Matthewerb
asked on
My computer has been hijacked by spyware and none of the automated removers can help!
Attached is my HijackThis log. I have run the following programs to try to cure my problems to no avail. adaware, spybot, spysweeper, spywareblaster, cwshredder, and stinger. In addition, I have Norton antivirus and a firewall by Mcafee. Everything I do to try to get my computer running smoothly again seems to do no good. Although it appeared that I removed quite a few programs, my computers efficiency has not improved.
I have aol and if I boot up my computer and try to get onto the internet, I get a message that I have reached the open window limit and I must close some programs in order continue. In order to get onto the internet, I practically have to close every process running using the task manager.
If I use internet explorer, it doesn't seem to use as much memory, but then I get hijacked by a trojan that is apparently blocked when I use aol. I tried to use a solution I found on this website to remove the trojan, but I was unable to find the files listed in the solution that I needed to delete. At any rate, my computer takes as long as 15 minutes just to boot up and even then it sometimes locks up when spysweeper detects a new spyware program that has appeared in my registry.
I tried to restore my computer using instructions in my user manual, but the instructions did not work as listed. I have windows millenium as my operating system and I would just reformat my drive and start again except that I am afraid if I do that, I will not have any operating system and no way to restore it.
After reviewing my hijackthis log could someone please advise me on my next move.
Thanks so much
Matt
Logfile of HijackThis v1.97.7
Scan saved at 9:55:48 PM, on 9/18/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32 .DLL
C:\WINDOWS\SYSTEM\MSGSRV32 .EXE
C:\WINDOWS\SYSTEM\mmtask.t sk
C:\WINDOWS\SYSTEM\MPREXE.E XE
C:\WINDOWS\SYSTEM\MSTASK.E XE
C:\WINDOWS\SYSTEM\SSDPSRV. EXE
C:\WINDOWS\SYSTEM\STIMON.E XE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MFCQF32. EXE
C:\WINDOWS\SYSTEM\RESTORE\ STMGR.EXE
C:\WINDOWS\CRNC.EXE
C:\WINDOWS\SYSTEM\SYSIW.EX E
C:\WINDOWS\NTOS.EXE
C:\WINDOWS\MFCSW.EXE
C:\WINDOWS\NTPN.EXE
C:\WINDOWS\SYSTEM\WINNB.EX E
C:\WINDOWS\SDKPI32.EXE
C:\WINDOWS\CRPQ.EXE
C:\WINDOWS\SYSTEM\MSKI.EXE
C:\WINDOWS\SYSTEM\CRGW32.E XE
C:\WINDOWS\IPKC32.EXE
C:\WINDOWS\SDKAJ.EXE
C:\WINDOWS\SYSTEM\SYSTRAY. EXE
C:\WINDOWS\CRHU.EXE
C:\WINDOWS\SYSTEM\PELMICED .EXE
C:\WINDOWS\SYSTEM\SYSBN32. EXE
C:\IBMTOOLS\APTEZBTN\APTEZ BP.EXE
C:\WINDOWS\IEBP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E XE
C:\WINDOWS\JAVABO.EXE
C:\WINDOWS\SYSTEM\D3FZ.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIR ECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTS VC.EXE
C:\WINDOWS\SYSTEM\ATLPI.EX E
C:\WINDOWS\SYSTEM\SDKZC32. EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EX E
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\IPSG32.E XE
C:\WINDOWS\SYSTEM\LEXBCES. EXE
C:\WINDOWS\SYSTEM\ATLRS.EX E
C:\WINDOWS\SYSTEM\IPYQ.EXE
C:\WINDOWS\SYSTEM\RPCSS.EX E
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCA GENT.EXE
C:\WINDOWS\IEUU.EXE
C:\WINDOWS\SYSTEM\WINTA32. EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SDKLZ.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\MFCSP32.EXE
C:\WINDOWS\SYSTEM\LEXPPS.E XE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\CRVT32.E XE
C:\WINDOWS\ATLLK.EXE
C:\WINDOWS\ATLFP.EXE
C:\WINDOWS\SYSTEM\WINNF32. EXE
C:\WINDOWS\CRYN32.EXE
C:\WINDOWS\SYSTEM\ADDXB.EX E
C:\WINDOWS\SYSTEM\WINGQ32. EXE
C:\WINDOWS\SYSTEM\IPUU.EXE
C:\WINDOWS\MFCUN.EXE
C:\WINDOWS\SYSTEM\SYSND32. EXE
C:\WINDOWS\SYSTEM\NTFJ32.E XE
C:\WINDOWS\SYSTEM\ADDRV.EX E
C:\WINDOWS\D3BT.EXE
C:\WINDOWS\SYSTEM\SYSCJ.EX E
C:\WINDOWS\NTUP32.EXE
C:\WINDOWS\CRRJ32.EXE
C:\WINDOWS\SDKAK32.EXE
C:\WINDOWS\MSFO.EXE
C:\WINDOWS\WINCB32.EXE
C:\WINDOWS\CRES32.EXE
C:\WINDOWS\WINRI.EXE
C:\WINDOWS\NTDK32.EXE
C:\WINDOWS\SYSTEM\SDKCM.EX E
C:\WINDOWS\SYSTEM\MSBH32.E XE
C:\WINDOWS\D3IE.EXE
C:\WINDOWS\MFCZE.EXE
C:\WINDOWS\NTGY.EXE
C:\WINDOWS\SYSTEM\WINQS32. EXE
C:\WINDOWS\SYSTEM\CRCG.EXE
C:\WINDOWS\SYSTEM\ATLUY32. EXE
C:\WINDOWS\SYSTEM\SDKBC32. EXE
C:\WINDOWS\SYSTEM\APIPI.EX E
C:\MY DOCUMENTS\MATT'S DOCUMENTS\GENEALOGY\HIJACK THIS.EXE
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = res://C:\WINDOWS\system\ah szu.dll/sp .html#2277 6
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = res://ahszu.dll/index.html #22776
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = res://ahszu.dll/index.html #22776
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = res://C:\WINDOWS\system\ah szu.dll/sp .html#2277 6
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = res://ahszu.dll/index.html #22776
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = res://C:\WINDOWS\system\ah szu.dll/sp .html#2277 6
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EC5F4B05-E9D7-4907-A0CD-D D260CADFBF 6} - C:\WINDOWS\SYSTEM\D3NM.DLL
O2 - BHO: (no name) - {388C35E4-4B37-F24C-BB6E-8 0FD25B9D6E A} - C:\WINDOWS\SYSTEM\IEFF.DLL
O2 - BHO: (no name) - {938EDA73-B848-25BB-A986-A 3DCA507169 A} - C:\WINDOWS\SYSTEM\IEDK32.D LL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\SYSTEM\MSDXM.OC X
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Suppor t\PCHSchd. exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw rScheme
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE .EXE -N
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptez bp.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECT CD\DIRECTC D.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evnts vc.exe -osboot
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IPYQ.EXE] C:\WINDOWS\SYSTEM\IPYQ.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGE NT\mcagent .exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGE NT\McUpdat e.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PER SON~1\MPFT RAY.EXE
O4 - HKLM\..\Run: [SDKJD.EXE] C:\WINDOWS\SYSTEM\SDKJD.EX E
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw rScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv. exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\ StateMgr.e xe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E XE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [MFCQF32.EXE] C:\WINDOWS\SYSTEM\MFCQF32. EXE
O4 - HKLM\..\RunServices: [SYSIW.EXE] C:\WINDOWS\SYSTEM\SYSIW.EX E
O4 - HKLM\..\RunServices: [CRNC.EXE] C:\WINDOWS\CRNC.EXE
O4 - HKLM\..\RunServices: [NTOS.EXE] C:\WINDOWS\NTOS.EXE
O4 - HKLM\..\RunServices: [MFCSW.EXE] C:\WINDOWS\MFCSW.EXE
O4 - HKLM\..\RunServices: [NTPN.EXE] C:\WINDOWS\NTPN.EXE
