I have had Adware, Spybot S&D, eTrust AV, ZoneAlarm all loaded and running frequently on the laptop and something similar on the desktop for over a year. When the Microsoft AntiSpyware was released, I installed it as well. I would like to get the laptop working better if possible first.
I reinstalled Adware as noted in the "start here" document and ran everything mentioned. I installed Ewido and ran it, but have now deleted it as I already have eTrust and do not want them to conflict. All of the programs ran and the only things they found were cookies and one registry edit that it wanted to remove.
Windows is updated automatically every time they release an update. I let it do what it wants to do. In an effort to keep my system usable, I have installed a process explorer from sysinternals so that I can set the priority of services.exe to 4 so that I can sort of continue to work while it steals all of my clock time.
Cheers,
-Dennis
Hijack this file follows:
Logfile of HijackThis v1.99.1
Scan saved at 2:51:08 PM, on 19/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\hpzstatn.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe
C:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\CA_LIC\LogWatNT.exe
C:\WINNT\System32\tcpsvcs.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Nokia\Nokia PC Suite 4\Pcsync.exe
C:\Program Files\Compaq Wireless LAN\Client Manager\CMCOM.EXE
C:\Program Files\HoverSnap\HoverSnap.exe
C:\Program Files\IMsecure\IMsecure.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\MeteorSoft\Meteor FTP\Meteor.exe
C:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\United Devices\UD.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\United Devices\ud_7657531.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\Documents and Settings\Dennis\Desktop\Installed Programs\procexp.exe
C:\Documents and Settings\Dennis\Desktop\New Folder\6_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.canoe.ca/"); (C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\h6o4yanw.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dennis\Application Data\Mozilla\Profiles\default\h6o4yanw.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust\INOCUL~1\realmon.exe -s
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "c:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - Startup: Compaq Client Manager.lnk = C:\Program Files\Compaq Wireless LAN\Client Manager\CMCOM.EXE
O4 - Startup: HoverSnap.exe.lnk = C:\Program Files\HoverSnap\HoverSnap.exe
O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe
O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
O4 - Startup: Meteor FTP.lnk = C:\Program Files\MeteorSoft\Meteor FTP\Meteor.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Startup: Yahoo! Messenger.lnk = C:\Program Files\Yahoo!\Messenger\YPager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Nokia PC Sync.lnk = C:\Program Files\Nokia\Nokia PC Suite 4\Pcsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\PrivacyKeeper.exe (HKCU)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\PrivacyKeeper.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {DCE3340D-3568-4883-8B15-F6E296BC9445} (NCSVersion Class) - http://iws.library.u...plugins/ncs.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{134720BF-28C0-4498-9910-1BA4CA8B75DF}: NameServer = 207.181.101.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{134720BF-28C0-4498-9910-1BA4CA8B75DF}: NameServer = 207.181.101.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{134720BF-28C0-4498-9910-1BA4CA8B75DF}: NameServer = 207.181.101.4
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\CA_LIC\lic98rmtd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\WINNT\system32\spool\drivers\w32x86\hpzstatn.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\CA_LIC\LogWatNT.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
Edited by dnnslbrwn, 19 September 2005 - 01:24 PM.
Sign In
Create Account
