HiJack This?

Question

I want to post my log, but after double clikcing on hijackthis.exe it extracts and a shortcut is created, nothing happens.  Shouldn't I see it scanning?  And the folder it created looks empty.  When I double click on the shortcut, Windows starts searching but the shortcut is missing and gives me a choice to browse for the folder myself.  Any ideas?

bamajim · Answer

skelley23   What antivirus program are you running and what other protection devices aare you running?   bamajim   Graduate of Malware Removal University

skelley23 · Answer

I have already updated to SP2.  Any ideas?  I have already tried to run HiJack This and cannot even get to a screen with a scan button.  All I get is an empty folder created, and a shortcut that I can't open.

skelley23 · Answer

I was told to run Ad Aware SE occasionally and my company loaded some anti-virus software on the laptop.  I'm not sure what it is, but it's not something I recognize like Norton, McAfee, etc.  I recently ran the Ad Aware and quarantined everything it listed.  I also, updated my Windows Packet to service pack 2.  I later read another discussion where it recommended updating an earlier service pack before service pack 2.  I hope this information helps.  I can leave more detailed information when I am working on the laptop, if I can ever get online with it again.  It took six tries last time, before I could get through the registry problems.   Thanks

bamajim · Answer

skelley23

If you have SP1 (service pack 1) and your PC is infected, I do not recommend that you try to install SP2 it will make it very difficult to remove the infection if you overlay it.

I am adding the information about dopwnloading and running Hijackthis:

Go Here And download HijackThis

Save it in a convenient permanent folder such as C:\\HJT\\, double click HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents.

Information about creating the folder

Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C:
then right click and select New then Folder and name it HJT.

If you are unable to connect to the internet with the problem PC. Thne download it to a working PC and transfer it to the problem CP by way of CD or USB key. Once the log file is generated, transfer it (the txt. log) back to the working PC and upload it as a reply to this thread. Ther is no danger of cross infection using the process outlined above

bamajim Graduate of Malware Removal University

bamajim · Answer

skelley23 Go HERE and download VCleanerSave it to your desktop Boot into Safe Mode and Run the tool. Then report back with what it finds and if you are able to run Hijackthis bamajim   Graduate of Malware Removal University

skelley23 · Answer

I tried to run the VCleaner on Safe Mode, but I cannot start because it is a different password and I don't have administrator access.  So I ran it straight from opening it and it said there were 70 processes running, but didn't find any viruses.  I still cannot run HiJackThis.  Not sure what to do other than drink, because I don't have the patience for this.  The computer is winning.  I will try any other ideas you might have.  Thanks.

