ok sorry i havent replied in a while (iv been on vacation!> anyway the mad.dll program remains but the good news is that my aim works again which is all i really care about. thanks a lot for all the help u have given me!
dazed+confused5 0 Newbie Poster
okay i tried it with mozilla again and it didnt work and then i tried it with internet explorer and my computer froze. could this have anything with the file. these spyware jerks really tick me off. :evil:
dazed+confused5 0 Newbie Poster
hey sorry i havent posted in a few days. got something strange to report. when i click on the link, mozilla tells me that the operation has timed out and i cant manually find the site. any thoughts?
dazed+confused5 0 Newbie Poster
Logfile of HijackThis v1.99.1
Scan saved at 9:52:22 AM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wscntfy.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\hijackthis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: …
dazed+confused5 0 Newbie Poster
Still no luck on getting rid of the mad.dll file (these guys are good). When I tried to tell the pocket box killer to reboot the computer, an error message came up. When i tried to tell the program to delete the file right there it said the file does not exist. Anyway, heres my new log file.
dazed+confused5 0 Newbie Poster
thanks for the quick responses. the mad.dll problem still persists and i cant figure out how to get rid of it. my aim works again but the programs are still on the computer. heres my new log. and by the way, should i delete the backups hjt makes?
Logfile of HijackThis v1.99.1
Scan saved at 3:03:00 PM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wscntfy.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\hijackthis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 …
dazed+confused5 0 Newbie Poster
once again i followed your directions as best i could and deleted everything i could find. however it wouldnt let me delete the mad.dll in safe mode because it said it was in use. heres my new log file. thanks again!
Logfile of HijackThis v1.99.1
Scan saved at 1:21:25 PM, on 6/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\drwtsn32.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\hijackthis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works …
dazed+confused5 0 Newbie Poster
ok i hope i put the hijack this folder in the right spot finally :o . Heres the new log.
Logfile of HijackThis v1.99.1
Scan saved at 9:04:40 AM, on 6/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\tgihc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\tgihc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\tgihc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\tgihc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\tgihc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\tgihc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\tgihc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: …
dazed+confused5 0 Newbie Poster
i put the hjt in a new folder and created new logs. thanks again
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:27:28 AM, 6/19/2005
+ Report-Checksum: 41BE05F5
+ Date of database: 6/18/2005
+ Version of scan engine: v3.0
+ Duration: 50 min
+ Scanned Files: 120038
+ Speed: 39.56 Files/Second
+ Infected files: 129
+ Removed files: 129
+ Files put in quarantine: 129
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\WINNT\system32\appvs.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINNT\system32\atlnh.dll -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINNT\system32\atlnk.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINNT\system32\atlog32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINNT\system32\atlrn.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINNT\system32\atlun32.dll -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINNT\system32\atlxo.dll -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINNT\system32\atlzf.dll -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINNT\system32\config\systemprofile\Cookies\system@tryaolfree[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINNT\system32\craf.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINNT\system32\crbz32.dll -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINNT\system32\crgy.dll -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINNT\system32\crln.dll -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINNT\system32\cryf32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINNT\system32\crzv.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINNT\system32\d3ag32.dll -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINNT\system32\d3bk32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINNT\system32\d3cq32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINNT\system32\d3fd.dll -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINNT\system32\d3mv.dll -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINNT\system32\d3nx.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINNT\system32\d3op.dll -> TrojanDownloader.Agent.bq -> … dazed+confused5 0 Newbie Poster
p.s i just ran the ps. uninstall. i just figured out that u wanted me to uninstall it and not install it.
dazed+confused5 0 Newbie Poster
hey thanks for the help. i followed your directions as best i could. i downloaded that ewido and ran it but couldnt figure out how to make a logfile. here is my new hijackthis file tho.
Logfile of HijackThis v1.99.1
Scan saved at 3:47:19 PM, on 6/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\sder\dees.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\skscs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\skscs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\skscs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\skscs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\skscs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\skscs.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\skscs.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 …
dazed+confused5 0 Newbie Poster
hi ive just gotten this new hijack called home search assistant. I heard that its the son of the cool web search hijack. anyway its destroying my computer. i cant do aim or most of my other programes. any help would be VERY helpful . here is my hijack this info.
Logfile of HijackThis v1.99.1
Scan saved at 9:02:48 PM, on 6/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\logonui.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\atlza32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\evpet.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\evpet.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\evpet.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\evpet.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\evpet.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\evpet.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant …