Help

Discussion in 'adware, spyware & hijack cleaning' started by jand, May 10, 2004.

Thread Status:
Not open for further replies.
  1. jand

    jand Registered Member

    Joined:
    May 10, 2004
    Posts:
    7
    Need help. I'm getting popups like crazy. I've loaded McAfee's new AntiSpyware Product as well as Enigma Spyhunter. They both show spyware coming back and back and back ... after I use each utility to remove them. It's like trying to rake leaves in a windstorm.

    Here's my log file ...

    Logfile of HijackThis v1.97.7
    Scan saved at 3:41:38 PM, on 5/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\System32\nslsvice.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LEXBCES.EXE
    C:\Windows\system32\spoolsv.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\Windows\System32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
    C:\Windows\myCIO\VScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\WINDOWS\SYSTEM32\lexmvservice.exe
    C:\WINDOWS\SYSTEM32\LexWebService.exe
    C:\Windows\myCIO\Agent\myAgtSvc.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Venturi2\Client\ventc.exe
    C:\Program Files\WatchGuard\WBServer\wbserver.exe
    C:\Program Files\WatchGuard\CONTROLD.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    C:\Program Files\Mobile Connection Manager\Diamond.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Windows\System32\ezSP_Px.exe
    C:\Windows\myCIO\Agent\myagttry.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MOBILE~1\apcomsrv.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Windows\System32\piggurb.exe
    C:\Windows\System32\sncbrsv.exe
    C:\Windows\System32\hpdllhost.exe
    C:\Windows\System32\QuikSearch.exe
    C:\Windows\System32\ctfmon.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\3Com\Launcher.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Lexico\CleverKeys\ClvrKeys.exe
    C:\Program Files\Common Files\efax\HotTray.exe
    C:\Program Files\Common Files\efax\Dllcmd32.exe
    C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\WatchGuard\controldGUI.exe
    C:\Program Files\Common Files\3Com\LanSupportService.exe
    C:\Program Files\3Com\WLAN Manager\AllWirelessLansService.exe
    C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
    C:\Lotus\Notes\NLNOTES.EXE
    C:\Lotus\Notes\ntaskldr.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\myCIO\Agent\HtmlDlg.Exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    C:\Downloads\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {00000000-0000-0000-8835-3EFF76BF2657} - C:\Windows\System32\kw3eef76.dll
    O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - C:\Windows\System32\icdd7ee6.dll
    O2 - BHO: (no name) - {00000000-0000-41a3-98CF-00000000168B} - C:\Windows\System32\wm41a398.dll
    O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638DB} - C:\Windows\System32\iel2cde8.dll
    O2 - BHO: (no name) - {000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} - C:\Windows\System32\he3e3fc4.dll
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\Windows\bxxs5.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\Program Files\WhistleSoftware\WselServices\WhistleHelper.dll (file missing)
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\Windows\dealhlpr.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\Windows\dealhlpr.dll (file missing)
    O3 - Toolbar: (no name) - {223405EC-01F9-48a2-BDBB-D519913E2765} - C:\Windows\System32\li01f948.dll
    O3 - Toolbar: (no name) - {EFEE6B59-ADDB-40eb-BA2C-AF860F5B42B5} - C:\Windows\System32\readdb40.dll
    O3 - Toolbar: (no name) - {28A19C3E-91E4-4bca-A623-BAF3C43C4F49} - C:\Windows\System32\si91e44b.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    O4 - HKLM\..\Run: [Diamond] C:\Program Files\Mobile Connection Manager\Diamond.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\Windows\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
    O4 - HKLM\..\Run: [myCIO.com ASaP] C:\Windows\myCIO\Agent\myagttry.exe
    O4 - HKLM\..\Run: [myCIO.com Splash] C:\Windows\myCIO\VScan\Splash.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nssysconf] C:\Windows\System32\piggurb.exe
    O4 - HKLM\..\Run: [hpsysconf1] C:\Windows\System32\sncbrsv.exe
    O4 - HKLM\..\Run: [kw3eef76] rundll32.exe C:\Windows\System32\kw3eef76.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [li01f948] rundll32.exe C:\Windows\System32\li01f948.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [000hpdllhost] C:\Windows\System32\hpdllhost.exe
    O4 - HKLM\..\Run: [si91e44b] rundll32.exe C:\Windows\System32\si91e44b.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [readdb40] rundll32.exe C:\Windows\System32\readdb40.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [he3e3fc4] rundll32.exe C:\Windows\System32\he3e3fc4.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\Windows\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [QuikSearch] C:\Windows\System32\QuikSearch.exe
    O4 - HKLM\..\Run: [wm41a398] rundll32.exe C:\Windows\System32\wm41a398.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [iel2cde8] rundll32.exe C:\Windows\System32\iel2cde8.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe C:\Windows\System32\icdd7ee6.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [DealHelperDown] C:\Windows\Download.exe
    O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\McRegWiz.exe /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - Global Startup: 3Com Launcher.lnk = C:\Program Files\3Com\Launcher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: CleverKeys.lnk = C:\Program Files\Lexico\CleverKeys\ClvrKeys.exe
    O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: NMPSystray.lnk = C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: WSEP Status+Configuration.lnk = C:\Program Files\WatchGuard\controldGUI.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Whistle (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: AbsoluteShield Internet Eraser (HKCU)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT....com/dstore/html/interactive/dl560/model.html
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WOODTV
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser.com/library/ActiveX/LPControl.cab
    O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://nai.vscan.merisel.com/VS2/bin/myCioAgt.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12e2eb921a60d526a817/netzip/RdxIE601.cab
    O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://gateway.arborcircle.org/download/dolcontrol.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://192.168.6.85/msrdp.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37671.5507060185
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8465A0F5-CFB3-41DF-B8D7-8E31893C6DAB}: NameServer = 192.168.0.3,216.109.194.1,216.109.194.2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ac.domain
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ac.domain
     
    jand, May 10, 2004
    #1
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    I see what you mean. :eek:

    First try following some of the advice here:
    https://www.wilderssecurity.com/showthread.php?t=27971

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {00000000-0000-0000-8835-3EFF76BF2657} - C:\Windows\System32\kw3eef76.dll
    O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - C:\Windows\System32\icdd7ee6.dll
    O2 - BHO: (no name) - {00000000-0000-41a3-98CF-00000000168B} - C:\Windows\System32\wm41a398.dll
    O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638DB} - C:\Windows\System32\iel2cde8.dll
    O2 - BHO: (no name) - {000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} - C:\Windows\System32\he3e3fc4.dll
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\Windows\bxxs5.dll

    O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\Program Files\WhistleSoftware\WselServices\WhistleHelper.dll (file missing)

    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\Windows\dealhlpr.dll (file missing)

    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\Windows\dealhlpr.dll (file missing)
    O3 - Toolbar: (no name) - {223405EC-01F9-48a2-BDBB-D519913E2765} - C:\Windows\System32\li01f948.dll
    O3 - Toolbar: (no name) - {EFEE6B59-ADDB-40eb-BA2C-AF860F5B42B5} - C:\Windows\System32\readdb40.dll
    O3 - Toolbar: (no name) - {28A19C3E-91E4-4bca-A623-BAF3C43C4F49} - C:\Windows\System32\si91e44b.dll

    O4 - HKLM\..\Run: [nssysconf] C:\Windows\System32\piggurb.exe
    O4 - HKLM\..\Run: [hpsysconf1] C:\Windows\System32\sncbrsv.exe
    O4 - HKLM\..\Run: [kw3eef76] rundll32.exe C:\Windows\System32\kw3eef76.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [li01f948] rundll32.exe C:\Windows\System32\li01f948.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [000hpdllhost] C:\Windows\System32\hpdllhost.exe
    O4 - HKLM\..\Run: [si91e44b] rundll32.exe C:\Windows\System32\si91e44b.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [readdb40] rundll32.exe C:\Windows\System32\readdb40.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [he3e3fc4] rundll32.exe C:\Windows\System32\he3e3fc4.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\Windows\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [QuikSearch] C:\Windows\System32\QuikSearch.exe
    O4 - HKLM\..\Run: [wm41a398] rundll32.exe C:\Windows\System32\wm41a398.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [iel2cde8] rundll32.exe C:\Windows\System32\iel2cde8.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe C:\Windows\System32\icdd7ee6.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [DealHelperDown] C:\Windows\Download.exe

