E87EF2}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F5B7DDD-8DAC-4727-8B7E-02E536A1EF71}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{732F1B72-E084-4B44-B610-AA946EC563CF}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{93234B3E-74EA-4E1E-996C-F8A927D17537}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB2901D-671B-4675-83A7-970199D9EA73}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{A806131B-81EB-4F3E-8BE5-0A9C57BA9AB3}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D1F5C6-C7D7-4455-BA86-24345E56809C}: NameServer = 85.255.116.113,85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\..\{01A36711-7BEC-4D25-BE53-DB65B2C1A027}: NameServer = 85.255.116.113,85.255.112.173
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe 		TraderDave (9489)
416149 2006-01-23 18:39:00 You can decipher your HJT log here: www.hijackthis.de or you can wait for the super duper Speedy Gonzalez to advise you what to do next. :D

Cheers :) 		Renmoo (66)
416150 2006-01-23 18:55:00 Turn off System Restore and start in Safe Mode and run HJT again, and click the following entries and fix them in that mode first:

C:\Program Files\Verizon Online\VisualIPInsight\IPClient . exe

Nasty running process . (IPClient . exe)
Installed with Verizon DSL accounts . IP Insight is a Quality of Service monitor and diagnostic tool that isnt required . This one constantly "phones home" and wastes resource -
This is a nasty process! You should fix it and try to delete it manually!


O4 - HKLM\ . . \Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient . exe"

Nasty Installed with Verizon DSL accounts . IP Insight is a Quality of Service monitor and diagnostic tool that isnt required This one constantly "phones home" and wastes resource


O17 - HKLM\System\CCS\Services\Tcpip\ . . \{01A36711-7BEC-4D25-BE53-DB65B2C1A027}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{05B00BB3-B963-4F73-A67A-398683A64A3C}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{0DF1D0B5-B394-4F9D-8F65-D360548493C9}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{13189133-0FAC-465B-889C-4487C9C8A7CE}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{15C1F5AD-2EBF-4984-BBED-08B748FD05CD}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{18FEA6ED-3006-4EB0-94F5-297375CB72D8}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{510BF0B9-14C5-4D85-AD3C-1E4823E87EF2}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{6F5B7DDD-8DAC-4727-8B7E-02E536A1EF71}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{732F1B72-E084-4B44-B610-AA946EC563CF}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{93234B3E-74EA-4E1E-996C-F8A927D17537}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{9FB2901D-671B-4675-83A7-970199D9EA73}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{A806131B-81EB-4F3E-8BE5-0A9C57BA9AB3}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CCS\Services\Tcpip\ . . \{C0D1F5C6-C7D7-4455-BA86-24345E56809C}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

O17 - HKLM\System\CS1\Services\Tcpip\ . . \{01A36711-7BEC-4D25-BE53-DB65B2C1A027}: NameServer = 85 . 255 . 116 . 113,85 . 255 . 112 . 173 Possibly nasty
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed . 'SearchList' entries should be fixed too .
Do you know the IP or Domain '85 . 255 . 116 . 113,85 . 255 . 112 . 173'? If not, fix this entry .

Clean these first and send another log and we will see then what's left . . you have a lot of other "questionable" entries that need looking into . 		SurferJoe46 (51)
416151 2006-01-23 19:26:00 I did as you said . .

Two things
1 . I was able to delete the file howiper . exe by going into safemode(dos prompt) . . this seems to ahve solved the problem .

2 . This log was taken while in Safe Mode

Thanks for your help



Logfile of HijackThis v1 . 99 . 1
Scan saved at 2:19:47 PM, on 1/23/2006
Platform: Windows XP SP2 (WinNT 5 . 01 . 2600)
MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180)

Running processes:
C:\WINDOWS\System32\smss . exe
C:\WINDOWS\system32\winlogon . exe
C:\WINDOWS\system32\services . exe
C:\WINDOWS\system32\lsass . exe
C:\WINDOWS\system32\svchost . exe
C:\WINDOWS\system32\svchost . exe
C:\WINDOWS\Explorer . EXE
C:\Program Files\HijackThis 1 . 99 . 1\HijackThis . exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127 . 0 . 0 . 1
R3 - URLSearchHook: (no name) - {9103D14F-B225-F8C5-0F75-45F31ADAFA45} - MONITER . dll (file missing)
R3 - URLSearchHook: (no name) - {CE90AE15-3A9D-4ACF-6BE9-614C5D8B64C1} - Kargo . dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7 . 0\ActiveX\AcroIEHelper . dll
O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\Palm\FireConverterBrowserHelperObject . dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt . dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt . dll
O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup
O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install
O4 - HKLM\ . . \Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck . exe
O4 - HKLM\ . . \Run: [Dit] Dit . exe
O4 - HKLM\ . . \Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind . exe
O4 - HKLM\ . . \Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE . EXE /AUTORUN
O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE
O4 - HKLM\ . . \Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB . ex e
O4 - HKLM\ . . \Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32 . exe"
O4 - HKLM\ . . \Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner . exe" /0
O4 - HKLM\ . . \Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon . exe /Consumer
O4 - HKLM\ . . \Run: [DXDllRegExe] C:\WINDOWS\system32\dxdllreg . exe
O4 - HKLM\ . . \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp . exe"
O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot
O4 - HKLM\ . . \Run: [Logitech Utility] Logi_MwX . Exe
O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\WINDOWS\system32\NvMcTray . dll,NvTaskbarInit
O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime
O4 - HKLM\ . . \Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 1 . exe
O4 - HKLM\ . . \Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06 . exe
O4 - HKLM\ . . \Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr . exe"
O4 - HKLM\ . . \Run: [zzzHPSETUP] G:\Setup . exe \RESET
O4 - HKLM\ . . \Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe"
O4 - HKLM\ . . \Run: [BluetoothAuthenticationAgent] rundll32 . exe bthprops . cpl,,BluetoothAuthenticationAgent
O4 - HKLM\ . . \Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog . exe
O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe"
O4 - HKLM\ . . \Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive . exe /trayicon
O4 - HKLM\ . . \Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1 . 5 . 0_05\bin\jusched . exe
O4 - HKLM\ . . \Run: [StatusCheck] Testimonials . exe
O4 - HKLM\ . . \Run: [stuffmon] NopeZ . exe
O4 - HKLM\ . . \Run: [uio] TemplateDongle . exe
O4 - HKLM\ . . \Run: [utsgmon] 34763 . exe
O4 - HKLM\ . . \Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ . exe"
O4 - HKLM\ . . \Run: [dmpjc . exe] C:\WINDOWS\system32\dmpjc . exe
O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe
O4 - HKCU\ . . \Run: [ABCXYZ] Testimonials . exe
O4 - HKCU\ . . \Run: [br0ken] SpyElim . exe
O4 - HKCU\ . . \Run: [abrek] MSTCPDLL . exe
O4 - HKCU\ . . \Run: [bingo9] ___ . exe
O4 - HKCU\ . . \Run: [PasswdMon] jopplerg . exe
O4 - HKCU\ . . \Run: [teqq32] prgsys0984 . exe
O4 - Startup: HotSync Manager . lnk = C:\Program Files\Palm\HOTSYNC . EXE
O4 - Global Startup: Adobe Reader Speed Launch . lnk = C:\Program Files\Adobe\Acrobat 7 . 0\Reader\reader_sl . exe
O4 - Global Startup: BTTray . lnk = ?
O4 - Global Startup: Dataviz Messenger . lnk = C:\WINDOWS\DvzCommon\DvzMsgr . exe
O4 - Global Startup: Exif Launcher . lnk = C:\Program Files\FinePixViewer\QuickDCF . exe
O4 - Global Startup: HP Digital Imaging Monitor . lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08 . exe
O4 - Global Startup: HP Image Zone Fast Start . lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08 . exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL . EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx . htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 5 . 0_05\bin\npjpi150_05 . dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 5 . 0_05\bin\npjpi150_05 . dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu . exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR . DLL
O9 - Extra button: @btrez . dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie . htm
O9 - Extra 'Tools' menuitem: @btrez . dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie . htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe
O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll
O14 - IERESET . INF: START_PAGE_URL=http://www . medion . com
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner . MainScreen) - . pestscan . com/scanner/axscanner . cab" target="_blank">www . pestscan . com
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - . pestscan . com/scanner/ppctlcab . cab" target="_blank">www . pestscan . com
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - . games . yahoo . com/games/web_games/tikgames/pandacraze/gpcontrol . cab" target="_blank">download . games . yahoo . com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - . games . yahoo . com/games/web_games/popcap/bejeweled2/popcaploader_v6 . cab" target="_blank">download . games . yahoo . com
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc . - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins . exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc . exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc . - C:\Program Files\Nortel Networks\Extranet_serv . exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices . exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc . - C:\Program Files\iPod\bin\iPodService . exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s . exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc . exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor . exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32 . exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12 . exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan . exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ . exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc . exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC . exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService . exe 		TraderDave (9489)
416152 2006-01-23 19:55:00 Thanks to JamesKan

