1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Funny stuff again. Can anyone help?

Discussion in 'Virus & Other Malware Removal' started by wolter, Sep 3, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. wolter

    wolter Thread Starter

    Joined:
    Jul 22, 2004
    Messages:
    5
    I thought i was clear, but now funny stuff seems to be happening again. I removed some of it with virus scan, but think there is more: Hereunder my hijackthis log of today. Please help. Thank you, Wolter

    Logfile of HijackThis v1.98.0
    Scan saved at 20:30:51, on 3-9-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\WMonitor\WLanCfgAB.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\System32\tp4serv.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\WINDOWS\jawa32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\JVLNET\extreme.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Daily Log 2.0\DailyLog.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\user\My Documents\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jvlnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\JVLNET\PBHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\nl\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\nl\msntb.dll
    O4 - HKLM\..\Run: [WLanCfgAB.exe] C:\Program Files\WMonitor\WLanCfgAB.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.5.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\Run: [zowleiiumsqd] C:\WINDOWS\System32\zlbmjay.exe
    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\nl\msnappau.exe"
    O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
    O4 - Global Startup: JVLNET Extreme.lnk = C:\Program Files\JVLNET\extreme.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - file://C:\PROGRA~1\ThinkPad\ACCESS~1\Agent\common\install\sprt\tgctlar.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - file://C:\PROGRA~1\ThinkPad\ACCESS~1\Agent\common\install\ibmegath.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
     
  2. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
  3. wolter

    wolter Thread Starter

    Joined:
    Jul 22, 2004
    Messages:
    5
    Thanks for your immediate response. Hereunder is an updated log. Thanks in advance. Wolter

    Logfile of HijackThis v1.98.2
    Scan saved at 20:24:07, on 4-9-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\WMonitor\WLanCfgAB.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\System32\tp4serv.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\WINDOWS\jawa32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\JVLNET\extreme.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Daily Log 2.0\DailyLog.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\My Documents\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jvlnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
    R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\JVLNET\PBHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\nl\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\nl\msntb.dll
    O4 - HKLM\..\Run: [WLanCfgAB.exe] C:\Program Files\WMonitor\WLanCfgAB.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.5.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\Run: [zowleiiumsqd] C:\WINDOWS\System32\zlbmjay.exe
    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\nl\msnappau.exe"
    O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
    O4 - Global Startup: JVLNET Extreme.lnk = C:\Program Files\JVLNET\extreme.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\JVLNET\extreme.exe/250
    O8 - Extra context menu item: Show Original Image - res://C:\Program Files\JVLNET\extreme.exe/227
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - file://C:\PROGRA~1\ThinkPad\ACCESS~1\Agent\common\install\sprt\tgctlar.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - file://C:\PROGRA~1\ThinkPad\ACCESS~1\Agent\common\install\ibmegath.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF924D45-1425-43D9-A5CB-203D3FC62490}: NameServer = 156.46.57.10 156.46.57.20
     
  4. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Rescan once again with hijack then insert a check next to each of the following, close all browser windows and click "fix checked"

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

    R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll

    O2 - BHO: (no name) - SOFTWARE - (no file)

    O4 - HKLM\..\Run: [zowleiiumsqd] C:\WINDOWS\System32\zlbmjay.exe

    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe

    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O
    4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

    O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe

    O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe


    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab



    Then reboot into safe mode http://dotcomsecurity.org/forums/index.php?showtopic=55


    open windows explorer, find then delete:
    C:\WINDOWS\jawa32.exe
    C:\WINDOWS\System32\zlbmjay.exe
    C:\WINDOWS\System32\automove.exe
    C:\Program Files\Common Files\WinTools
    C:\WINDOWS\aqadcup.exe

    Then reboot, rescan with hijack and post an updated logfile.
     
  5. wolter

    wolter Thread Starter

    Joined:
    Jul 22, 2004
    Messages:
    5
    Thanks for your help. I executed the actions you suggested and hereunder is a new log. Thanks again. Wolter

    Logfile of HijackThis v1.98.2
    Scan saved at 13:53:22, on 5-9-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WMonitor\WLanCfgAB.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\System32\tp4serv.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\JVLNET\extreme.exe
    C:\Documents and Settings\user\My Documents\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jvlnet.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\JVLNET\PBHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\nl\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\nl\msntb.dll
    O4 - HKLM\..\Run: [WLanCfgAB.exe] C:\Program Files\WMonitor\WLanCfgAB.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.5.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\nl\msnappau.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: JVLNET Extreme.lnk = C:\Program Files\JVLNET\extreme.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - file://C:\PROGRA~1\ThinkPad\ACCESS~1\Agent\common\install\sprt\tgctlar.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - file://C:\PROGRA~1\ThinkPad\ACCESS~1\Agent\common\install\ibmegath.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269911

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice