HijackThis log - for attention

Discussion in 'adware, spyware & hijack cleaning' started by Tiger_Bay_Warrior, Jul 15, 2004.

Thread Status:
Not open for further replies.
  1. Tiger_Bay_Warrior

    Tiger_Bay_Warrior Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    6
    Initial scans completed by Adware, Bazooka and Spybot SD (in that order).

    Hijack this log file below.
    Any help appreciated.
    Thanks.

    Logfile of HijackThis v1.97.7
    Scan saved at 11:25:48 AM, on 7/9/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\Twain_32\fjscan32\FjtwSetup.exe
    C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\system32\ezSP_Px.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Apps\Updater\01.02.0000.2693\en-us\msnappau.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
    D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    D:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\WINNT\System32\calc.exe
    C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
    C:\WINNT\System32\wisptis.exe
    C:\WINNT\system32\wuauclt.exe
    C:\PROGRA~1\eZula\mmod.exe
    C:\WINNT\msagent\AgentSvr.exe
    D:\PROGRA~1\MICROS~1\Office10\OUTLOOK.EXE
    C:\WINNT\TEMP\Rem152.exe
    C:\Documents and Settings\Edamash\My Documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/index.html?http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0000.2693\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0000.2693\en-us\msntb.dll
    O3 - Toolbar: Defyboltmode - {7E4D01B4-46A1-8C99-E478-56992B9950D8} - C:\PROGRA~1\SOFTLI~1\logpoke.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINNT\Twain_32\fjscan32\FjtwSetup.exe /Station
    O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [Updater] "C:\Program Files\MSN Apps\Updater\01.02.0000.2693\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [Cash Help] C:\PROGRA~1\1list\MOVE JOY CLOCK.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\PROGRAM FILES\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab
    O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab
    O16 - DPF: Yahoo! GSM VoiceMail Player - http://phone.yahoo.com/plugin/ygsmcab.cab
    O16 - DPF: {0D3983A9-4E29-4F33-8313-DA22B29D3F87} (QuickBooks Online Edition Utilities Class v6) - https://accounting.quickbooks.com/v10.108/qboax6.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {31A59AD6-4D40-4C2C-9EB4-2809CDAE7EA8} (IKANScanCtl.CtlIKANScan) - http://localhost/ikan/IKANScanCtl.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37657.5458564815
    O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
    O16 - DPF: {B4D0AC3D-8CA7-4EBC-8F75-C23C6C85BD7B} (IKANScanLiteCtl.CtlIKANScanLite) - http://localhost/ikan/IKANScanLiteCtl.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.142/qboax7.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HOUSTON.IKANSOFTWARE.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2215C820-AE2F-4379-A085-9200B361ABB9}: NameServer = 192.168.0.1,24.28.99.62
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HOUSTON.IKANSOFTWARE.local
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2215C820-AE2F-4379-A085-9200B361ABB9}: NameServer = 192.168.0.1,24.28.99.62
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = HOUSTON.IKANSOFTWARE.local
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2215C820-AE2F-4379-A085-9200B361ABB9}: NameServer = 192.168.0.1,24.28.99.62
     
  2. Tiger_Bay_Warrior

    Tiger_Bay_Warrior Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    6
    No takers on this one?

    Please help..... o_O o_O
     
  3. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello,

    Sorry for the delay.

    Download CWShredder Click on update, then close all browsers, and then click on Fix, not scan.

    Reboot and run HJT again and post a new log here.
     
  4. Tiger_Bay_Warrior

    Tiger_Bay_Warrior Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    6
    Hi Taz!
    Thanks for replying.

    Run CWShredder and rebooted.

    New Log.