skelley23 · Answer

I downloaded HiJackThis again, and it opened and I ran a scan.  Here it is:   Logfile of HijackThis v1.99.1 Scan saved at 7:49:55 PM, on 11/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Network ICE\BlackICE\blackd.exe C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\WINDOWS\LogWatNT.exe C:\Program Files\Network ICE\BlackICE\RapApp.exe C:\Program Files\CA\Unicenter Remote ControlcHost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RegSrvc.exe C:\TNGSD\BIN\SDSERV.EXE C:\Program Files\Network ICE\BlackICE\vpatch.exe C:\WINDOWS\UMCSTUB.EXE C:\TNGSD\BIN\TRIGGAG.EXE C:\WINDOWS\System32\1XConfig.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\DSentry.exe C:\PROGRA~1\CA\ETRUST~1ealmon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe C:\SxpInst\sxplog32.exe C:\WINDOWS\System32undll32.exe C:\WINDOWS\System32undll32.exe C:\Program Files\Logitech\iTouch\kbdtray.exe C:\Program Files\Common Files\Real\Update_OBealsched.exe C:\Scripts\Launcher.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe C:\WINDOWS\System32undll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe C:\WINDOWS\mmputt.exe C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe C:\windows\system32\oodsrego.exe C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\WinTools\WSup.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\PSCastor\PSCastor.exe C:\WINDOWS\System32\owinppem.exe C:\Program Files\Sony Handheld\HOTSYNC.EXE C:\Documents and Settings\9803232\Start Menu\Programs\Startup
snotify.exe C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sony Handheld\palm.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [AdaptecDirectCD] 'C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe' O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [DelCache] C:\Scripts\DELCACHE.EXE O4 - HKLM\..\Run: [TermEvent] C:\Windows\system32\TermEvt.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1ealmon.exe -s O4 - HKLM\..\Run: [CA-AMAgent] C:\TNGAM\AGENT\amagent.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe O4 - HKLM\..\Run: [DellReports] C:\SCRIPTS\delrpt.exe O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1 O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [AXA_Connect] C:\Scripts\Launcher.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Java Stabilization] C:\SCRIPTS\JavaCheck.exe O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] 'C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe' O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain O4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\startupmon.exe O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [mmcrat06] C:\WINDOWS\mmputt.exe O4 - HKLM\..\Run: [{12-2F-F7-76-ZN}] C:\windows\system32\oodsrego.exe ELT001 O4 - HKLM\..\Run: [win3210-660525194] C:\WINDOWS\win3210-660525194.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\owinppem.exe ELT001 O4 - HKLM\..\Run: [SDR6_Check] 'C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe' O4 - HKLM\..\Run: [PAS_Check] 'C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe' O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Registry Cleaner] 'C:\Program Files\Registry Cleaner\RegClean.exe' O4 - HKCU\..\Run: [Piro] C:\Documents and Settings\9803232\Application Data\arsp.exe O4 - HKCU\..\Run: [Dylxhnet] C:\WINDOWS\System32\arpa.exe O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PSCastor] 'C:\Program Files\PSCastor\PSCastor.exe' O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O4 - Startup: nsnotify.exe O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\owinppem.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Global Startup: AxaLicense.lnk = C:\Scripts\AxaLicense.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O12 - Plugin for .asf: C:\Program Files\Netscape\Communicator\Program\PLUGINS