    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12e2eb9...ip/RdxIE601.cab

    Then reboot and use AdAware and Spybot as described here:
    https://www.wilderssecurity.com/showthread.php?t=15913

    Regards,

    Pieter
     
    Pieter_Arntz, May 11, 2004
    #2
  3. jand

    jand Registered Member

    Joined:
    May 10, 2004
    Posts:
    7
    I believe that did it. I've been on the internet for several minutes and the popups used to come in swarms just after bootup and during browsing. I haven't gotten any so far.

    o_O Just curious, you had me remove Enigma Spykiller. Is that software known for adding spyware or adware software to a computer even though it's purpose was to prevent and/or remove those programs? Before posting here, I had searched the internet diligently in suspicion of this, but didn't come up with anything.
     
    jand, May 13, 2004
    #3
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Enigma software is not known for being a reliable method of removing spyware and we dislike their marketing approach, where they pretend to allow a fre download and then make you pay before it will fix anything

    please post a new log to check it's all gone
     
    dvk01, May 13, 2004
    #4
  5. jand

    jand Registered Member

    Joined:
    May 10, 2004
    Posts:
    7
    Here's my updated log after following all the steps...

    Logfile of HijackThis v1.97.7
    Scan saved at 2:00:51 PM, on 5/13/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\System32\nslsvice.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LEXBCES.EXE
    C:\Windows\system32\spoolsv.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\Windows\System32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
    C:\Windows\myCIO\VScan\McShield.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\SYSTEM32\lexmvservice.exe
    C:\WINDOWS\SYSTEM32\LexWebService.exe
    C:\Windows\myCIO\Agent\myAgtSvc.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Venturi2\Client\ventc.exe
    C:\Program Files\WatchGuard\WBServer\wbserver.exe
    C:\Program Files\WatchGuard\CONTROLD.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    C:\Program Files\Mobile Connection Manager\Diamond.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Windows\System32\ezSP_Px.exe
    C:\Windows\myCIO\Agent\myagttry.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\MOBILE~1\apcomsrv.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Windows\System32\ctfmon.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\3Com\Launcher.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Lexico\CleverKeys\ClvrKeys.exe
    C:\Program Files\Common Files\efax\HotTray.exe
    C:\Program Files\Common Files\efax\Dllcmd32.exe
    C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\WatchGuard\controldGUI.exe
    C:\Program Files\Common Files\3Com\LanSupportService.exe
    C:\Program Files\3Com\WLAN Manager\AllWirelessLansService.exe
    C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
    C:\Lotus\Notes\NLNOTES.EXE
    C:\Lotus\Notes\ntaskldr.EXE
    C:\Program Files\Citrix\ICA Client\Wfcrun32.exe
    C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Downloads\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    O4 - HKLM\..\Run: [Diamond] C:\Program Files\Mobile Connection Manager\Diamond.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\Windows\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
    O4 - HKLM\..\Run: [myCIO.com ASaP] C:\Windows\myCIO\Agent\myagttry.exe
    O4 - HKLM\..\Run: [myCIO.com Splash] C:\Windows\myCIO\VScan\Splash.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\McRegWiz.exe /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: 3Com Launcher.lnk = C:\Program Files\3Com\Launcher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: CleverKeys.lnk = C:\Program Files\Lexico\CleverKeys\ClvrKeys.exe
    O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: NMPSystray.lnk = C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: WSEP Status+Configuration.lnk = C:\Program Files\WatchGuard\controldGUI.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Whistle (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: AbsoluteShield Internet Eraser (HKCU)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT....com/dstore/html/interactive/dl560/model.html
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WOODTV
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser.com/library/ActiveX/LPControl.cab
    O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://nai.vscan.merisel.com/VS2/bin/myCioAgt.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://192.168.6.85/msrdp.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37671.5507060185
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8465A0F5-CFB3-41DF-B8D7-8E31893C6DAB}: NameServer = 192.168.0.3,216.109.194.1,216.109.194.2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ac.domain
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ac.domain
     
    Last edited: May 13, 2004
    jand, May 13, 2004
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...