Help

Discussion in 'adware, spyware & hijack cleaning' started by jand, May 10, 2004.

Thread Status:
Not open for further replies.
  1. jand

    jand Registered Member

    Joined:
    May 10, 2004
    Posts:
    7
    Need help. I'm getting popups like crazy. I've loaded McAfee's new AntiSpyware Product as well as Enigma Spyhunter. They both show spyware coming back and back and back ... after I use each utility to remove them. It's like trying to rake leaves in a windstorm.

    Here's my log file ...

    Logfile of HijackThis v1.97.7
    Scan saved at 3:41:38 PM, on 5/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\System32\nslsvice.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LEXBCES.EXE
    C:\Windows\system32\spoolsv.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\Windows\System32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
    C:\Windows\myCIO\VScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\WINDOWS\SYSTEM32\lexmvservice.exe
    C:\WINDOWS\SYSTEM32\LexWebService.exe
    C:\Windows\myCIO\Agent\myAgtSvc.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Venturi2\Client\ventc.exe
    C:\Program Files\WatchGuard\WBServer\wbserver.exe
    C:\Program Files\WatchGuard\CONTROLD.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    C:\Program Files\Mobile Connection Manager\Diamond.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Windows\System32\ezSP_Px.exe
    C:\Windows\myCIO\Agent\myagttry.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MOBILE~1\apcomsrv.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Windows\System32\piggurb.exe
    C:\Windows\System32\sncbrsv.exe
    C:\Windows\System32\hpdllhost.exe
    C:\Windows\System32\QuikSearch.exe
    C:\Windows\System32\ctfmon.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\3Com\Launcher.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Lexico\CleverKeys\ClvrKeys.exe
    C:\Program Files\Common Files\efax\HotTray.exe
    C:\Program Files\Common Files\efax\Dllcmd32.exe
    C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\WatchGuard\controldGUI.exe
    C:\Program Files\Common Files\3Com\LanSupportService.exe
    C:\Program Files\3Com\WLAN Manager\AllWirelessLansService.exe
    C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
    C:\Lotus\Notes\NLNOTES.EXE
    C:\Lotus\Notes\ntaskldr.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\myCIO\Agent\HtmlDlg.Exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    C:\Downloads\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {00000000-0000-0000-8835-3EFF76BF2657} - C:\Windows\System32\kw3eef76.dll
    O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - C:\Windows\System32\icdd7ee6.dll
    O2 - BHO: (no name) - {00000000-0000-41a3-98CF-00000000168B} - C:\Windows\System32\wm41a398.dll
    O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638DB} - C:\Windows\System32\iel2cde8.dll
    O2 - BHO: (no name) - {000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} - C:\Windows\System32\he3e3fc4.dll
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\Windows\bxxs5.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\Program Files\WhistleSoftware\WselServices\WhistleHelper.dll (file missing)
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\Windows\dealhlpr.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\Windows\dealhlpr.dll (file missing)
    O3 - Toolbar: (no name) - {223405EC-01F9-48a2-BDBB-D519913E2765} - C:\Windows\System32\li01f948.dll
    O3 - Toolbar: (no name) - {EFEE6B59-ADDB-40eb-BA2C-AF860F5B42B5} - C:\Windows\System32\readdb40.dll
    O3 - Toolbar: (no name) - {28A19C3E-91E4-4bca-A623-BAF3C43C4F49} - C:\Windows\System32\si91e44b.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    O4 - HKLM\..\Run: [Diamond] C:\Program Files\Mobile Connection Manager\Diamond.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\Windows\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
    O4 - HKLM\..\Run: [myCIO.com ASaP] C:\Windows\myCIO\Agent\myagttry.exe
    O4 - HKLM\..\Run: [myCIO.com Splash] C:\Windows\myCIO\VScan\Splash.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nssysconf] C:\Windows\System32\piggurb.exe
    O4 - HKLM\..\Run: [hpsysconf1] C:\Windows\System32\sncbrsv.exe
    O4 - HKLM\..\Run: [kw3eef76] rundll32.exe C:\Windows\System32\kw3eef76.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [li01f948] rundll32.exe C:\Windows\System32\li01f948.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [000hpdllhost] C:\Windows\System32\hpdllhost.exe
    O4 - HKLM\..\Run: [si91e44b] rundll32.exe C:\Windows\System32\si91e44b.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [readdb40] rundll32.exe C:\Windows\System32\readdb40.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [he3e3fc4] rundll32.exe C:\Windows\System32\he3e3fc4.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\Windows\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [QuikSearch] C:\Windows\System32\QuikSearch.exe
    O4 - HKLM\..\Run: [wm41a398] rundll32.exe C:\Windows\System32\wm41a398.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [iel2cde8] rundll32.exe C:\Windows\System32\iel2cde8.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe C:\Windows\System32\icdd7ee6.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [DealHelperDown] C:\Windows\Download.exe
    O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\McRegWiz.exe /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - Global Startup: 3Com Launcher.lnk = C:\Program Files\3Com\Launcher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: CleverKeys.lnk = C:\Program Files\Lexico\CleverKeys\ClvrKeys.exe
    O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: NMPSystray.lnk = C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: WSEP Status+Configuration.lnk = C:\Program Files\WatchGuard\controldGUI.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Whistle (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: AbsoluteShield Internet Eraser (HKCU)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT....com/dstore/html/interactive/dl560/model.html
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WOODTV
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser.com/library/ActiveX/LPControl.cab
    O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://nai.vscan.merisel.com/VS2/bin/myCioAgt.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12e2eb921a60d526a817/netzip/RdxIE601.cab
    O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://gateway.arborcircle.org/download/dolcontrol.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://192.168.6.85/msrdp.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37671.5507060185
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8465A0F5-CFB3-41DF-B8D7-8E31893C6DAB}: NameServer = 192.168.0.3,216.109.194.1,216.109.194.2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ac.domain
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ac.domain
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    I see what you mean. :eek:

    First try following some of the advice here:
    https://www.wilderssecurity.com/showthread.php?t=27971

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {00000000-0000-0000-8835-3EFF76BF2657} - C:\Windows\System32\kw3eef76.dll
    O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - C:\Windows\System32\icdd7ee6.dll
    O2 - BHO: (no name) - {00000000-0000-41a3-98CF-00000000168B} - C:\Windows\System32\wm41a398.dll
    O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638DB} - C:\Windows\System32\iel2cde8.dll
    O2 - BHO: (no name) - {000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} - C:\Windows\System32\he3e3fc4.dll
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\Windows\bxxs5.dll

    O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\Program Files\WhistleSoftware\WselServices\WhistleHelper.dll (file missing)

    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\Windows\dealhlpr.dll (file missing)

    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\Windows\dealhlpr.dll (file missing)
    O3 - Toolbar: (no name) - {223405EC-01F9-48a2-BDBB-D519913E2765} - C:\Windows\System32\li01f948.dll
    O3 - Toolbar: (no name) - {EFEE6B59-ADDB-40eb-BA2C-AF860F5B42B5} - C:\Windows\System32\readdb40.dll
    O3 - Toolbar: (no name) - {28A19C3E-91E4-4bca-A623-BAF3C43C4F49} - C:\Windows\System32\si91e44b.dll

    O4 - HKLM\..\Run: [nssysconf] C:\Windows\System32\piggurb.exe
    O4 - HKLM\..\Run: [hpsysconf1] C:\Windows\System32\sncbrsv.exe
    O4 - HKLM\..\Run: [kw3eef76] rundll32.exe C:\Windows\System32\kw3eef76.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [li01f948] rundll32.exe C:\Windows\System32\li01f948.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [000hpdllhost] C:\Windows\System32\hpdllhost.exe
    O4 - HKLM\..\Run: [si91e44b] rundll32.exe C:\Windows\System32\si91e44b.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [readdb40] rundll32.exe C:\Windows\System32\readdb40.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [he3e3fc4] rundll32.exe C:\Windows\System32\he3e3fc4.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\Windows\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [QuikSearch] C:\Windows\System32\QuikSearch.exe
    O4 - HKLM\..\Run: [wm41a398] rundll32.exe C:\Windows\System32\wm41a398.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [iel2cde8] rundll32.exe C:\Windows\System32\iel2cde8.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe C:\Windows\System32\icdd7ee6.dll,EnableRunDLL32
    O4 - HKLM\..\Run: [DealHelperDown] C:\Windows\Download.exe

    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12e2eb9...ip/RdxIE601.cab

    Then reboot and use AdAware and Spybot as described here:
    https://www.wilderssecurity.com/showthread.php?t=15913

    Regards,

    Pieter
     
  3. jand

    jand Registered Member

    Joined:
    May 10, 2004
    Posts:
    7
    I believe that did it. I've been on the internet for several minutes and the popups used to come in swarms just after bootup and during browsing. I haven't gotten any so far.

    o_O Just curious, you had me remove Enigma Spykiller. Is that software known for adding spyware or adware software to a computer even though it's purpose was to prevent and/or remove those programs? Before posting here, I had searched the internet diligently in suspicion of this, but didn't come up with anything.
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Enigma software is not known for being a reliable method of removing spyware and we dislike their marketing approach, where they pretend to allow a fre download and then make you pay before it will fix anything

    please post a new log to check it's all gone
     
  5. jand

    jand Registered Member

    Joined:
    May 10, 2004
    Posts:
    7
    Here's my updated log after following all the steps...

    Logfile of HijackThis v1.97.7
    Scan saved at 2:00:51 PM, on 5/13/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\System32\nslsvice.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LEXBCES.EXE
    C:\Windows\system32\spoolsv.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\Windows\System32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
    C:\Windows\myCIO\VScan\McShield.exe
    C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\SYSTEM32\lexmvservice.exe
    C:\WINDOWS\SYSTEM32\LexWebService.exe
    C:\Windows\myCIO\Agent\myAgtSvc.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Venturi2\Client\ventc.exe
    C:\Program Files\WatchGuard\WBServer\wbserver.exe
    C:\Program Files\WatchGuard\CONTROLD.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    C:\Program Files\Mobile Connection Manager\Diamond.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Windows\System32\ezSP_Px.exe
    C:\Windows\myCIO\Agent\myagttry.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\MOBILE~1\apcomsrv.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Windows\System32\ctfmon.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\3Com\Launcher.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Lexico\CleverKeys\ClvrKeys.exe
    C:\Program Files\Common Files\efax\HotTray.exe
    C:\Program Files\Common Files\efax\Dllcmd32.exe
    C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\WatchGuard\controldGUI.exe
    C:\Program Files\Common Files\3Com\LanSupportService.exe
    C:\Program Files\3Com\WLAN Manager\AllWirelessLansService.exe
    C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
    C:\Lotus\Notes\NLNOTES.EXE
    C:\Lotus\Notes\ntaskldr.EXE
    C:\Program Files\Citrix\ICA Client\Wfcrun32.exe
    C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Downloads\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
    O4 - HKLM\..\Run: [Diamond] C:\Program Files\Mobile Connection Manager\Diamond.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\Windows\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
    O4 - HKLM\..\Run: [myCIO.com ASaP] C:\Windows\myCIO\Agent\myagttry.exe
    O4 - HKLM\..\Run: [myCIO.com Splash] C:\Windows\myCIO\VScan\Splash.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\McRegWiz.exe /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: 3Com Launcher.lnk = C:\Program Files\3Com\Launcher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: CleverKeys.lnk = C:\Program Files\Lexico\CleverKeys\ClvrKeys.exe
    O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: NMPSystray.lnk = C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: WSEP Status+Configuration.lnk = C:\Program Files\WatchGuard\controldGUI.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Whistle (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: AbsoluteShield Internet Eraser (HKCU)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT....com/dstore/html/interactive/dl560/model.html
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WOODTV
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser.com/library/ActiveX/LPControl.cab
    O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://nai.vscan.merisel.com/VS2/bin/myCioAgt.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://192.168.6.85/msrdp.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37671.5507060185
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8465A0F5-CFB3-41DF-B8D7-8E31893C6DAB}: NameServer = 192.168.0.3,216.109.194.1,216.109.194.2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ac.domain
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ac.domain
     
    Last edited: May 13, 2004
Thread Status:
Not open for further replies.