pdsplay.dll O15 - Trusted Zone: *.adgate.info O15 - Trusted Zone: *.adsextend.net O15 - Trusted Zone: http://edox.axa-advisors.com O15 - Trusted Zone: http://www.axadistributors.com O15 - Trusted Zone: http://alerts.axaonline.com O15 - Trusted Zone: http://preprod.axaonline.com O15 - Trusted Zone: http://snwtiwp1.axaonline.com O15 - Trusted Zone: http://test.axaonline.com O15 - Trusted Zone: http://wtiwebopt.axaonline.com O15 - Trusted Zone: http://www.axaonline.com O15 - Trusted Zone: http://www.comcast.net O15 - Trusted Zone: *.dollarrevenue.com O15 - Trusted Zone: *.elitemediagroup.net O15 - Trusted Zone: csessbi1.equitable.com O15 - Trusted Zone: http://csessbi1.equitable.com O15 - Trusted Zone: http://edox.equitable.com O15 - Trusted Zone: mpgint.equitable.com O15 - Trusted Zone: http://mpgpln.equitable.com O15 - Trusted Zone: mpgtrn.equitable.com O15 - Trusted Zone: http://srsprod.equitable.com O15 - Trusted Zone: http://srsprod.equitable.com O15 - Trusted Zone: http://axa.financialcampus.com O15 - Trusted Zone: http://axa-advisors.financialcampus.com O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: w4.iscorp.com O15 - Trusted Zone: http://w4.iscorp.com O15 - Trusted Zone: http://www.macnamee.com O15 - Trusted Zone: *.matcash.com O15 - Trusted Zone: *.media-motor.com O15 - Trusted Zone: *.mediatickets.net O15 - Trusted Zone: http://apps.mony.com O15 - Trusted Zone: http://advtools.morningstar.com O15 - Trusted Zone: http://apps.questerra.com O15 - Trusted Zone: http://www.questerra.com O15 - Trusted Zone: http://www.seagullsw.com O15 - Trusted Zone: http://www.smartmoney.com O15 - Trusted Zone: *.snipernet.biz O15 - Trusted Zone: http://*.snj1afsap33 O15 - Trusted Zone: http://*.sny1afsapdev18 O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: www.visualwebcaster.com O15 - Trusted Zone: http://www.visualwebcaster.com O15 - Trusted Zone: *.winantivirus.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.adsextend.net (HKLM) O15 - Trusted Zone: http://edox.axa-advisors.com (HKLM) O15 - Trusted Zone: http://preprod.axaonline.com (HKLM) O15 - Trusted Zone: http://snwtiwp1.axaonline.com (HKLM) O15 - Trusted Zone: http://test.axaonline.com (HKLM) O15 - Trusted Zone: http://wtiwebopt.axaonline.com (HKLM) O15 - Trusted Zone: http://www.axaonline.com (HKLM) O15 - Trusted Zone: http://www.comcast.net (HKLM) O15 - Trusted Zone: *.dollarrevenue.com (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: http://edox.equitable.com (HKLM) O15 - Trusted Zone: mpgint.equitable.com (HKLM) O15 - Trusted Zone: http://mpgpln.equitable.com (HKLM) O15 - Trusted Zone: mpgtrn.equitable.com (HKLM) O15 - Trusted Zone: http://axa.financialcampus.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: http://www.macnamee.com (HKLM) O15 - Trusted Zone: *.matcash.com (HKLM) O15 - Trusted Zone: *.media-motor.com (HKLM) O15 - Trusted Zone: *.mediatickets.net (HKLM) O15 - Trusted Zone: http://advtools.morningstar.com (HKLM) O15 - Trusted Zone: http://apps.questerra.com (HKLM) O15 - Trusted Zone: http://www.questerra.com (HKLM) O15 - Trusted Zone: http://www.smartmoney.com (HKLM) O15 - Trusted Zone: *.snipernet.biz (HKLM) O15 - Trusted Zone: http://*.snj1afsap33 (HKLM) O15 - Trusted Zone: http://*.sny1afsapdev18 (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O15 - Trusted Zone: *.winantivirus.com (HKLM) O15 - Trusted IP range: http://141.191.182.8 >Break

