Options

spyware problem - twoc

Unknown
edited May 2005 in Spyware & Virus Removal
hi, please help!

i've run adaware and spybot as per your instructions. my computer is very slow and i'm having trouble running most programs. it doesn't seem to matter whether i'm connected to the internet or not. any help you can provide is much appreciated!

thanks in advance!!
twoc

Logfile of HijackThis v1.99.1
Scan saved at 10:28:50 PM, on 03/05/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\Bell\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
E:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\System32\RUNDLL32.EXE
E:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\MXOALDR.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\DvzCommon\DvzMsgr.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
E:\program files\cwshredder\SpySub.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINNT\System32\wuauclt.exe
E:\program files\firefox\firefox.exe
E:\program files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.simplysoap.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: HyperSearchHook - {C69D0BFE-3584-447B-BB42-ADADECD323C0} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINNT\webdir.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MaxtorOneTouch] E:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [AVG7_CC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk.disabled
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: NetAssistant.lnk.disabled
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks Update Agent.lnk.disabled
O4 - Global Startup: SpySubtract.lnk = E:\program files\cwshredder\SpySub.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Bell\ACCESS~1\app\pppoeservice.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - E:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - E:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Comments

  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited May 2005
    Make sure that you can VIEW ALL HIDDEN FILES.

    Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

    R3 - URLSearchHook: HyperSearchHook - {C69D0BFE-3584-447B-BB42-ADADECD323C0} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
    O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINNT\webdir.dll


    Reboot your computer into SAFE MODE

    Then delete these files or directories (Do not be concerned if they do not exist):

    C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
    C:\WINNT\webdir.dll


    Reboot your computer to go back to normal mode and post a new log. Let me know if you notice any improvement.
  • twoc
    edited May 2005
    thanks Buckeye_Sam!

    my pc goes to 100% cpu when i connect to the internet. the rest of the time it seems pretty normal.

    here's my new log. THANKS for all the help.
    twoc


    Logfile of HijackThis v1.99.1
    Scan saved at 1:01:15 PM, on 05/05/2005
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\PROGRA~1\Bell\ACCESS~1\app\pppoeservice.exe
    C:\WINNT\system32\regsvc.exe
    E:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINNT\System32\RUNDLL32.EXE
    E:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\WINNT\MXOALDR.EXE
    C:\Program Files\Apoint\Apntex.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINNT\DvzCommon\DvzMsgr.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    E:\program files\cwshredder\SpySub.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
    C:\WINNT\System32\wuauclt.exe
    E:\program files\hijack this\HijackThis.exe
    E:\program files\firefox\firefox.exe
    C:\WINNT\System32\taskmgr.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.simplysoap.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
    O2 - BHO: (no name) - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MaxtorOneTouch] E:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOALDR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\avast\ashDisp.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk.disabled
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    O4 - Global Startup: NetAssistant.lnk.disabled
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk.disabled
    O4 - Global Startup: SpySubtract.lnk = E:\program files\cwshredder\SpySub.exe
    O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Bell\ACCESS~1\app\pppoeservice.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - E:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - E:\Program Files\Dantz\Retrospect\rthlpsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited May 2005
    Make sure you disable Spybot's Teatimer before proceeding with the Hijackthis fix.

    Fix these lines with Hijackthis.

    O2 - BHO: (no name) - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - (no file)
    O2 - BHO: (no name) - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - (no file)


    Do you still have Avast antivirus installed? If not, you can fix this line with Hijackthis.

    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\avast\ashDisp.exe


    Unless you set these restrictions up with Spybot or an administrator set these up for your computer you can fix these lines.

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


    Are you running this computer as a server?
  • twoc
    edited May 2005
    Hi Buckeye_Sam,

    I did what you suggested. Yes, I am using this as a development server.

    Seems it is only firefox that was causing the slowdown. ie, netscape didn't have any problems. turns out there is a firefox/ZA conflict so i killed and reinstalled ZA. Everything seems to be smooth now.

    My HJT log is below. Does it look clean?

    thanks for all you help. it was very much appreciated!!
    twoc!

    Logfile of HijackThis v1.99.1
    Scan saved at 12:57:53 AM, on 06/05/2005
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\PROGRA~1\Bell\ACCESS~1\app\pppoeservice.exe
    C:\WINNT\system32\regsvc.exe
    E:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINNT\System32\RUNDLL32.EXE
    C:\Program Files\Apoint\Apntex.exe
    E:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\WINNT\MXOALDR.EXE
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\DvzCommon\DvzMsgr.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    E:\program files\cwshredder\SpySub.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
    C:\WINNT\System32\wuauclt.exe
    C:\WINNT\Pixelbt32.exe
    E:\program files\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.simplysoap.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MaxtorOneTouch] E:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOALDR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [WINNTPixelbt32] C:\WINNT\Pixelbt32.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk.disabled
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    O4 - Global Startup: NetAssistant.lnk.disabled
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk.disabled
    O4 - Global Startup: SpySubtract.lnk = E:\program files\cwshredder\SpySub.exe
    O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Bell\ACCESS~1\app\pppoeservice.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - E:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - E:\Program Files\Dantz\Retrospect\rthlpsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited May 2005
    I'm concerned about this line. It wasn't in your first two logs, but shows up in your most recent log.

    O4 - HKLM\..\Run: [WINNTPixelbt32] C:\WINNT\Pixelbt32.exe


    Do you know what this is?
Sign In or Register to comment.