O4 - HKLM\..\RunServices: [WINNB.EXE] C:\WINDOWS\SYSTEM\WINNB.EX E
O4 - HKLM\..\RunServices: [SDKPI32.EXE] C:\WINDOWS\SDKPI32.EXE
O4 - HKLM\..\RunServices: [CRPQ.EXE] C:\WINDOWS\CRPQ.EXE
O4 - HKLM\..\RunServices: [MSKI.EXE] C:\WINDOWS\SYSTEM\MSKI.EXE
O4 - HKLM\..\RunServices: [CRGW32.EXE] C:\WINDOWS\SYSTEM\CRGW32.E XE
O4 - HKLM\..\RunServices: [IPKC32.EXE] C:\WINDOWS\IPKC32.EXE
O4 - HKLM\..\RunServices: [SDKAJ.EXE] C:\WINDOWS\SDKAJ.EXE
O4 - HKLM\..\RunServices: [CRHU.EXE] C:\WINDOWS\CRHU.EXE
O4 - HKLM\..\RunServices: [SYSBN32.EXE] C:\WINDOWS\SYSTEM\SYSBN32. EXE
O4 - HKLM\..\RunServices: [IEBP.EXE] C:\WINDOWS\IEBP.EXE
O4 - HKLM\..\RunServices: [D3FZ.EXE] C:\WINDOWS\SYSTEM\D3FZ.EXE
O4 - HKLM\..\RunServices: [JAVABO.EXE] C:\WINDOWS\JAVABO.EXE
O4 - HKLM\..\RunServices: [SDKZC32.EXE] C:\WINDOWS\SYSTEM\SDKZC32. EXE
O4 - HKLM\..\RunServices: [ATLPI.EXE] C:\WINDOWS\SYSTEM\ATLPI.EX E
O4 - HKLM\..\RunServices: [IPSG32.EXE] C:\WINDOWS\SYSTEM\IPSG32.E XE
O4 - HKLM\..\RunServices: [ATLRS.EXE] C:\WINDOWS\SYSTEM\ATLRS.EX E
O4 - HKLM\..\RunServices: [IEUU.EXE] C:\WINDOWS\IEUU.EXE
O4 - HKLM\..\RunServices: [WINTA32.EXE] C:\WINDOWS\SYSTEM\WINTA32. EXE
O4 - HKLM\..\RunServices: [SDKLZ.EXE] C:\WINDOWS\SDKLZ.EXE
O4 - HKLM\..\RunServices: [MFCSP32.EXE] C:\WINDOWS\MFCSP32.EXE
O4 - HKLM\..\RunServices: [CRVT32.EXE] C:\WINDOWS\SYSTEM\CRVT32.E XE
O4 - HKLM\..\RunServices: [ATLLK.EXE] C:\WINDOWS\ATLLK.EXE
O4 - HKLM\..\RunServices: [ATLFP.EXE] C:\WINDOWS\ATLFP.EXE
O4 - HKLM\..\RunServices: [WINNF32.EXE] C:\WINDOWS\SYSTEM\WINNF32. EXE
O4 - HKLM\..\RunServices: [WINGQ32.EXE] C:\WINDOWS\SYSTEM\WINGQ32. EXE
O4 - HKLM\..\RunServices: [CRYN32.EXE] C:\WINDOWS\CRYN32.EXE
O4 - HKLM\..\RunServices: [ADDXB.EXE] C:\WINDOWS\SYSTEM\ADDXB.EX E
O4 - HKLM\..\RunServices: [MFCUN.EXE] C:\WINDOWS\MFCUN.EXE
O4 - HKLM\..\RunServices: [IPUU.EXE] C:\WINDOWS\SYSTEM\IPUU.EXE
O4 - HKLM\..\RunServices: [SYSND32.EXE] C:\WINDOWS\SYSTEM\SYSND32. EXE
O4 - HKLM\..\RunServices: [ADDRV.EXE] C:\WINDOWS\SYSTEM\ADDRV.EX E
O4 - HKLM\..\RunServices: [NTFJ32.EXE] C:\WINDOWS\SYSTEM\NTFJ32.E XE
O4 - HKLM\..\RunServices: [D3BT.EXE] C:\WINDOWS\D3BT.EXE
O4 - HKLM\..\RunServices: [NTUP32.EXE] C:\WINDOWS\NTUP32.EXE
O4 - HKLM\..\RunServices: [SYSCJ.EXE] C:\WINDOWS\SYSTEM\SYSCJ.EX E
O4 - HKLM\..\RunServices: [CRRJ32.EXE] C:\WINDOWS\CRRJ32.EXE
O4 - HKLM\..\RunServices: [SDKAK32.EXE] C:\WINDOWS\SDKAK32.EXE
O4 - HKLM\..\RunServices: [MSFO.EXE] C:\WINDOWS\MSFO.EXE
O4 - HKLM\..\RunServices: [WINCB32.EXE] C:\WINDOWS\WINCB32.EXE
O4 - HKLM\..\RunServices: [CRES32.EXE] C:\WINDOWS\CRES32.EXE
O4 - HKLM\..\RunServices: [WINRI.EXE] C:\WINDOWS\WINRI.EXE
O4 - HKLM\..\RunServices: [D3IE.EXE] C:\WINDOWS\D3IE.EXE
O4 - HKLM\..\RunServices: [NTDK32.EXE] C:\WINDOWS\NTDK32.EXE
O4 - HKLM\..\RunServices: [SDKCM.EXE] C:\WINDOWS\SYSTEM\SDKCM.EX E
O4 - HKLM\..\RunServices: [MSBH32.EXE] C:\WINDOWS\SYSTEM\MSBH32.E XE
O4 - HKLM\..\RunServices: [MFCZE.EXE] C:\WINDOWS\MFCZE.EXE
O4 - HKLM\..\RunServices: [NTGY.EXE] C:\WINDOWS\NTGY.EXE
O4 - HKLM\..\RunServices: [CRCG.EXE] C:\WINDOWS\SYSTEM\CRCG.EXE
O4 - HKLM\..\RunServices: [WINQS32.EXE] C:\WINDOWS\SYSTEM\WINQS32. EXE
O4 - HKLM\..\RunServices: [ATLUY32.EXE] C:\WINDOWS\SYSTEM\ATLUY32. EXE
O4 - HKLM\..\RunServices: [SDKBC32.EXE] C:\WINDOWS\SYSTEM\SDKBC32. EXE
O4 - HKLM\..\RunServices: [APIPI.EXE] C:\WINDOWS\SYSTEM\APIPI.EX E
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msms gs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicato r\Program\ PLUGINS\NP SWF32.dll
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATO R\PROGRAM\ PLUGINS\np dsplay.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGI NS\npqtplu gin.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38208.8492708333
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5 A1EDB1D8A2 1} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
I have aol and if I boot up my computer and try to get onto the internet, I get a message that I have reached the open window limit and I must close some programs in order continue. In order to get onto the internet, I practically have to close every process running using the task manager.
If I use internet explorer, it doesn't seem to use as much memory, but then I get hijacked by a trojan that is apparently blocked when I use aol. I tried to use a solution I found on this website to remove the trojan, but I was unable to find the files listed in the solution that I needed to delete. At any rate, my computer takes as long as 15 minutes just to boot up and even then it sometimes locks up when spysweeper detects a new spyware program that has appeared in my registry.
I tried to restore my computer using instructions in my user manual, but the instructions did not work as listed. I have windows millenium as my operating system and I would just reformat my drive and start again except that I am afraid if I do that, I will not have any operating system and no way to restore it.
After reviewing my hijackthis log could someone please advise me on my next move.
Thanks so much
Matt
Logfile of HijackThis v1.97.7
Scan saved at 9:55:48 PM, on 9/18/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\MSTASK.E
C:\WINDOWS\SYSTEM\SSDPSRV.
C:\WINDOWS\SYSTEM\STIMON.E
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MFCQF32.
C:\WINDOWS\SYSTEM\RESTORE\
C:\WINDOWS\CRNC.EXE
C:\WINDOWS\SYSTEM\SYSIW.EX
C:\WINDOWS\NTOS.EXE
C:\WINDOWS\MFCSW.EXE
C:\WINDOWS\NTPN.EXE
C:\WINDOWS\SYSTEM\WINNB.EX
C:\WINDOWS\SDKPI32.EXE
C:\WINDOWS\CRPQ.EXE
C:\WINDOWS\SYSTEM\MSKI.EXE
C:\WINDOWS\SYSTEM\CRGW32.E
C:\WINDOWS\IPKC32.EXE
C:\WINDOWS\SDKAJ.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\WINDOWS\CRHU.EXE
C:\WINDOWS\SYSTEM\PELMICED
C:\WINDOWS\SYSTEM\SYSBN32.
C:\IBMTOOLS\APTEZBTN\APTEZ
C:\WINDOWS\IEBP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\WINDOWS\JAVABO.EXE
C:\WINDOWS\SYSTEM\D3FZ.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIR
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTS
C:\WINDOWS\SYSTEM\ATLPI.EX
C:\WINDOWS\SYSTEM\SDKZC32.
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EX
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\IPSG32.E
C:\WINDOWS\SYSTEM\LEXBCES.
C:\WINDOWS\SYSTEM\ATLRS.EX
C:\WINDOWS\SYSTEM\IPYQ.EXE
C:\WINDOWS\SYSTEM\RPCSS.EX
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCA
C:\WINDOWS\IEUU.EXE
C:\WINDOWS\SYSTEM\WINTA32.
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SDKLZ.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\MFCSP32.EXE
C:\WINDOWS\SYSTEM\LEXPPS.E
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\CRVT32.E
C:\WINDOWS\ATLLK.EXE
C:\WINDOWS\ATLFP.EXE
C:\WINDOWS\SYSTEM\WINNF32.
C:\WINDOWS\CRYN32.EXE
C:\WINDOWS\SYSTEM\ADDXB.EX
C:\WINDOWS\SYSTEM\WINGQ32.
C:\WINDOWS\SYSTEM\IPUU.EXE
C:\WINDOWS\MFCUN.EXE
C:\WINDOWS\SYSTEM\SYSND32.
C:\WINDOWS\SYSTEM\NTFJ32.E
C:\WINDOWS\SYSTEM\ADDRV.EX
C:\WINDOWS\D3BT.EXE
C:\WINDOWS\SYSTEM\SYSCJ.EX
C:\WINDOWS\NTUP32.EXE
C:\WINDOWS\CRRJ32.EXE
C:\WINDOWS\SDKAK32.EXE
C:\WINDOWS\MSFO.EXE
C:\WINDOWS\WINCB32.EXE
C:\WINDOWS\CRES32.EXE
C:\WINDOWS\WINRI.EXE
C:\WINDOWS\NTDK32.EXE
C:\WINDOWS\SYSTEM\SDKCM.EX
C:\WINDOWS\SYSTEM\MSBH32.E
C:\WINDOWS\D3IE.EXE
C:\WINDOWS\MFCZE.EXE
C:\WINDOWS\NTGY.EXE
C:\WINDOWS\SYSTEM\WINQS32.
C:\WINDOWS\SYSTEM\CRCG.EXE
C:\WINDOWS\SYSTEM\ATLUY32.
C:\WINDOWS\SYSTEM\SDKBC32.
C:\WINDOWS\SYSTEM\APIPI.EX
C:\MY DOCUMENTS\MATT'S DOCUMENTS\GENEALOGY\HIJACK
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {EC5F4B05-E9D7-4907-A0CD-D
O2 - BHO: (no name) - {388C35E4-4B37-F24C-BB6E-8
O2 - BHO: (no name) - {938EDA73-B848-25BB-A986-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Suppor
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptez
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECT
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evnts
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IPYQ.EXE] C:\WINDOWS\SYSTEM\IPYQ.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PER
O4 - HKLM\..\Run: [SDKJD.EXE] C:\WINDOWS\SYSTEM\SDKJD.EX
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [MFCQF32.EXE] C:\WINDOWS\SYSTEM\MFCQF32.
O4 - HKLM\..\RunServices: [SYSIW.EXE] C:\WINDOWS\SYSTEM\SYSIW.EX
O4 - HKLM\..\RunServices: [CRNC.EXE] C:\WINDOWS\CRNC.EXE
O4 - HKLM\..\RunServices: [NTOS.EXE] C:\WINDOWS\NTOS.EXE
O4 - HKLM\..\RunServices: [MFCSW.EXE] C:\WINDOWS\MFCSW.EXE
O4 - HKLM\..\RunServices: [NTPN.EXE] C:\WINDOWS\NTPN.EXE
O4 - HKLM\..\RunServices: [WINNB.EXE] C:\WINDOWS\SYSTEM\WINNB.EX
O4 - HKLM\..\RunServices: [SDKPI32.EXE] C:\WINDOWS\SDKPI32.EXE
O4 - HKLM\..\RunServices: [CRPQ.EXE] C:\WINDOWS\CRPQ.EXE
O4 - HKLM\..\RunServices: [MSKI.EXE] C:\WINDOWS\SYSTEM\MSKI.EXE
O4 - HKLM\..\RunServices: [CRGW32.EXE] C:\WINDOWS\SYSTEM\CRGW32.E
O4 - HKLM\..\RunServices: [IPKC32.EXE] C:\WINDOWS\IPKC32.EXE
O4 - HKLM\..\RunServices: [SDKAJ.EXE] C:\WINDOWS\SDKAJ.EXE
O4 - HKLM\..\RunServices: [CRHU.EXE] C:\WINDOWS\CRHU.EXE
O4 - HKLM\..\RunServices: [SYSBN32.EXE] C:\WINDOWS\SYSTEM\SYSBN32.
O4 - HKLM\..\RunServices: [IEBP.EXE] C:\WINDOWS\IEBP.EXE
O4 - HKLM\..\RunServices: [D3FZ.EXE] C:\WINDOWS\SYSTEM\D3FZ.EXE
O4 - HKLM\..\RunServices: [JAVABO.EXE] C:\WINDOWS\JAVABO.EXE
O4 - HKLM\..\RunServices: [SDKZC32.EXE] C:\WINDOWS\SYSTEM\SDKZC32.