skelley23 · Answer

Log Continued:

O16 - DPF: {17898480-17DF-4E0A-8248-B2A6E647B245} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14705/applets/SiebelOptionPack.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {3B74F448-B418-40E7-AB9A-1DCCC344B09C} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14703/applets/SiebelOptionPack.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3138302D2D2D.exe
O16 - DPF: {44260C54-2BC1-4E3B-B312-3F0277544C8D} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14308/applets/SiebelOptionPack.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13a4a7428a0aeb93d923/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161988686168
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161988663595
O16 - DPF: {7A4907E8-E06E-4008-BB9F-48980D9D9A75} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14701/applets/SiebelOptionPack.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://57.69.22.141/main/Install/en/US/CentraDownloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DBFF771D-3F92-4C70-9978-508738536F38} (CSConn Class) - https://wtiwebopt.axaonline.com/fins/14308/applets/csagent.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = axa-advisors.axa-financial.intraxa
O17 - HKLM\Software\..\Telephony: DomainName = axa-advisors.axa-financial.intraxa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = axa-advisors.axa-financial.intraxa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = equitable.com,axa-advisors.axa-financial.intraxa,axa-advisors.com,axa-financial.com,axa-na.com,elas.com,na.axa-tech.intraxa,axafinancialsvc.axa-financial.intraxa,axa-financial.intraxa
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = equitable.com,axa-advisors.axa-financial.intraxa,axa-advisors.com,axa-financial.com,axa-na.com,elas.com,na.axa-tech.intraxa,axafinancialsvc.axa-financial.intraxa,axa-financial.intraxa
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\PROGRA~1\NETEXC~1.0\FlowHook.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\Lic98Rmt.exe
O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\Lic98RmtD.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DM Primer (DMPrimer) - Unknown owner - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe" -DMPRIMER_SERVICE_: (file missing)
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\TNGSD\BIN\SDSERV.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

bamajim · Answer

skelley23 Good job First Open the Hijackthis folder->>Locate Hijackthis.exe->>Rt Click and Select Rename->>Rename it H.exe. Then rerun H.exe (formerly Hijackthis) and Repost your Log. Also using the instructions below post the uninstall list using the instructions below. Next Re Run Hijackthis (H.exe) At the Main window select ' Open the misc tool section' Then select ' Open uninstall manager' Then ' save list' and save it to your desktop Copy and paste that list as a reply to this thread.   Your reply should include a fresh H (hijackthis) log your uninstall_list   bamajim   Graduate of Malware Removal University