    Logfile of HijackThis v1.97.7
    Scan saved at 9:47:55 AM, on 7/26/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\Twain_32\fjscan32\FjtwSetup.exe
    C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\MSN Apps\Updater\01.02.0000.2693\en-us\msnappau.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\Program Files\2Wire\2PortalMon.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\ACT\SideACT.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    D:\PROGRA~1\MICROS~1\Office10\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Documents and Settings\Edamash\My Documents\HijackThis.exe
    C:\WINNT\system32\ipconfig.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0000.2693\en-us\msntb.dll
    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O3 - Toolbar: Defyboltmode - {7E4D01B4-46A1-8C99-E478-56992B9950D8} - C:\PROGRA~1\SOFTLI~1\fordbeep.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINNT\Twain_32\fjscan32\FjtwSetup.exe /Station
    O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [Updater] "C:\Program Files\MSN Apps\Updater\01.02.0000.2693\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [\\Ikanserverhp\EPSON Stylus Photo R200 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P45 "\\Ikanserverhp\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINNT\system32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: 2Wire Wireless Client Manager.lnk = C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\PROGRAM FILES\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
    O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab
    O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab
    O16 - DPF: Yahoo! GSM VoiceMail Player - http://phone.yahoo.com/plugin/ygsmcab.cab
    O16 - DPF: {0D3983A9-4E29-4F33-8313-DA22B29D3F87} (QuickBooks Online Edition Utilities Class v6) - https://accounting.quickbooks.com/v10.108/qboax6.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {31A59AD6-4D40-4C2C-9EB4-2809CDAE7EA8} (IKANScanCtl.CtlIKANScan) - http://localhost/ikan/IKANScanCtl.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37657.5458564815
    O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
    O16 - DPF: {B4D0AC3D-8CA7-4EBC-8F75-C23C6C85BD7B} (IKANScanLiteCtl.CtlIKANScanLite) - http://localhost/ikan/IKANScanLiteCtl.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.142/qboax7.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2215C820-AE2F-4379-A085-9200B361ABB9}: NameServer = 192.168.0.1,24.28.99.62
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2215C820-AE2F-4379-A085-9200B361ABB9}: NameServer = 192.168.0.1,24.28.99.62
     
  5. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello,

    Ok, first:

    Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of lspak.dll. Reboot.

    Next, Reboot the computer into safe mode

    Run Hijackthis again and check these items and then on Fix:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll

    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

    Make sure you can view all hidden files and folders. If you don't know how, go to this link: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    Find and delete this file:

    C:\Program Files\Common Files\WinTools ...............folder


    Reboot and post a new log here.
     
  6. Tiger_Bay_Warrior

    Tiger_Bay_Warrior Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    6
    Hi Taz71498.

    New Log.

    Logfile of HijackThis v1.97.7
    Scan saved at 4:42:58 PM, on 7/26/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\Twain_32\fjscan32\FjtwSetup.exe
    C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\MSN Apps\Updater\01.02.0000.2693\en-us\msnappau.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\ACT\SideACT.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
    C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0000.2693\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0000.2693\en-us\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINNT\Twain_32\fjscan32\FjtwSetup.exe /Station
    O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [Updater] "C:\Program Files\MSN Apps\Updater\01.02.0000.2693\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [\\Ikanserverhp\EPSON Stylus Photo R200 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P45 "\\Ikanserverhp\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINNT\system32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - Global Startup: 2Wire Wireless Client Manager.lnk = C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\PROGRAM FILES\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab
    O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab
    O16 - DPF: Yahoo! GSM VoiceMail Player - http://phone.yahoo.com/plugin/ygsmcab.cab
    O16 - DPF: {0D3983A9-4E29-4F33-8313-DA22B29D3F87} (QuickBooks Online Edition Utilities Class v6) - https://accounting.quickbooks.com/v10.108/qboax6.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {31A59AD6-4D40-4C2C-9EB4-2809CDAE7EA8} (IKANScanCtl.CtlIKANScan) - http://localhost/ikan/IKANScanCtl.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37657.5458564815
    O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
    O16 - DPF: {B4D0AC3D-8CA7-4EBC-8F75-C23C6C85BD7B} (IKANScanLiteCtl.CtlIKANScanLite) - http://localhost/ikan/IKANScanLiteCtl.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.142/qboax7.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2215C820-AE2F-4379-A085-9200B361ABB9}: NameServer = 192.168.0.1,24.28.99.62
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2215C820-AE2F-4379-A085-9200B361ABB9}: NameServer = 192.168.0.1,24.28.99.62
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2215C820-AE2F-4379-A085-9200B361ABB9}: NameServer = 192.168.0.1,24.28.99.62


    Thanks!
     
  7. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
  8. Tiger_Bay_Warrior

    Tiger_Bay_Warrior Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    6
    Ok, done that and all looks clear. No problems reported.
     
  9. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
  10. Tiger_Bay_Warrior

    Tiger_Bay_Warrior Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    6
    Thanks Taz71498!
     
  11. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Your very welcome!! Glad we could help.
     
Thread Status:
Not open for further replies.