O4 - HKLM\..\RunServices: [ATLPI.EXE] C:\WINDOWS\SYSTEM\ATLPI.EX
O4 - HKLM\..\RunServices: [IPSG32.EXE] C:\WINDOWS\SYSTEM\IPSG32.E
O4 - HKLM\..\RunServices: [ATLRS.EXE] C:\WINDOWS\SYSTEM\ATLRS.EX
O4 - HKLM\..\RunServices: [IEUU.EXE] C:\WINDOWS\IEUU.EXE
O4 - HKLM\..\RunServices: [WINTA32.EXE] C:\WINDOWS\SYSTEM\WINTA32.
O4 - HKLM\..\RunServices: [SDKLZ.EXE] C:\WINDOWS\SDKLZ.EXE
O4 - HKLM\..\RunServices: [MFCSP32.EXE] C:\WINDOWS\MFCSP32.EXE
O4 - HKLM\..\RunServices: [CRVT32.EXE] C:\WINDOWS\SYSTEM\CRVT32.E
O4 - HKLM\..\RunServices: [ATLLK.EXE] C:\WINDOWS\ATLLK.EXE
O4 - HKLM\..\RunServices: [ATLFP.EXE] C:\WINDOWS\ATLFP.EXE
O4 - HKLM\..\RunServices: [WINNF32.EXE] C:\WINDOWS\SYSTEM\WINNF32.
O4 - HKLM\..\RunServices: [WINGQ32.EXE] C:\WINDOWS\SYSTEM\WINGQ32.
O4 - HKLM\..\RunServices: [CRYN32.EXE] C:\WINDOWS\CRYN32.EXE
O4 - HKLM\..\RunServices: [ADDXB.EXE] C:\WINDOWS\SYSTEM\ADDXB.EX
O4 - HKLM\..\RunServices: [MFCUN.EXE] C:\WINDOWS\MFCUN.EXE
O4 - HKLM\..\RunServices: [IPUU.EXE] C:\WINDOWS\SYSTEM\IPUU.EXE
O4 - HKLM\..\RunServices: [SYSND32.EXE] C:\WINDOWS\SYSTEM\SYSND32.
O4 - HKLM\..\RunServices: [ADDRV.EXE] C:\WINDOWS\SYSTEM\ADDRV.EX
O4 - HKLM\..\RunServices: [NTFJ32.EXE] C:\WINDOWS\SYSTEM\NTFJ32.E
O4 - HKLM\..\RunServices: [D3BT.EXE] C:\WINDOWS\D3BT.EXE
O4 - HKLM\..\RunServices: [NTUP32.EXE] C:\WINDOWS\NTUP32.EXE
O4 - HKLM\..\RunServices: [SYSCJ.EXE] C:\WINDOWS\SYSTEM\SYSCJ.EX
O4 - HKLM\..\RunServices: [CRRJ32.EXE] C:\WINDOWS\CRRJ32.EXE
O4 - HKLM\..\RunServices: [SDKAK32.EXE] C:\WINDOWS\SDKAK32.EXE
O4 - HKLM\..\RunServices: [MSFO.EXE] C:\WINDOWS\MSFO.EXE
O4 - HKLM\..\RunServices: [WINCB32.EXE] C:\WINDOWS\WINCB32.EXE
O4 - HKLM\..\RunServices: [CRES32.EXE] C:\WINDOWS\CRES32.EXE
O4 - HKLM\..\RunServices: [WINRI.EXE] C:\WINDOWS\WINRI.EXE
O4 - HKLM\..\RunServices: [D3IE.EXE] C:\WINDOWS\D3IE.EXE
O4 - HKLM\..\RunServices: [NTDK32.EXE] C:\WINDOWS\NTDK32.EXE
O4 - HKLM\..\RunServices: [SDKCM.EXE] C:\WINDOWS\SYSTEM\SDKCM.EX
O4 - HKLM\..\RunServices: [MSBH32.EXE] C:\WINDOWS\SYSTEM\MSBH32.E
O4 - HKLM\..\RunServices: [MFCZE.EXE] C:\WINDOWS\MFCZE.EXE
O4 - HKLM\..\RunServices: [NTGY.EXE] C:\WINDOWS\NTGY.EXE
O4 - HKLM\..\RunServices: [CRCG.EXE] C:\WINDOWS\SYSTEM\CRCG.EXE
O4 - HKLM\..\RunServices: [WINQS32.EXE] C:\WINDOWS\SYSTEM\WINQS32.