skelley23 · Answer

Logfile of HijackThis v1.99.1 Scan saved at 5:47:59 PM, on 11/14/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Network ICE\BlackICE\blackd.exe C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\WINDOWS\LogWatNT.exe C:\Program Files\Network ICE\BlackICE\RapApp.exe C:\Program Files\CA\Unicenter Remote ControlcHost.exe C:\WINDOWS\System32\RegSrvc.exe C:\TNGSD\BIN\SDSERV.EXE C:\Program Files\Network ICE\BlackICE\vpatch.exe C:\WINDOWS\UMCSTUB.EXE C:\TNGSD\BIN\TRIGGAG.EXE C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\DSentry.exe C:\PROGRA~1\CA\ETRUST~1ealmon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe C:\SxpInst\sxplog32.exe C:\WINDOWS\System32undll32.exe C:\WINDOWS\System32undll32.exe C:\Program Files\Common Files\Real\Update_OBealsched.exe C:\Scripts\Launcher.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\Program Files\Logitech\iTouch\kbdtray.exe C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe C:\WINDOWS\System32undll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe C:\WINDOWS\mmputt.exe C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe C:\windows\system32\oodsrego.exe C:\WINDOWS\System32\owinppem.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\WinTools\WSup.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\PSCastor\PSCastor.exe C:\Program Files\Sony Handheld\HOTSYNC.EXE C:\Documents and Settings\9803232\Start Menu\Programs\Startup
snotify.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe C:\H.exe\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [AdaptecDirectCD] 'C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe' O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [DelCache] C:\Scripts\DELCACHE.EXE O4 - HKLM\..\Run: [TermEvent] C:\Windows\system32\TermEvt.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1ealmon.exe -s O4 - HKLM\..\Run: [CA-AMAgent] C:\TNGAM\AGENT\amagent.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe O4 - HKLM\..\Run: [DellReports] C:\SCRIPTS\delrpt.exe O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1 O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [AXA_Connect] C:\Scripts\Launcher.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Java Stabilization] C:\SCRIPTS\JavaCheck.exe O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] 'C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe' O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain O4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\startupmon.exe O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [mmcrat06] C:\WINDOWS\mmputt.exe O4 - HKLM\..\Run: [{12-2F-F7-76-ZN}] C:\windows\system32\oodsrego.exe ELT001 O4 - HKLM\..\Run: [win3210-660525194] C:\WINDOWS\win3210-660525194.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\owinppem.exe ELT001 O4 - HKLM\..\Run: [SDR6_Check] 'C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe' O4 - HKLM\..\Run: [PAS_Check] 'C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe' O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Registry Cleaner] 'C:\Program Files\Registry Cleaner\RegClean.exe' O4 - HKCU\..\Run: [Piro] C:\Documents and Settings\9803232\Application Data\arsp.exe O4 - HKCU\..\Run: [Dylxhnet] C:\WINDOWS\System32\arpa.exe O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PSCastor] 'C:\Program Files\PSCastor\PSCastor.exe' O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O4 - Startup: nsnotify.exe O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\owinppem.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Global Startup: AxaLicense.lnk = C:\Scripts\AxaLicense.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O12 - Plugin for .asf: C:\Program Files\Netscape\Communicator\Program\PLUGINS
pdsplay.dll O15 - Trusted Zone: *.adgate.info O15 - Trusted Zone: *.adsextend.net O15 - Trusted Zone: http://edox.axa-advisors.com O15 - Trusted Zone: http://www.axadistributors.com O15 - Trusted Zone: http://alerts.axaonline.com O15 - Trusted Zone: http://preprod.axaonline.com O15 - Trusted Zone: http://snwtiwp1.axaonline.com O15 - Trusted Zone: http://test.axaonline.com O15 - Trusted Zone: http://wtiwebopt.axaonline.com O15 - Trusted Zone: http://www.axaonline.com O15 - Trusted Zone: http://www.comcast.net O15 - Trusted Zone: *.dollarrevenue.com O15 - Trusted Zone: *.elitemediagroup.net O15 - Trusted Zone: csessbi1.equitable.com O15 - Trusted Zone: http://csessbi1.equitable.com O15 - Trusted Zone: http://edox.equitable.com O15 - Trusted Zone: mpgint.equitable.com O15 - Trusted Zone: http://mpgpln.equitable.com O15 - Trusted Zone: mpgtrn.equitable.com O15 - Trusted Zone: http://srsprod.equitable.com O15 - Trusted Zone: http://srsprod.equitable.com O15 - Trusted Zone: http://axa.financialcampus.com O15 - Trusted Zone: http://axa-advisors.financialcampus.com O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: w4.iscorp.com O15 - Trusted Zone: http://w4.iscorp.com O15 - Trusted Zone: http://www.macnamee.com O15 - Trusted Zone: *.matcash.com O15 - Trusted Zone: *.media-motor.com O15 - Trusted Zone: *.mediatickets.net O15 - Trusted Zone: http://apps.mony.com O15 - Trusted Zone: http://advtools.morningstar.com O15 - Trusted Zone: http://apps.questerra.com O15 - Trusted Zone: http://www.questerra.com O15 - Trusted Zone: http://www.seagullsw.com O15 - Trusted Zone: http://www.smartmoney.com O15 - Trusted Zone: *.snipernet.biz O15 - Trusted Zone: http://*.snj1afsap33 O15 - Trusted Zone: http://*.sny1afsapdev18 O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: www.visualwebcaster.com O15 - Trusted Zone: http://www.visualwebcaster.com O15 - Trusted Zone: *.winantivirus.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.adsextend.net (HKLM) O15 - Trusted Zone: http://edox.axa-advisors.com (HKLM) O15 - Trusted Zone: http://preprod.axaonline.com (HKLM) O15 - Trusted Zone: http://snwtiwp1.axaonline.com (HKLM) O15 - Trusted Zone: http://test.axaonline.com (HKLM) O15 - Trusted Zone: http://wtiwebopt.axaonline.com (HKLM) O15 - Trusted Zone: http://www.axaonline.com (HKLM) O15 - Trusted Zone: http://www.comcast.net (HKLM) O15 - Trusted Zone: *.dollarrevenue.com (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: http://edox.equitable.com (HKLM) O15 - Trusted Zone: mpgint.equitable.com (HKLM) O15 - Trusted Zone: http://mpgpln.equitable.com (HKLM) O15 - Trusted Zone: mpgtrn.equitable.com (HKLM) O15 - Trusted Zone: http://axa.financialcampus.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: http://www.macnamee.com (HKLM) O15 - Trusted Zone: *.matcash.com (HKLM) O15 - Trusted Zone: *.media-motor.com (HKLM) O15 - Trusted Zone: *.mediatickets.net (HKLM) O15 - Trusted Zone: http://advtools.morningstar.com (HKLM) O15 - Trusted Zone: http://apps.questerra.com (HKLM) O15 - Trusted Zone: http://www.questerra.com (HKLM) O15 - Trusted Zone: http://www.smartmoney.com (HKLM) O15 - Trusted Zone: *.snipernet.biz (HKLM) O15 - Trusted Zone: http://*.snj1afsap33 (HKLM) O15 - Trusted Zone: http://*.sny1afsapdev18 (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O15 - Trusted Zone: *.winantivirus.com (HKLM) O15 - Trusted IP range: http://141.191.182.8

