Downeast - HijackThis Uninstall List
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe Type Manager 4.0
Adobe® Photoshop® Album Starter Edition 3.0
Agfa Monotype Font Manager
AnswerWorks Runtime
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Instant Messenger
AOL Pictures Tools (version 10.4.0.2)
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
a-squared Anti-Malware 2.1
avast! Antivirus
BHODemon 2.0.0.23
BookingBuilder Components
CCleaner (remove only)
Concord Telephony Translation
Conexant HSF V92 56K Data Fax PCI Modem
Corel Applications
Creative Broadband Blaster DSL Ethernet/USB 8012U
Dell ResourceCD
DellConnect
Eyeball Chat 2.2
ezTIPS.Net
ezTIPS.Net
GO! Res
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Host Print Manager
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iPod for Windows 2006-03-23
iPod for Windows User Guide
iPod System Software Updater 2.0.1
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.0_01
Java 2 Runtime Environment, SE v1.4.1_01
Java Web Start
LiveUpdate 1.90 (Symantec Corporation)
Logitech IM Video Companion
Logitech ImageStudio
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
MSN Gaming Zone
MSN Messenger 6.0
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Netscape (7.0)
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
PhoneTools
Picture Package
QuickTime
RealPlayer
RTLSetup
SafeCast Shared Components
Scientific Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Sony USB Driver
Spy Sweeper
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
TaxACT 2005
TaxACT Maine 2005
TweakNow RegCleaner Standard
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Webshots Desktop
Will Workshop Deluxe 2004
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinUndelete
WinZip
Worldspan API
Yahoo! Messenger
HijackThis Log - 2/15/07
Logfile of HijackThis v1.99.1
Scan saved at 8:28:34 AM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\csrss.exe
C:\WINDOWS2\SYSTEM32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\wspan\swgw\Hpm.exe
C:\wspan\swgw\FilterAgent.exe
C:\WINDOWS2\system32\DllHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS2\System32\drivers\CDAC11BA.EXE
C:\WINDOWS2\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS2\System32\nvsvc32.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS2\system32\wdfmgr.exe
C:\WINDOWS2\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS2\System32\alg.exe
C:\WINDOWS2\SYSTEM32\cidaemon.exe
C:\WINDOWS2\system32\devldr32.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS2\system32\NOTEPAD.EXE
C:\Documents and Settings\Phil.PHIL-CYG42GWR6O\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.msn.co/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://gopublic.wspan.com/Index.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://gopublic.wspan.com/Index.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS2\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: LMBHO Class - {B2C9A858-A8BE-426C-B1C7-7FD258B28CAA} - C:\WINDOWS2\system32\LMIECTR2.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Hpm.lnk = C:\wspan\swgw\Hpm.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS2\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone:
http://*.worldspan.com
O15 - Trusted Zone:
http://*.wspan.com
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) -
https://gopublic.wspan.com/secure/DLLs/ ... mation.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) -
http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6BAB93B7-1917-4214-A7D2-874FA6DB4740} (AOL Newport Editor Ctrl) -
http://o.aolcdn.com/pictures/ap/Resourc ... .4.0.2.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} -
http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) -
https://gopublic.wspan.com/secure/DLLs/WSFileIO3.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) -
https://go5f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} -
http://actimage.dancik.com/ib/download/ ... e40930.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) -
https://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://aolsvc.aol.com/onlinegames/bejew ... der_v7.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O16 - DPF: {F2C74EB6-1E7C-44A1-8EBA-CEDB52D47108} -
https://gopublic.wspan.com/Secure/Dlls/WSClient.cab
O20 - AppInit_DLLs: ???
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS2\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS2\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS2\wanmpsvc.exe
*************************
I ran Kaspersky then had to remove it because it just slowed the computer down to a crawl. I now have Avast Anti-Virus running, and several different spyware finders as well as BHO Demon.
I have been able to temporarily remove the hijack, but it always comes back. It seems that Yahoo Search rewrites the bad program most often, but it still occured with other default search engines.
Thanks for your help, John