Solved

A few stubborn spyware? programs that I cannot seem to get rid of.

Posted on 2004-09-26
2
935 Views
Last Modified: 2013-12-04
Here is my  Hijack this log.   After cleaning up most of the spyware on my computer There are a few stubborn programs that I can not seem to get rid of.  
They are the following.  Are these programs harmful and is there an easy way to get rid of them?  After reviewing my hijack this log, are there any other programs than i need to be leary of?  I am a little new to the point system so please let me know if the point level seems out of whack.

Thanks for your help.

C:\windows\system\pelmiced.exe
c:\IBMtools\APTEZBTN\APTEZBP.exe

Logfile of HijackThis v1.98.2
Scan saved at 4:55:44 PM, on 9/26/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\MATT'S DOCUMENTS\GENEALOGY\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .SWF: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab

0
Comment
Question by:Matthewerb
2 Comments
 
LVL 12

Assisted Solution

by:rossfingal
rossfingal earned 150 total points
ID: 12157125
Hi!

These programs are not harmful:

C:\windows\system\pelmiced.exe
c:\IBMtools\APTEZBTN\APTEZBP.exe

They're both from IBM - the first one is for scroll wheel functionality for mice -
here's some info on the second:
http://www.answersthatwork.com/Tasklist_pages/tasklist_a.htm

Regards
RF
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 150 total points
ID: 12157883
right they are both Normal and valid processes if u are using any IBM device :)
some more info.

pelmiced.exe >> http://www.liutilities.com/products/wintaskspro/processlibrary/pelmiced/
APTEZBP.exe >> http://www.windowsstartup.com/wso/detail.php?id=116

ur LOG also looks clean to me,,,,, do u still have any problem on ur system ??
and from next time,,, if u want to analyse ur Log, u can use this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, and will tell u that what are Nasty and Safe entries, so u can deal with the log urself :)

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IE Plugin Issue 4 88
default domain policy in AD exemptions 3 90
Risks of using Camtasia Studio 9 138
Email attachment when clicked erased Inbox : what to advise customer 3 54
Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question