skelley23 · Answer

O16 - DPF: {17898480-17DF-4E0A-8248-B2A6E647B245} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14705/applets/SiebelOptionPack.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {3B74F448-B418-40E7-AB9A-1DCCC344B09C} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14703/applets/SiebelOptionPack.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3138302D2D2D.exe
O16 - DPF: {44260C54-2BC1-4E3B-B312-3F0277544C8D} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14308/applets/SiebelOptionPack.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13a4a7428a0aeb93d923/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161988686168
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161988663595
O16 - DPF: {7A4907E8-E06E-4008-BB9F-48980D9D9A75} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14701/applets/SiebelOptionPack.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://57.69.22.141/main/Install/en/US/CentraDownloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DBFF771D-3F92-4C70-9978-508738536F38} (CSConn Class) - https://wtiwebopt.axaonline.com/fins/14308/applets/csagent.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = axa-advisors.axa-financial.intraxa
O17 - HKLM\Software\..\Telephony: DomainName = axa-advisors.axa-financial.intraxa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = axa-advisors.axa-financial.intraxa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = equitable.com,axa-advisors.axa-financial.intraxa,axa-advisors.com,axa-financial.com,axa-na.com,elas.com,na.axa-tech.intraxa,axafinancialsvc.axa-financial.intraxa,axa-financial.intraxa
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = equitable.com,axa-advisors.axa-financial.intraxa,axa-advisors.com,axa-financial.com,axa-na.com,elas.com,na.axa-tech.intraxa,axafinancialsvc.axa-financial.intraxa,axa-financial.intraxa
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\PROGRA~1\NETEXC~1.0\FlowHook.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE28-738B1E346F99} - C:\Program Files\Exolon\Exolon.dll
O20 - Winlogon Notify: accdns - C:\WINDOWS\addins\accdns.dll
O20 - Winlogon Notify: basanti - C:\WINDOWS\system\basanti.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\Lic98Rmt.exe
O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\Lic98RmtD.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DM Primer (DMPrimer) - Unknown owner - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe" -DMPRIMER_SERVICE_: (file missing)
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\TNGSD\BIN\SDSERV.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

skelley23 · Answer

I need help to include my uninstall_list.  When I click 'save list', it does not give me an option to save it to my desktop, and HiJackThis automatically closes.  I'm not sure where to find the list is, so I can copy and paste it.  I can only view it before I hit 'save list' and in the control panel under the add/remove programs.

bamajim · Answer

skelley23

Lets skip the uninstall list for right now, we will come back to that.

In my previous post I needed you to Rename the file Hijackthis.exe to H.exe.

What you did was rename the folder. So open the Folder->>Locate the file Hijackthis.exe Rename it to H.exe and then rerun and repost your log

thanks :smileyhappy:

bamajim Graduate of Malware Removal University

skelley23 · Answer

O16 - DPF: {17898480-17DF-4E0A-8248-B2A6E647B245} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14705/applets/SiebelOptionPack.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {3B74F448-B418-40E7-AB9A-1DCCC344B09C} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14703/applets/SiebelOptionPack.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3138302D2D2D.exe
O16 - DPF: {44260C54-2BC1-4E3B-B312-3F0277544C8D} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14308/applets/SiebelOptionPack.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13a4a7428a0aeb93d923/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161988686168
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161988663595
O16 - DPF: {7A4907E8-E06E-4008-BB9F-48980D9D9A75} (Siebel Option Pack for IE 7.0.5) - https://wtiwebopt.axaonline.com/fins/14701/applets/SiebelOptionPack.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://57.69.22.141/main/Install/en/US/CentraDownloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DBFF771D-3F92-4C70-9978-508738536F38} (CSConn Class) - https://wtiwebopt.axaonline.com/fins/14308/applets/csagent.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = axa-advisors.axa-financial.intraxa
O17 - HKLM\Software\..\Telephony: DomainName = axa-advisors.axa-financial.intraxa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = axa-advisors.axa-financial.intraxa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = equitable.com,axa-advisors.axa-financial.intraxa,axa-advisors.com,axa-financial.com,axa-na.com,elas.com,na.axa-tech.intraxa,axafinancialsvc.axa-financial.intraxa,axa-financial.intraxa
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = equitable.com,axa-advisors.axa-financial.intraxa,axa-advisors.com,axa-financial.com,axa-na.com,elas.com,na.axa-tech.intraxa,axafinancialsvc.axa-financial.intraxa,axa-financial.intraxa
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\PROGRA~1\NETEXC~1.0\FlowHook.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE28-738B1E346F99} - C:\Program Files\Exolon\Exolon.dll
O20 - Winlogon Notify: accdns - C:\WINDOWS\addins\accdns.dll
O20 - Winlogon Notify: basanti - C:\WINDOWS\system\basanti.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\Lic98Rmt.exe
O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\Lic98RmtD.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DM Primer (DMPrimer) - Unknown owner - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe" -DMPRIMER_SERVICE_: (file missing)
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\TNGSD\BIN\SDSERV.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

