followed the suggestions to use all the tools - have done so
(Though I am confused on the Spybot product - does it help the ie leak or hurt it?)
Anyway. I appreciate the assistance. Brion
(Also, an aside, i think i have a bunch of files that my machine does not use anymore - would love to clear the registry of them.)
Logfile of HijackThis v1.99.0
Scan saved at 11:49:58 AM, on 1/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
c:\jetNT\jsdaemon.exe
C:\WINNT\system32\msupd5.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ScsiAccess.EXE
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\windows\bundles\adl_mteststub.exe
C:\WINNT\system32\zxas.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\Documents and Settings\brion.PC-BRION\Application Data\ushe.exe
C:\WINNT\system32\n?pdb.exe
C:\WINNT\system32\cfspolcy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\jetNT\DLLCMD32.EXE
C:\jetNT\JETSTAT.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
c:\jetNT\JSFMAN.EXE
C:\Palm\HOTSYNC.EXE
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seniorjobshop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft IE
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINNT\Helper101.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {89243A65-8CF5-AF03-D168-8F1D826442B2} - C:\WINNT\system32\ihdbuqa.dll
O2 - BHO: (no name) - {93EE2B74-2F52-63AD-547E-48F289BF2EF1} - C:\WINNT\system32\luwdryjq.dll
O2 - BHO: (no name) - {9BD636FA-0AE9-FAF5-76F0-6CD46A68068C} - C:\WINNT\system32\lxxubwro.dll
O2 - BHO: SDWin32 Class - {B60175F9-3220-40A9-8F55-7977F988E1E1} - C:\WINNT\system32\tkblk.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_3.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
O4 - HKLM\..\Run: [zxas] C:\WINNT\system32\zxas.exe
O4 - HKLM\..\Run: [AutoLoadersF5q1NNSXMaX] "C:\WINNT\system32\cmcclu.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"
O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
O4 - HKCU\..\Run: [ChoiceMail] C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
O4 - HKCU\..\Run: [Aatt] C:\Documents and Settings\brion.PC-BRION\Application Data\ushe.exe
O4 - HKCU\..\Run: [Xgal] C:\WINNT\system32\n?pdb.exe
O4 - HKCU\..\Run: [dB56RTc6g] cfspolcy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: DllCmd32.lnk = C:\jetNT\DLLCMD32.EXE
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: HP LaserJet 3100 Status.lnk = C:\jetNT\JETSTAT.EXE
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {626FE447-E830-4F76-A024-41A20EEECF1A} (RyzeAddrCtrl Class) - http://www.ryze.com/RyzeAddr.CAB
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - ftp://adeskftp.autodesk.com/webpub/mapgui...r5/mgaxctrl.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pu...er/isetupML.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.co...oaderSigned.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin...cab/wabctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.cadence.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A75200D-817C-4B69-8D78-D6ED40727D8C}: Domain = simplex.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A75200D-817C-4B69-8D78-D6ED40727D8C}: NameServer = 207.247.82.121,207.247.82.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{49991DB5-A28D-465D-9577-39C7A34B046E}: NameServer = 207.247.82.121,207.247.82.122,207.155.184.72
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = global.cadence.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = global.cadence.com
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetNT\jsdaemon.exe
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINNT\system32\msupd5.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ScsiAccess - Unknown - C:\WINNT\system32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINNT\wanmpsvc.exe