HijackThis Log File needing to be Disected. Multiple Virus problems With Fire wall and NAT enabled.

Posted on 2004-04-09
Last Modified: 2010-04-11
As you can see by the below log I am running this particular PC on a LAN.  My WAN and LAN are running off of 2 different NIC's inside the WIN 03 Server Box. The Serveris the DHCP.  I have A T1 line that is NAT inabled with zero pinholes.  Nothing has been found at the server level..YET

I found This Link in the Log.  http / /   www2.flingstone.   c o m /   {dont go to the link it tries to install crap on your pc}
and removed it.  MY Virus Scan ASaP from mcafee has found 4 of the following.  Does anyone see any other weird things. Thanks in advance.

Local Settings\Temporary Internet Files\Content.IE5\896H0N63\bridge 1 .exe Downloader-ER     4/2/2004 8:16:51 PM Deleted

Local Settings\Temp\bridge.exe Downloader-ER                               4/2/2004 8:16:52 PM Deleted
C WINDOWS\Downloaded Program Files\bridge.dll Keylog-Briss         4/7/2004 4:18:07 PM Deleted

C RECYCLER\S-1-5-21-725345543-2139871995-682003330-1006\Dc2.htm HTML/Ebscam    4/7/2004 4:49:32 PM Deleted

Logfile of HijackThis v1.97.7
Scan saved at 9:03:58 PM, on 4/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\myCIO\Agent\myagttry.exe  ????????????????????????????????????????????????????????????????  Not sure !
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Microsoft Outlook\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [ Splash] C:\WINDOWS\myCIO\VScan\Splash.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) -
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://sbs2003/connectcomputer/nshelp.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -,0,0,81/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://sbs2003/Remote/
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -,0,0,19/
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WebPublishing.local
O17 - HKLM\Software\..\Telephony: DomainName = WebPublishing.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WebPublishing.local
Question by:wildewebpublishing

Expert Comment

ID: 10795715
Hi wildewebpublishing,

[myagttry.exe] =System tray notification for McAfee VirusScan ASaP on-line scanner.
CompanyName : Network Associates, Inc.
FileDescription : myAgtTry Module
InternalName : myAgtTry
OriginalFilename : myAgtTry.exe

///thus nothing to worry about..

I cant see anything strange..but I think best thing you can do to download these softwares and run them in this order

i: make sure you have the lastest update of below tools and for your antivirus prog

ii: Ad-aware- Spyware/Adware removal tools


Once above is done..
1. Click Start, and then right-click My Computer.
2. Click Properties.
3. Click the System Restore tab.
4. Check Turn off System Restore.
5. Click Apply, and then click OK.
6. Restart the computer.
7. Repeat steps 1 through 6, except in step 4, uncheck Turn Off System Restore.

3: install a firewall if you dont have one(forget about winxp's internal :)  ).

This way you get rid of any spyware and other annoyences..
make sure your win has the latest update to close all your security holes..

good luck


Author Comment

ID: 10795743
Thanks I should have been a little more detailed on what I have allready done.

Did and Do Adaware and Spybot.

Did disable System Restore

I have an external hardware firewall.

Have Internal Firewall

After original Post I noticed I missed this one srting
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll  - Possible Adobe Key But I doubt it at this point.  I deleted it and rebooted.  I m here to tell about it so I guess it was ok.

I am still puzzled where they are coming from....


I will wait to see if anone else has ideas befor I close.
LVL 12

Accepted Solution

rossfingal earned 500 total points
ID: 10815446

Took a quick look and did not find anything that jumps out as being bad.
myagttry.exe is part of McAffee.
I would check System Restore files, temp files, etc. for anything related to bridge.dll, or anything else suspicious.
Also, download and run CWShredder:

Good luck!

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now