skelley23 · Answer

Let's see if we can get back on track.   Logfile of HijackThis v1.99.1 Scan saved at 9:41:39 AM, on 1/27/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\ZCfgSvc.exe C:\Program Files\Network ICE\BlackICE\blackd.exe C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\WINDOWS\LogWatNT.exe C:\Program Files\Network ICE\BlackICE\RapApp.exe C:\Program Files\CA\Unicenter Remote ControlcHost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\TNGSD\BIN\SDSERV.EXE C:\Program Files\Network ICE\BlackICE\vpatch.exe C:\WINDOWS\UMCSTUB.EXE C:\TNGSD\BIN\TRIGGAG.EXE C:\WINDOWS\System32\1XConfig.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\DSentry.exe C:\PROGRA~1\CA\ETRUST~1ealmon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe C:\SxpInst\sxplog32.exe C:\WINDOWS\System32undll32.exe C:\WINDOWS\System32undll32.exe C:\Program Files\Common Files\Real\Update_OBealsched.exe C:\Scripts\Launcher.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe C:\Program Files\Logitech\iTouch\kbdtray.exe C:\WINDOWS\System32undll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe C:\WINDOWS\mmputt.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\oodsrego.exe C:\WINDOWS\System32\owinppeb.exe C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe C:\PROGRA~1\COMMON~1\WinTools\WSup.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\CMIntex\CMIntex.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sony Handheld\HOTSYNC.EXE C:\Documents and Settings\9803232\Start Menu\Programs\Startup
snotify.exe C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe C:\Program Files\Exolon\Exolon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sony Handheld\palm.exe C:\PROGRA~1\COMMON~1\Logitech\WebColct\WebColct.exe C:\H.exe\H.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: AssistantLibrary - {04CDB16C-AB38-43CD-A86A-6FEB90290939} - C:\Program Files\PadsysAssistant\AssistantLibrary.dll O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\System32\aewauxot.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA43AA} - C:\Program Files\AdSponsor\AdSponsor.dll O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\System32\okeuuhhb.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: SDWin32 Class - {D99AC8C5-9F9B-450C-BD3C-5EAF0D0D60D6} - C:\WINDOWS\System32	rkfj.dll (file missing) O2 - BHO: (no name) - {E23BD12E-6ECE-353C-C8A0-378192C35FC2} - C:\WINDOWS\System32\mlteaeuo.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [AdaptecDirectCD] 'C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe' O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [DelCache] C:\Scripts\DELCACHE.EXE O4 - HKLM\..\Run: [TermEvent] C:\Windows\system32\TermEvt.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1ealmon.exe -s O4 - HKLM\..\Run: [CA-AMAgent] C:\TNGAM\AGENT\amagent.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe O4 - HKLM\..\Run: [DellReports] C:\SCRIPTS\delrpt.exe O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1 O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [AXA_Connect] C:\Scripts\Launcher.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Java Stabilization] C:\SCRIPTS\JavaCheck.exe O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] 'C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe' O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain O4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe' O4 - HKLM\..\Run: [cmonitor] C:\Program Files\SystemDoctor 2006 Free\startupmon.exe O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [mmcrat06] C:\WINDOWS\mmputt.exe O4 - HKLM\..\Run: [{12-2F-F7-76-ZN}] C:\windows\system32\oodsrego.exe ELT001 O4 - HKLM\..\Run: [win3210-660525194] C:\WINDOWS\win3210-660525194.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\owinppeb.exe ELT001 O4 - HKLM\..\Run: [SDR6_Check] 'C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe' O4 - HKLM\..\Run: [PAS_Check] 'C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [DllRunning] rundll32.exe 'C:\WINDOWS\System32\hjqfpbpt.dll',setvm O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Registry Cleaner] 'C:\Program Files\Registry Cleaner\RegClean.exe' O4 - HKCU\..\Run: [Piro] C:\Documents and Settings\9803232\Application Data\arsp.exe O4 - HKCU\..\Run: [Dylxhnet] C:\WINDOWS\System32\arpa.exe O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CMIntex] 'C:\Program Files\CMIntex\CMIntex.exe' O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O4 - Startup: nsnotify.exe O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\owinppeb.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Global Startup: AxaLicense.lnk = C:\Scripts\AxaLicense.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O10 - Unknown file in Winsock LSP: c:\program files
etwork ice\blackice\ibe\icelsp_8.0.614.0.dll O12 - Plugin for .asf: C:\Program Files\Netscape\Communicator\Program\PLUGINS
pdsplay.dll O15 - Trusted Zone: *.adgate.info O15 - Trusted Zone: *.adsextend.net O15 - Trusted Zone: http://edox.axa-advisors.com O15 - Trusted Zone: http://www.axadistributors.com O15 - Trusted Zone: http://alerts.axaonline.com O15 - Trusted Zone: http://preprod.axaonline.com O15 - Trusted Zone: http://snwtiwp1.axaonline.com O15 - Trusted Zone: http://test.axaonline.com O15 - Trusted Zone: http://wtiwebopt.axaonline.com O15 - Trusted Zone: http://www.axaonline.com O15 - Trusted Zone: http://www.comcast.net O15 - Trusted Zone: *.dollarrevenue.com O15 - Trusted Zone: *.elitemediagroup.net O15 - Trusted Zone: csessbi1.equitable.com O15 - Trusted Zone: http://csessbi1.equitable.com O15 - Trusted Zone: http://edox.equitable.com O15 - Trusted Zone: mpgint.equitable.com O15 - Trusted Zone: http://mpgpln.equitable.com O15 - Trusted Zone: mpgtrn.equitable.com O15 - Trusted Zone: http://srsprod.equitable.com O15 - Trusted Zone: http://srsprod.equitable.com O15 - Trusted Zone: http://axa.financialcampus.com O15 - Trusted Zone: http://axa-advisors.financialcampus.com O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: w4.iscorp.com O15 - Trusted Zone: http://w4.iscorp.com O15 - Trusted Zone: http://www.macnamee.com O15 - Trusted Zone: *.matcash.com O15 - Trusted Zone: *.media-motor.com O15 - Trusted Zone: *.mediatickets.net O15 - Trusted Zone: http://apps.mony.com O15 - Trusted Zone: http://advtools.morningstar.com O15 - Trusted Zone: http://apps.questerra.com O15 - Trusted Zone: http://www.questerra.com O15 - Trusted Zone: http://www.seagullsw.com O15 - Trusted Zone: http://www.smartmoney.com O15 - Trusted Zone: *.snipernet.biz O15 - Trusted Zone: http://*.snj1afsap33 O15 - Trusted Zone: http://*.sny1afsapdev18 O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: www.visualwebcaster.com O15 - Trusted Zone: http://www.visualwebcaster.com O15 - Trusted Zone: *.winantivirus.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.adsextend.net (HKLM) O15 - Trusted Zone: http://edox.axa-advisors.com (HKLM) O15 - Trusted Zone: http://preprod.axaonline.com (HKLM) O15 - Trusted Zone: http://snwtiwp1.axaonline.com (HKLM) O15 - Trusted Zone: http://test.axaonline.com (HKLM) O15 - Trusted Zone: http://wtiwebopt.axaonline.com (HKLM) O15 - Trusted Zone: http://www.axaonline.com (HKLM) O15 - Trusted Zone: http://www.comcast.net (HKLM) O15 - Trusted Zone: *.dollarrevenue.com (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: http://edox.equitable.com (HKLM) O15 - Trusted Zone: mpgint.equitable.com (HKLM) O15 - Trusted Zone: http://mpgpln.equitable.com (HKLM) O15 - Trusted Zone: mpgtrn.equitable.com (HKLM) O15 - Trusted Zone: http://axa.financialcampus.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: http://www.macnamee.com (HKLM) O15 - Trusted Zone: *.matcash.com (HKLM) O15 - Trusted Zone: *.media-motor.com (HKLM) O15 - Trusted Zone: *.mediatickets.net (HKLM) O15 - Trusted Zone: http://advtools.morningstar.com (HKLM) O15 - Trusted Zone: http://apps.questerra.com (HKLM) O15 - Trusted Zone: http://www.questerra.com (HKLM) O15 - Trusted Zone: http://www.smartmoney.com (HKLM) O15 - Trusted Zone: *.snipernet.biz (HKLM) O15 - Trusted Zone: http://*.snj1afsap33 (HKLM) O15 - Trusted Zone: http://*.sny1afsapdev18 (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O15 - Trusted Zone: *.winantivirus.com (HKLM) O15 - Trusted IP range: http://141.191.182.8

Virus & Spyware

Was this post helpful?