Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

vx2 problems


  • Please log in to reply

#1
stageman

stageman

    New Member

  • Member
  • Pip
  • 4 posts
Any help on this would be appreciated.

Logfile of HijackThis v1.99.0
Scan saved at 10:53:07 AM, on 12/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\starter.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\hjt\HijackThis.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: hhniut.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dom.duhs.duke.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dom.duhs.duke.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dom.duhs.duke.edu
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BES Client - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

and the next log:
Find.bat is running from: C:\Documents and Settings\Administrator\My Documents\hjt\findit\Find It NT-2K-XP

------- System Files in System32 Directory -------
Volume in drive C has no label.
Volume Serial Number is 4467-C2F3

Directory of C:\WINNT\System32

12/28/2004 04:58a 224,371 oxbcint.dll
12/28/2004 04:58a 226,257 s688lglu16q8.dll
12/28/2004 04:33a 224,371 fpn2035oe.dll
12/28/2004 03:52a 224,985 jt6s07j7e.dll
12/28/2004 03:34a 224,371 fYxt30.dll
12/28/2004 03:28a 225,966 irrql5951.dll
12/27/2004 11:31p 224,546 dp16gt.dLL
12/27/2004 04:18p 225,460 midtcprx.dll
12/27/2004 01:12p 224,198 mphcp.dll
12/27/2004 12:22p 225,460 dyband.dll
12/15/2004 12:23a 224,198 ktp0l77m1.dll
12/08/2004 04:39p 224,198 IRROP.DLL
12/08/2004 04:39p 225,628 j0l4la3q1d.dll
12/07/2004 10:50p 224,198 k662lgjo16oc.dll
12/06/2004 11:20p 224,198 dnn8015ue.dll
12/06/2004 08:23p 224,198 czc.dll
12/06/2004 08:01p 224,198 n0n6la5s1d.dll
12/06/2004 07:12a 224,198 ktn0l75m1.dll
12/05/2004 11:26p 225,321 gp08l3du1.dll
12/05/2004 12:30p 224,610 en24l1fq1.dll
12/04/2004 11:26p 225,494 dnpm0171e.dll
12/04/2004 06:35p 225,728 hr0405dqe.dll
12/03/2004 12:47a 224,061 lv2809fue.dll
23 File(s) 5,170,213 bytes
0 Dir(s) 32,975,179,776 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 4467-C2F3

Directory of C:\WINNT\System32

06/04/2004 07:24a <DIR> GroupPolicy
06/03/2004 11:48a 21,692 folder.htt
06/03/2004 11:48a 271 desktop.ini
2 File(s) 21,963 bytes
1 Dir(s) 32,975,179,776 bytes free

---------- Files Named "Guard" -------------

Volume in drive C has no label.
Volume Serial Number is 4467-C2F3

Directory of C:\WINNT\System32


--------- Temp Files in System32 Directory --------

Volume in drive C has no label.
Volume Serial Number is 4467-C2F3

Directory of C:\WINNT\System32

12/07/1999 07:00a 2,577 CONFIG.TMP
1 File(s) 2,577 bytes
0 Dir(s) 32,975,175,680 bytes free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34D55A66-08FF-40FC-ABBC-BF65F07ED51A}"=""


------------ Keys Under Notify ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\fpn2035oe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


------------------ Locate.com Results ------------------

C:\WINNT\SYSTEM32\
czc.dll Mon Dec 6 2004 8:23:24p ..S.R 224,198 218.94 K
dnn801~1.dll Mon Dec 6 2004 11:20:26p ..S.R 224,198 218.94 K
dnpm01~1.dll Sat Dec 4 2004 11:26:40p ..S.R 225,494 220.21 K
dp16gt.dll Mon Dec 27 2004 11:31:50p ..S.R 224,546 219.28 K
dyband.dll Mon Dec 27 2004 12:22:34p ..S.R 225,460 220.18 K
en24l1~1.dll Sun Dec 5 2004 12:30:42p ..S.R 224,610 219.34 K
fpn203~1.dll Tue Dec 28 2004 4:33:14a ..S.R 224,371 219.11 K
fyxt30.dll Tue Dec 28 2004 3:34:52a ..S.R 224,371 219.11 K
gp08l3~1.dll Sun Dec 5 2004 11:26:26p ..S.R 225,321 220.04 K
hr0405~1.dll Sat Dec 4 2004 6:35:20p ..S.R 225,728 220.44 K
irrop.dll Wed Dec 8 2004 4:39:46p ..S.R 224,198 218.94 K
irrql5~1.dll Tue Dec 28 2004 3:28:10a ..S.R 225,966 220.67 K
j0l4la~1.dll Wed Dec 8 2004 4:39:46p ..S.R 225,628 220.34 K
jt6s07~1.dll Tue Dec 28 2004 3:52:50a ..S.R 224,985 219.71 K
k662lg~1.dll Tue Dec 7 2004 10:50:56p ..S.R 224,198 218.94 K
ktn0l7~1.dll Mon Dec 6 2004 7:12:38a ..S.R 224,198 218.94 K
ktp0l7~1.dll Wed Dec 15 2004 12:23:50a ..S.R 224,198 218.94 K
lv2809~1.dll Fri Dec 3 2004 12:47:08a ..S.R 224,061 218.81 K
midtcprx.dll Mon Dec 27 2004 4:18:10p ..S.R 225,460 220.18 K
mphcp.dll Mon Dec 27 2004 1:12:40p ..S.R 224,198 218.94 K
n0n6la~1.dll Mon Dec 6 2004 8:01:44p ..S.R 224,198 218.94 K
oxbcint.dll Tue Dec 28 2004 4:58:40a ..S.R 224,371 219.11 K
s688lg~1.dll Tue Dec 28 2004 4:58:40a ..S.R 226,257 220.95 K