I removed what the "analyzer" said was junk

here is the latest log file

Logfile of HijackThis v1.99.1
Scan saved at 2:48:40 PM, on 1/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\Palm\FireConverterBrowserHelperObject.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\system32\dxdllreg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 1.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - www.pestscan.com
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - www.pestscan.com
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - download.games.yahoo.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - download.games.yahoo.com
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe 		TraderDave (9489)
416153 2006-01-23 20:02:00 Turn system restore off , and boot into safe mode again . Run HJT and tick these entries, and tick fix checked .

R3 - URLSearchHook: (no name) - {9103D14F-B225-F8C5-0F75-45F31ADAFA45} - MONITER . dll (file missing)

R3 - URLSearchHook: (no name) - {CE90AE15-3A9D-4ACF-6BE9-614C5D8B64C1} - Kargo . dll (file missing)

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O4 - HKLM\ . . \Run: [StatusCheck] Testimonials . exe - This maybe part of a trojan

O4 - HKLM\ . . \Run: [stuffmon] NopeZ . exe

O4 - HKLM\ . . \Run: [uio] TemplateDongle . exe

O4 - HKLM\ . . \Run: [utsgmon] 34763 . exe

O4 - HKLM\ . . \Run: [dmpjc . exe] C:\WINDOWS\system32\dmpjc . exe

O4 - HKCU\ . . \Run: [ABCXYZ] Testimonials . exe

O4 - HKCU\ . . \Run: [br0ken] SpyElim . exe

O4 - HKCU\ . . \Run: [abrek] MSTCPDLL . exe

O4 - HKCU\ . . \Run: [bingo9] ___ . exe

O4 - HKCU\ . . \Run: [PasswdMon] jopplerg . exe

O4 - HKCU\ . . \Run: [teqq32] prgsys0984 . exe

It looks like these files are related to Wareout, or something .

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

These entries dont have to be in startup

O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install

O4 - HKLM\ . . \Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck . exe

O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime

Tick the files above and tick fix checked in safe mode, then reboot . Then post another hijackthis log .

Follow this link ( . spybot . info/archive/index . php/t-1623 . html" target="_blank">forums . spybot . info) to remove wareout

Downloadthis ( . subratam . org/Fixwareout . exe" target="_blank">downloads . subratam . org) or this ( . geekstogo . com/Fixwareout . exe" target="_blank">swandog46 . geekstogo . com)

Save it to your desktop and run it . Click Next, then Install, then make sure "Run fixit" is checked and click Finish .

The fix will begin; follow the prompts . You will be asked to reboot your computer; please do so . Your system may take longer than usual to load; this is normal .

Taken from the above site . 		Speedy Gonzales (78)
1 2 3