Any suggestions for the removal of TV Media?

Moxx

Sure ..follow these steps then post your log in this thread. :)

http://forum.gladiator-antivirus.com/index...showtopic=10517

I already see a lot of spyware in there that Spybot didn't get rid of. I was out of town for 4 days and when I come back.....popup hell. No-one else in this house is worried about keeping the computer spyware free except for me :(

Heres my HiJackThis log:


Logfile of HijackThis v1.98.2
Scan saved at 6:29:07 PM, on 8/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ColdFusionMX\runtime\bin\jrunsvc.exe
C:\ColdFusionMX\db\slserver52\bin\swagent.exe
C:\ColdFusionMX\runtime\bin\jrun.exe
C:\ColdFusionMX\db\slserver52\bin\swstrtr.exe
C:\ColdFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\oracle\oradev\bin\agntsrvc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\Explorer.EXE
C:\oracle\oradev\bin\dbsnmp.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\atiptaxx.exe
C:\WINDOWS\bmdh.exe
C:\WINDOWS\System32\vegxvru.exe
C:\WINDOWS\System32\javaw.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\websearch\websearch.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Moxx\Desktop\Utilz\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://csdev.colstate.edu:8500/bithell_blaxton/main.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [CoolSwitch] "C:\WINDOWS\System32\taskswitch.exe"
O4 - HKLM\..\Run: [FastUser] "C:\WINDOWS\System32\fast.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe
O4 - HKLM\..\Run: [dfajccjo] C:\WINDOWS\bmdh.exe
O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [aqqdfydya] C:\WINDOWS\System32\vegxvru.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [websearch] javaw -cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\washer\washidx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: WebWorks Help 3.0 - http://127.0.0.1/cfdocs/htmldocs/wwhelp3.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - file://D:\browser\software\mcafee\usa\shared\comctl32.cab
O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - file://D:\browser\software\mcafee\usa\shared\mcinstall.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - file://C:\WINDOWS\Web\TSWeb\msrdp.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/del/d_a_loader.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} - http://moxxboxx:8888/forms90/jinitiator/jinit.exe
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak03.pictures.aol.com/ygp/aol/plug...oad.9.0.0.2.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/downplug.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/- Read our board rules -.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

OK, here is my newest log. Any help is greatly appreciated...especially with TV Media...it's been on my computer for months now. Thank you!!
-------------------------------

Logfile of HijackThis v1.98.2
Scan saved at 7:29:24 PM, on 10/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ColdFusionMX\runtime\bin\jrunsvc.exe
C:\ColdFusionMX\db\slserver52\bin\swagent.exe
C:\ColdFusionMX\runtime\bin\jrun.exe
C:\ColdFusionMX\db\slserver52\bin\swstrtr.exe
C:\ColdFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\oracle\oradev\bin\agntsrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\Fast.exe
C:\oracle\oradev\bin\dbsnmp.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\atiptaxx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Moxx\Desktop\Utilz\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://csdev.colstate.edu:8500/bithell_blaxton/main.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNrd.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [CoolSwitch] "C:\WINDOWS\System32\taskswitch.exe"
O4 - HKLM\..\Run: [FastUser] "C:\WINDOWS\System32\fast.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\washer\washidx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: WebWorks Help 3.0 - http://127.0.0.1/cfdocs/htmldocs/wwhelp3.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - file://D:\browser\software\mcafee\usa\shared\comctl32.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/c...t/LocalExec.CAB
O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - file://D:\browser\software\mcafee\usa\shared\mcinstall.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - file://C:\WINDOWS\Web\TSWeb\msrdp.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/del/d_a_loader.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} - http://moxxboxx:8888/forms90/jinitiator/jinit.exe
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak03.pictures.aol.com/ygp/aol/plug...oad.9.0.0.2.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/- Read our board rules -.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'c:\program files\hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

Check the following items in HijackThis.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://csdev.colstate.edu:8500/bithell_blaxton/main.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNrd.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/del/d_a_loader.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} - http://moxxboxx:8888/forms90/jinitiator/jinit.exe
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB


Close all windows except HijackThis and click Fix checked.

Reboot in Safe Mode*, delete the following: (you may need to show hidden files**)
C:\Program Files\VVSN\ <-- delete entire folder
C:\WINDOWS\conscorr.exe

*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode.


HiJackThis version 198.2 is now available.
If you do not already have it installed, download it from here:
http://www.computercops.biz/downloads-file-328.html
http://tomcoyote.org/hjt/

Then run HiJackThis again and post a new log in this thread.

Ok, thanks for the help so far. This is the new log I get.
The following lines are ok:

O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} - http://moxxboxx:8888/forms90/jinitiator/jinit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://csdev.colstate.edu:8500/bithell_blaxton/main.htm

Other than that, let me know what else needs to go. Thanks again.


Logfile of HijackThis v1.98.2
Scan saved at 5:37:00 PM, on 10/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ColdFusionMX\runtime\bin\jrunsvc.exe
C:\ColdFusionMX\db\slserver52\bin\swagent.exe
C:\ColdFusionMX\runtime\bin\jrun.exe
C:\ColdFusionMX\db\slserver52\bin\swstrtr.exe
C:\ColdFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\oracle\oradev\bin\agntsrvc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\Fast.exe
C:\oracle\oradev\bin\dbsnmp.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\atiptaxx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Moxx\Desktop\Utilz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://csdev.colstate.edu:8500/bithell_blaxton/main.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [CoolSwitch] "C:\WINDOWS\System32\taskswitch.exe"
O4 - HKLM\..\Run: [FastUser] "C:\WINDOWS\System32\fast.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\washer\washidx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O16 - DPF: WebWorks Help 3.0 - http://127.0.0.1/cfdocs/htmldocs/wwhelp3.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - file://D:\browser\software\mcafee\usa\shared\comctl32.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/c...t/LocalExec.CAB
O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - file://D:\browser\software\mcafee\usa\shared\mcinstall.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - file://C:\WINDOWS\Web\TSWeb\msrdp.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} - http://moxxboxx:8888/forms90/jinitiator/jinit.exe
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak03.pictures.aol.com/ygp/aol/plug...oad.9.0.0.2.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

Did you ever download the free adaware ? and what Antivirus do you have installed now ? or is it just online scans after the fact and pot luck. Wave.gif

After it is all cleaned up this time..Lophat will give you some info on other free programs that will help prevent spyware and many trojans and virsus and you should make a move to get SP2 on that PC and for sure some of the critical updates from MS.

First:
Download LSPfix here: »www.cexx.org/lspfix.htm

Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of osmim.dll (and nothing else) , and move them to the "Remove" pane.
Then click Finish

Reboot


Second:
Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'c:\program files\hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Check the following items in HijackThis.
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe


Close all windows except HijackThis and click Fix checked.

While still in Safe Mode*, delete the following: (you may need to show hidden files**)
C:\WINDOWS\wupdt.exe


*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode.

HiJackThis version 198.2 is now available.
If you do not already have it installed, download it from here:
http://www.computercops.biz/downloads-file-328.html
http://tomcoyote.org/hjt/

Run HiJackThis again and post a new log in this thread.

Yes I have Adaware....I also have Norton Antivirus Corporate Edition.