23 items found: 23 files, 0 directories.
Total of file sizes: 5,170,213 bytes 4.93 M

------------ Strings.exe Qoologic Results ------------

C:\WINNT\system32\ccpqwo.dll: updates.qoologic.com
C:\WINNT\system32\eeanop.dll: updates.qoologic.com
C:\WINNT\system32\hhqazw.exe: updates.qoologic.com

-------------- Strings.exe Aspack Results -------------

C:\WINNT\system32\ppvkab.dat: .aspack
C:\WINNT\system32\wwkcir.exe: .aspack
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\hhniut.exe: .aspack

----------------- HKLM Run Key ------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\""
"EnsoniqMixer"="C:\\WINNT\\system32\\starter.exe"
"AtiPTA"="atiptaxx.exe"
"NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck"
"Narrator"="C:\\WINNT\\system32\\wwkcir.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

Ive tried all sorts of stuff, even buying Adaware. Still didnt help, but I still love Adaware.
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
I'm working on it. Be right back,

Pieter
  • 0

#3
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Download and unzip:
http://www.downloads...org/KillBox.zip
Run killbox and paste each of these lines into the box, select delete on reboot then press the red X button, when it says reboot now, say no and continue to paste the lines into the box in turn and follow the above procedure every time, after the last line has been pasted let it reboot.

C:\WINNT\System32\oxbcint.dll
C:\WINNT\System32\s688lglu16q8.dll
C:\WINNT\System32\jt6s07j7e.dll
C:\WINNT\System32\fYxt30.dll
C:\WINNT\System32\irrql5951.dll
C:\WINNT\System32\dp16gt.dLL
C:\WINNT\System32\midtcprx.dll
C:\WINNT\System32\mphcp.dll
C:\WINNT\System32\dyband.dll
C:\WINNT\System32\ktp0l77m1.dll
C:\WINNT\System32\IRROP.DLL
C:\WINNT\System32\j0l4la3q1d.dll
C:\WINNT\System32\k662lgjo16oc.dll
C:\WINNT\System32\dnn8015ue.dll
C:\WINNT\System32\czc.dll
C:\WINNT\System32\n0n6la5s1d.dll
C:\WINNT\System32\ktn0l75m1.dll
C:\WINNT\System32\gp08l3du1.dll
C:\WINNT\System32\en24l1fq1.dll
C:\WINNT\System32\dnpm0171e.dll
C:\WINNT\System32\hr0405dqe.dll
C:\WINNT\System32\lv2809fue.dll
C:\WINNT\\system32\wwkcir.exe
C:\WINNT\System32\guard.tmp
C:\WINNT\system32\fpn2035oe.dll <= save till last

After the reboot copy and paste the text in bold below into a text editor such as Notepad.
Save this text as FixVX2.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
Double-click on FixVX2.reg. When it asks you to merge the information to the registry click Yes.


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34D55A66-08FF-40FC-ABBC-BF65F07ED51A}"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Narrator"=-


Then reboot and post a new HijackThis log.

Regards,

Pieter
  • 0

#4
stageman

stageman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for your guidence. when I rebooted ad watch found a reg file trying to be written. i denyed it. here is the hyjack log.
Logfile of HijackThis v1.99.0
Scan saved at 7:21:35 PM, on 12/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\starter.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\hjt\HijackThis.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [Narrator] C:\WINNT\system32\wwkcir.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: hhniut.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dom.duhs.duke.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dom.duhs.duke.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dom.duhs.duke.edu
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BES Client - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

thanks again.
  • 0

#5
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Good job. :tazz:

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch

O4 - HKLM\..\Run: [Narrator] C:\WINNT\system32\wwkcir.exe

O4 - Global Startup: hhniut.exe

O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <= Unless you are using those O6 entries to prevent another user from changing your settings.

Reboot and check if nothing came back.

Regards,

Pieter

Edited by Metallica, 29 December 2004 - 06:41 AM.

  • 0

#6
stageman

stageman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Pieter, Thanks. All seems well

I am now off to study. I'm gonna learn this stuff soon. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP