First time user

Discussion in 'adware, spyware & hijack cleaning' started by usajack, May 3, 2004.

Thread Status:
Not open for further replies.
  1. usajack

    usajack Registered Member

    Joined:
    May 3, 2004
    Posts:
    3
    I am posting my Hyjack listing and wondered if anyone could look at it. I'm experiencing random times of sluggishness when browsing my folders or network mappings. I suspect that something keeps using my CPU, but don't seem to see anything when looking at task manager.

    Thanks in advance for your help.

    Logfile of HijackThis v1.97.7
    Scan saved at 3:35:36 PM, on 5/3/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\nslsvice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\DMI\WIN32\bin\DellDmi.exe
    C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
    C:\Program Files\Dell\OpenManage\Client\DLT.exe
    C:\WINDOWS\System32\i2050QosSvc.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\program files\Lotus\Notes\ntmulti.exe
    C:\OfficeScan NT\ntrtscan.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\tlntsvr.exe
    C:\OfficeScan NT\tmlisten.exe
    C:\dmi\win32\bin\Win32sl.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\OfficeScan NT\ofcdog.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\OfficeScan NT\pccntmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\MICROR~1\Keyboard\Ikeymain.exe
    C:\PROGRA~1\MICROR~1\Mouse\Amoumain.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\Deskmenu.exe
    C:\Program Files\Google\ggviewer81-93.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Remedy\aruser.exe
    C:\WINDOWS\System32\notepad.exe
    C:\Program Files\Intel\Intel NetStructure VPN Client\ICDESK.EXE
    C:\Program Files\Lotus\Notes\NLNOTES.EXE
    C:\Program Files\Lotus\Notes\ntaskldr.EXE
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\jpatterson\Downloads\HyjackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mincom Managed Services --- Jack Patterson
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = denpxy01.nam.mincom.net:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.mincom.net;*.mincom.oz.au;<local>
    O1 - Hosts: 172.20.65.16 dendom01
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: DotSurfer Indicator - {C733AE47-6AC0-4837-93DA-70278E88E7B2} - C:\Program Files\GTRAN Wireless\GPC6210\gtindctr.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\MICROR~1\Keyboard\Ikeymain.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\MICROR~1\Mouse\Amoumain.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: Deskmenu.lnk = C:\WINDOWS\Deskmenu.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix-eu.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1073890409178
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://online.mincomhosting.net/Citrix/ICAWEB/en/ica32/ica32t.exe
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dendom01.mincom.oz.au/iNotes6.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
    O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37876.0107291667
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nam.mincom.net
    O17 - HKLM\Software\..\Telephony: DomainName = nam.mincom.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1A27B544-A0EB-4C66-81D9-C82D23B31F90}: NameServer = 216.158.227.69,204.127.202.4
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4CAA9A59-1098-4146-833E-68110543AB20}: NameServer = 172.20.65.30
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CE06D712-11B1-4E32-AB5B-8F26DE759533}: Domain = nam.mincom.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CE06D712-11B1-4E32-AB5B-8F26DE759533}: NameServer = 172.20.65.30
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nam.mincom.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nam.mincom.net,mincom.net,mincom.oz.au,root.tequinox.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 172.20.65.30 172.20.65.25 172.31.132.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1A27B544-A0EB-4C66-81D9-C82D23B31F90}: NameServer = 216.158.227.69,204.127.202.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nam.mincom.net,mincom.net,mincom.oz.au,root.tequinox.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 172.20.65.30 172.20.65.25 172.31.132.1
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi usajack,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab

    O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab

    Then reboot. Then there is one thing I don't know:
    O3 - Toolbar: DotSurfer Indicator - {C733AE47-6AC0-4837-93DA-70278E88E7B2} - C:\Program Files\GTRAN Wireless\GPC6210\gtindctr.dll
    It looks legitimate enough:
    http://www.gtranwireless.com/products/index.html
    but it could be a cause if it was installed recently.

    Regards,

    Pieter
     
  3. usajack

    usajack Registered Member

    Joined:
    May 3, 2004
    Posts:
    3
    Pieter,

    Did as instructed and I am now able to browse my folders much, much faster. Thanks a lot for your help. Any insight as to what the 3 items you had me removed are (in case I can avoid them in the future?
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
  5. usajack

    usajack Registered Member

    Joined:
    May 3, 2004
    Posts:
    3
    Thanks....
     
Thread Status:
Not open for further replies.