Options
HiJackThis Log - itsme
I am having trouble to remove this too. Please help.
Here is my HJK log.
Logfile of HijackThis v1.97.7
Scan saved at 1:51:24 PM, on 6/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\etlisrv.exe
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\tmlisten.exe
C:\OfficeScan NT\ofcdog.exe
C:\WINDOWS\Explorer.EXE
i:\ww3\dllshare\$waitxpchk.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MailFrontier\mlfbuddy.exe
C:\WINDOWS\system32\etlitr50.exe
C:\Program Files\WordWeb\wweb32.exe
C:\highjackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best.omega-search.com/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best.omega-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best.omega-search.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WesInfo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best.omega-search.com/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://best.omega-search.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Matador] "C:\Program Files\MailFrontier\mlfbuddy.exe" -quiet
O4 - HKCU\..\Run: [olehelp] C:\Program Files\Common Files\svchost.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://wesinfo
O16 - DPF: {AA5B5051-C63B-4958-9DB2-D9B0BF1AF6AA} (Wsinfo Control) - http://boadev.westat.com/Survey/wsinfo.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westat.com
O17 - HKLM\Software\..\Telephony: DomainName = westat.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = westat.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westat.com
Here is my HJK log.
Logfile of HijackThis v1.97.7
Scan saved at 1:51:24 PM, on 6/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\etlisrv.exe
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\tmlisten.exe
C:\OfficeScan NT\ofcdog.exe
C:\WINDOWS\Explorer.EXE
i:\ww3\dllshare\$waitxpchk.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MailFrontier\mlfbuddy.exe
C:\WINDOWS\system32\etlitr50.exe
C:\Program Files\WordWeb\wweb32.exe
C:\highjackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best.omega-search.com/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best.omega-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best.omega-search.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WesInfo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best.omega-search.com/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://best.omega-search.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Matador] "C:\Program Files\MailFrontier\mlfbuddy.exe" -quiet
O4 - HKCU\..\Run: [olehelp] C:\Program Files\Common Files\svchost.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://wesinfo
O16 - DPF: {AA5B5051-C63B-4958-9DB2-D9B0BF1AF6AA} (Wsinfo Control) - http://boadev.westat.com/Survey/wsinfo.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westat.com
O17 - HKLM\Software\..\Telephony: DomainName = westat.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = westat.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westat.com
0
Comments
Dexter...