Got another one

  1. 14-12-2004  #1
    mltor
    mltor is offline Newbie

    Got another one

    In Safe mode I:

    Ran Housecall (No Viruses)

    Ran Spybot: found and removed alot of things

    Ran Adaware: found and removed ALOT of things!


    HJT log below



    Code:
    Logfile of HijackThis v1.97.7
Scan saved at 12:04:03 PM, on 12/14/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\AS***ent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
c:\program files\ultravnc\winvnc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
C:\Program Files\Castelle\FaxPress\FaxTray.Exe
C:\Program Files\Castelle\FaxPress\ExCnvt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Scansoft\PaperPort\xdcla.exe
C:\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&gl=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [WinVNC] "c:\program files\ultravnc\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [CstlFaxTray] C:\Program Files\Castelle\FaxPress\FaxTray.Exe /s
O4 - HKLM\..\Run: [FPEXCNVT] C:\Program Files\Castelle\FaxPress\ExCnvt.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: AIM.lnk = EDSISS\pl50.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Image Retriever.lnk = C:\Program Files\Scansoft\PaperPort\xdcla.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...939.5166319444
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup151.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = katzbarron.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = katzbarron.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = katzbarron.local

  3. 14-12-2004  #2
    spud
    spud is offline D-A-L Team Member (UK)
    By using this site, D-A-L.com you agree to be bound by these rules

    DAL Computer Help > Internet Issues Including Security > Spyware, Adware and Viruses
    Got another one
    Welcome, spud.
    You last visited: Today at 04:15 PM
    Private Messages: 0 Unread, Total 99.

    Homepage User CP FAQ Members List Donation Arcade New Posts Search Quick Links Log Out



    Search Forums


    Advanced Search
    Quick Links
    New Posts
    Mark Forums Read
    Open Buddy List
    User Control Panel
    Edit Signature
    Edit Avatar
    Edit Profile
    Edit Options
    Miscellaneous
    Private Messages
    Subscribed Threads
    My Profile
    Who's Online


    Did we help you? Please support us and make a small donation to help keep the site running | Click Here |

    View First Unread Thread Tools Search this Thread Rate Thread Display Modes

    #1 Today, 05:07 PM
    mltor
    Junior Member Join Date: Aug 2004
    Posts: 6

    Got another one

    --------------------------------------------------------------------------------

    In Safe mode I:

    Ran Housecall (No Viruses)

    Ran Spybot: found and removed alot of things

    Ran Adaware: found and removed ALOT of things!


    HJT log below



    Code:
    Logfile of HijackThis v1.97.7
    Scan saved at 12:04:03 PM, on 12/14/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\AS***ent.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINNT\SYSTEM32\DWRCS.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    c:\program files\ultravnc\winvnc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\hkcmd.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09. exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
    C:\Program Files\Castelle\FaxPress\FaxTray.Exe
    C:\Program Files\Castelle\FaxPress\ExCnvt.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Scansoft\PaperPort\xdcla.exe
    C:\Hijack this\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&gl=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
    O4 - HKLM\..\Run: [WinVNC] "c:\program files\ultravnc\winvnc.exe" -servicehelper
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09. exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
    O4 - HKLM\..\Run: [CstlFaxTray] C:\Program Files\Castelle\FaxPress\FaxTray.Exe /s
    O4 - HKLM\..\Run: [FPEXCNVT] C:\Program Files\Castelle\FaxPress\ExCnvt.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - Startup: AIM.lnk = EDSISS\pl50.exe
    O4 - Startup: Microsoft Office Outlook 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    O4 - Global Startup: Image Retriever.lnk = C:\Program Files\Scansoft\PaperPort\xdcla.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeu...ontent/opuc.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7939.5166319444
    O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/downloa...abasetup151.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = katzbarron.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = katzbarron.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = katzbarron.local

    mltor
    View Public Profile
    Challenge mltor in the Arcade
    Send a private message to mltor
    Find all posts by mltor
    Add mltor to Your Buddy List




    « Previous Thread | Next Thread »

    Quick Reply
    Message:



    Options
    Show your signature Quote message in reply?




    Thread Tools
    Show Printable Version
    Email this Page
    Subscribe to this Thread
    Display Modes
    Linear Mode
    Switch to Hybrid Mode
    Switch to Threaded Mode
    Search this Thread


    Advanced Search
    Rate This Thread
    Excellent
    Good
    Average
    Bad
    Terrible

    Did we help you? Please support us and make a small donation to help keep the site running | Click Here |
    Posting Rules
    You may post new threads
    You may post replies
    You may post attachments
    You may edit your posts

    --------------------------------------------------------------------------------

    vB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump
    Please select one User Control Panel Private Messages Subscriptions Who's Online Search Forums Forums Home -------------------- Windows Operating System Issues Windows XP Issues Windows ME Issues Windows 2000 Issues Windows 98/98SE Web Design and Coding Download Website Templates Web Design Help Private Mods Room




    All times are GMT. The time now is 05:36 PM.


    Download Website Templates - PC Directory - DAL Computer Help - Archive - Top


    Powered by: vBulletin Version 3.0.1
    Copyright ©2000 - 2004, Jelsoft Enterprises Ltd.
    Copyright 2004 D-A-L.com
  4. 14-12-2004  #3
    spud
    spud is offline D-A-L Team Member (UK)
    please update your high jack this then re run adaware and spybot then post a fresh log please
  5. 14-12-2004  #4
    mltor
    mltor is offline Newbie
    NEW HJT log


    Logfile of HijackThis v1.98.2
    Scan saved at 1:36:21 PM, on 12/14/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\AS***ent.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINNT\SYSTEM32\DWRCS.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    c:\program files\ultravnc\winvnc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\hkcmd.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09. exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
    C:\Program Files\Castelle\FaxPress\FaxTray.Exe
    C:\Program Files\Castelle\FaxPress\ExCnvt.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Scansoft\PaperPort\xdcla.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\VNC Admin Console\vncac.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trillian\trillian.exe
    C:\Documents and Settings\mlt.KBSFDOM\Desktop\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&gl=
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
    O4 - HKLM\..\Run: [WinVNC] "c:\program files\ultravnc\winvnc.exe" -servicehelper
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09. exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
    O4 - HKLM\..\Run: [CstlFaxTray] C:\Program Files\Castelle\FaxPress\FaxTray.Exe /s
    O4 - HKLM\..\Run: [FPEXCNVT] C:\Program Files\Castelle\FaxPress\ExCnvt.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - Startup: AIM.lnk = EDSISS\pl50.exe
    O4 - Startup: Microsoft Office Outlook 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    O4 - Global Startup: Image Retriever.lnk = C:\Program Files\Scansoft\PaperPort\xdcla.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) -
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup151.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = katzbarron.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = katzbarron.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = katzbarron.local
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
  6. 15-12-2004  #5
    mltor
    mltor is offline Newbie
    **bump**
  7. 16-12-2004  #6
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Even newer Hijack This. Update from http://hjt.isecureit.co.uk and then post a fresh log.
+ Reply to Thread
« HijackThis 1.99 | Help please - had some virus, blank desktop »