O4 - HKLM\..\RunServices: [ATLUY32.EXE] C:\WINDOWS\SYSTEM\ATLUY32.
O4 - HKLM\..\RunServices: [SDKBC32.EXE] C:\WINDOWS\SYSTEM\SDKBC32.
O4 - HKLM\..\RunServices: [APIPI.EXE] C:\WINDOWS\SYSTEM\APIPI.EX
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msms
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicato
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATO
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGI
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i recommend you download avast antivirus www.avast.com its powerful free customizable and uses low resources, also look for spybot 1.3 at download.com or anywhere you wish to. These programs protect my pc and im veryu satisfied with the results
Lavasoft Ad-Aware http://www.lavasoftusa.com/software/adaware/
Spybot S&D http://www.safer-networking.org/en/download/index.html
AVG Free http://free.grisoft.com/freeweb.php/doc/2/
Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html
Spyware Guard http://www.javacoolsoftware.com/spywareguard.html
These are all programs that can be used by the average computer user
without difficulty, and without undesired results.
Lavasoft Ad-Aware will clean up alot of spyware infections.
Spybot S&D will clean up alot of spyware infections.
between these two programs, most of the nasties can be safely removed
without damaging other programs.
AVG Free Antivirus is an Excellent Antivirus, especially since it is
free. (found a nasty trojan that was giving me Fits for a week)
Spyware Blaster is a program that you only have to run weekly, the
settings and changes it makes are static, and you don't need to keep it
running for it's protection to work.
It has a large database of Identified, and known spyware/malware/activeX
controls. It instructs windows and IE, Firefox, and mozilla browsers not
to install or run any of these nasties.
Spyware Guard is like your Antivirus, but for spyware, it is a resident
and is always running, if it encounters something that should not be
downloaded, by default it will popup a dialog box and ask for
instruction.
these last two, will help keep your system running smoothly.
lastly, make sure you do not run TWO antivirus programs at the same time.
it can result in conflicts, and leaving your system wide open to attack
and infection. (Spyware Guard is not an Anti-Virus and can be run side by
side with anti-virus without conflicts)
also in Spybot S&D there is a resident program called tea-timer. it
monitors your registry entries and notifies you of changes made to your
registry.
If all else fails and you do have an infection, then get a copy of Hijack
This. HiJack this is an Advanced Diagnostic tool. not everything it finds
should be fixed. if you fix the wrong entry, it can make your system
unstable, and even cause some programs to not function. if you must
resort to using Hijack This, be sure to consult an expert about your log
before you fix anything.
you can find it here.
http://www.bleepingcomputer.com/files/hijackthis.php
I personally recommend the folks at Tom Coyote Forums found here,
http://www.tomcoyote.com
but there are many forums where volunteers help you get control of your
system back.
Spybot S&D http://www.safer-networking.org/en/download/index.html
AVG Free http://free.grisoft.com/freeweb.php/doc/2/
Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html
Spyware Guard http://www.javacoolsoftware.com/spywareguard.html
These are all programs that can be used by the average computer user
without difficulty, and without undesired results.
Lavasoft Ad-Aware will clean up alot of spyware infections.
Spybot S&D will clean up alot of spyware infections.
between these two programs, most of the nasties can be safely removed
without damaging other programs.
AVG Free Antivirus is an Excellent Antivirus, especially since it is
free. (found a nasty trojan that was giving me Fits for a week)
Spyware Blaster is a program that you only have to run weekly, the
settings and changes it makes are static, and you don't need to keep it
running for it's protection to work.
It has a large database of Identified, and known spyware/malware/activeX
controls. It instructs windows and IE, Firefox, and mozilla browsers not
to install or run any of these nasties.
Spyware Guard is like your Antivirus, but for spyware, it is a resident
and is always running, if it encounters something that should not be
downloaded, by default it will popup a dialog box and ask for
instruction.
these last two, will help keep your system running smoothly.
lastly, make sure you do not run TWO antivirus programs at the same time.
it can result in conflicts, and leaving your system wide open to attack
and infection. (Spyware Guard is not an Anti-Virus and can be run side by
side with anti-virus without conflicts)
also in Spybot S&D there is a resident program called tea-timer. it
monitors your registry entries and notifies you of changes made to your
registry.
If all else fails and you do have an infection, then get a copy of Hijack
This. HiJack this is an Advanced Diagnostic tool. not everything it finds
should be fixed. if you fix the wrong entry, it can make your system
unstable, and even cause some programs to not function. if you must
resort to using Hijack This, be sure to consult an expert about your log
before you fix anything.
you can find it here.
http://www.bleepingcomputer.com/files/hijackthis.php
I personally recommend the folks at Tom Coyote Forums found here,
http://www.tomcoyote.com
but there are many forums where volunteers help you get control of your
system back.
all the software which i liked u to install to prevent spyware are quoted above by shuttuc ....
above said things will prevent ur system machine from getting affected ....but still to have more knowledge about what, why and how .....
www.security-forums.com/forum/
www.wilderssecurity.com/index.php
forums.spywareinfo.com
www.spywarewarrior.com/index.php
www.doxdesk.com
above said things will prevent ur system machine from getting affected ....but still to have more knowledge about what, why and how .....
www.security-forums.com/forum/
www.wilderssecurity.com/index.php
forums.spywareinfo.com
www.spywarewarrior.com/index.php
www.doxdesk.com
ASKER
Here is my updated Hijack this log after accepting the advice from SheharyaarSaahil. Most of the problems have been fixed however, I have two stubborn files which I cannot get rid of. Please let me know if these are dangerous and if there is a simple way to get rid of them.
C:\windows\system\pelmiced .exe
c:\IBMtools\APTEZBTN\APTEZ BP.exe
Logfile of HijackThis v1.98.2
Scan saved at 4:55:44 PM, on 9/26/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32 .DLL
C:\WINDOWS\SYSTEM\MSGSRV32 .EXE
C:\WINDOWS\SYSTEM\mmtask.t sk
C:\WINDOWS\SYSTEM\MPREXE.E XE
C:\WINDOWS\SYSTEM\MSTASK.E XE
C:\WINDOWS\SYSTEM\SSDPSRV. EXE
C:\WINDOWS\SYSTEM\STIMON.E XE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\RESTORE\ STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY. EXE
C:\WINDOWS\SYSTEM\PELMICED .EXE
C:\IBMTOOLS\APTEZBTN\APTEZ BP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E XE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIR ECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTS VC.EXE
C:\WINDOWS\SYSTEM\LEXBCES. EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EX E
C:\WINDOWS\SYSTEM\RPCSS.EX E
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCA GENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\LEXPPS.E XE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32. EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.E XE
C:\WINDOWS\SYSTEM\TAPISRV. EXE
C:\MY DOCUMENTS\MATT'S DOCUMENTS\GENEALOGY\HIJACK THIS.EXE
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\SYSTEM\MSDXM.OC X
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Suppor t\PCHSchd. exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw rScheme
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE .EXE -N
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptez bp.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECT CD\DIRECTC D.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evnts vc.exe -osboot
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGE NT\mcagent .exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGE NT\MCUPDAT E.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PER SON~1\MPFT RAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw rScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv. exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\ StateMgr.e xe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E XE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msms gs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\SYSTEM\Shdocvw. dll
O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicato r\Program\ PLUGINS\NP SWF32.dll
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATO R\PROGRAM\ PLUGINS\np dsplay.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGI NS\npqtplu gin.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5 A1EDB1D8A2 1} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
C:\windows\system\pelmiced
c:\IBMtools\APTEZBTN\APTEZ
Logfile of HijackThis v1.98.2
Scan saved at 4:55:44 PM, on 9/26/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\MSTASK.E
C:\WINDOWS\SYSTEM\SSDPSRV.
C:\WINDOWS\SYSTEM\STIMON.E
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\RESTORE\
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\WINDOWS\SYSTEM\PELMICED
C:\IBMTOOLS\APTEZBTN\APTEZ
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIR
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTS
C:\WINDOWS\SYSTEM\LEXBCES.
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EX
C:\WINDOWS\SYSTEM\RPCSS.EX
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCA
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\LEXPPS.E
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.E
C:\WINDOWS\SYSTEM\TAPISRV.
C:\MY DOCUMENTS\MATT'S DOCUMENTS\GENEALOGY\HIJACK
R1 - HKLM\Software\Microsoft\In
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Suppor
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptez
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECT
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evnts
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msms
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicato
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATO
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGI
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
NO, those are not dangerous processes, they are related to ur IBM system :)
C:\windows\system\pelmiced .exe >> http://www.liutilities.com/products/wintaskspro/processlibrary/pelmiced/
ur LOG is also looking clean now,,,,, still having any other problem ?? :)
C:\windows\system\pelmiced
ur LOG is also looking clean now,,,,, still having any other problem ?? :)