Popup Problems - HJT Log Attached

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Bogdenyvitch

Thread Starter
Joined
Jul 13, 2004
Messages
18
Hi Guys,

Any help would be appreciated. I am having trouble with random pop up in internet explorer, I've ran Adaware but it does not detect anything even with the latest defns. I believe the farmmext.exe process is the culprit but can't get rid of it. Below is my Hijack This Log.

Once again thanks in advance.

Bogdenyvitch.

Logfile of HijackThis v1.97.7
Scan saved at 08:55:05, on 31/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Siemens\Common\Ace\bin\CCAgent.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\sim9sync.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
c:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
C:\Siemens\Common\s7wnrmsx\s7wnrmsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thkeys.exe
C:\Program Files\Toshiba\Toshiba Applet\tme3srv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Siemens\Common\ACE\bin\CCEServer.exe
C:\WINDOWS\System32\ALMXPMGR.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\uhnjoh.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\_koss.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
C:\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmgx.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Siemens\Common\Sqlany\dbsrv7.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijack_This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snakenet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snakenet.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,ALMXPMGR.EXE
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BFIL] C:\WINDOWS\BFIL.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vvhuuutxzqgsl] C:\WINDOWS\System32\uhnjoh.exe
O4 - HKLM\..\Run: [cbwx] C:\WINDOWS\cbwx.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Kill_Old_SimaticNet_Setup] C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\_koss
O4 - HKLM\..\Run: [simpcmon] C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKCU\..\Run: [DivX Updater] C:\WINNT\System32\DivX.Exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MsgPlus.exe.lnk = C:\Program Files\Messenger Plus! 3\MsgPlus.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Station Configurator.lnk = C:\Siemens\Common\s7wnsmsx\s7wnsmgx.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/Bridge-c106.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1044_pack_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1001958.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8400F2-C848-4379-989F-DF2ED39040BE} (Eyeball Instant Messaging Control) - http://www.rsvp.com.au/chat/RSVPChat.cab
 

Bogdenyvitch

Thread Starter
Joined
Jul 13, 2004
Messages
18
Thanks. New log posted below:

Logfile of HijackThis v1.99.0
Scan saved at 09:16:53, on 31/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Siemens\Common\Ace\bin\CCAgent.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\sim9sync.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
c:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
C:\Siemens\Common\s7wnrmsx\s7wnrmsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thkeys.exe
C:\Program Files\Toshiba\Toshiba Applet\tme3srv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Siemens\Common\ACE\bin\CCEServer.exe
C:\WINDOWS\System32\ALMXPMGR.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\uhnjoh.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\_koss.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
C:\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmgx.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Siemens\Common\Sqlany\dbsrv7.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Siemens\Step7\s7bin\S7tgtopx.exe
C:\WINDOWS\System32\S7OTBXSX.EXE
C:\Hijack_This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snakenet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snakenet.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,ALMXPMGR.EXE
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BFIL] C:\WINDOWS\BFIL.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vvhuuutxzqgsl] C:\WINDOWS\System32\uhnjoh.exe
O4 - HKLM\..\Run: [cbwx] C:\WINDOWS\cbwx.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Kill_Old_SimaticNet_Setup] C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\_koss
O4 - HKLM\..\Run: [simpcmon] C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKCU\..\Run: [DivX Updater] C:\WINNT\System32\DivX.Exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MsgPlus.exe.lnk = C:\Program Files\Messenger Plus! 3\MsgPlus.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Station Configurator.lnk = C:\Siemens\Common\s7wnsmsx\s7wnsmgx.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/Bridge-c106.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1044_pack_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1001958.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {FE8400F2-C848-4379-989F-DF2ED39040BE} (Eyeball Instant Messaging Control) - http://www.rsvp.com.au/chat/RSVPChat.cab
O23 - Service: Automation License Key Service - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CCAgent - SIEMENS AG - C:\Siemens\Common\Ace\bin\CCAgent.EXE
O23 - Service: CCEClient - SIEMENS AG - C:\Siemens\Common\ACE\bin\CCEClient.exe
O23 - Service: CCEServer - SIEMENS AG - C:\Siemens\Common\ACE\bin\CCEServer.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\System32\OPCEnum.exe
O23 - Service: SIMATIC NET Synchronization Service - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\sim9sync.exe
O23 - Service: SIMATIC NET Configuration Server - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
O23 - Service: SIMATIC NET Configuration Service - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
O23 - Service: SIMATIC NET Core Server DP - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp\scoredp.exe
O23 - Service: SIMATIC NET Core Server DP2 - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp2\scoredp2.exe
O23 - Service: SIMATIC NET Core Server FDL - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfdl\scorefdl.exe
O23 - Service: SIMATIC NET Core Server FMS - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfms\scorefms.exe
O23 - Service: SIMATIC NET Core Server PD - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binpd\scorepd.exe
O23 - Service: SIMATIC NET Core Server PN - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binPN\scorepn.exe
O23 - Service: SIMATIC NET Core Server S7 - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binS7\SCoreS7.exe
O23 - Service: SIMATIC NET Core Server SNMP - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binSNMP\scoresnmp.exe
O23 - Service: SIMATIC NET Core Server SR - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binsr\scoresr.exe
O23 - Service: SIMATIC NET P&P Manager - Siemens AG - c:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
O23 - Service: SIMATIC NET Route Manager - SIEMENS AG - C:\Siemens\Common\s7wnrmsx\s7wnrmsx.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SIMATIC NET Station-Manager - SIEMENS AG - C:\Siemens\Common\s7wnsmsx\s7wnsmsx.exe
O23 - Service: THKEYS - Unknown - C:\Program Files\Toshiba\Toshiba Applet\thkeys.exe
O23 - Service: TME3SRV - IEC - C:\Program Files\Toshiba\Toshiba Applet\tme3srv.exe
O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SIMATIC NET Station-Manager - SIEMENS AG - C:\Siemens\Common\s7wnsmsx\s7wnsmsx.exe
O23 - Service: THKEYS - Unknown - C:\Program Files\Toshiba\Toshiba Applet\thkeys.exe
O23 - Service: TME3SRV - IEC - C:\Program Files\Toshiba\Toshiba Applet\tme3srv.exe
O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
 
Joined
Sep 7, 2004
Messages
49,014
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,ALMXPMGR.EXE
Don’t know about this entry – with all that Seimens stuff it may be legit???

Print this and boot to safe mode

Fix these with HJT

R3 - Default URLSearchHook is missing

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll

O4 - HKLM\..\Run: [BFIL] C:\WINDOWS\BFIL.exe

O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe

O4 - HKLM\..\Run: [vvhuuutxzqgsl] C:\WINDOWS\System32\uhnjoh.exe

O4 - HKLM\..\Run: [cbwx] C:\WINDOWS\cbwx.exe

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\BFIL.exe
C:\WINDOWS\frsk.exe
C:\WINDOWS\System32\uhnjoh.exe
C:\WINDOWS\cbwx.exe

START – RUN – key in %temp% - Edit – Select all – File – Delete
Empty the recycle bin

I’d remove O4 - Startup: MsgPlus.exe.lnk = C:\Program Files\Messenger Plus! 3\MsgPlus.exe
and the application

AdAware 6 is out of date AdAware SE http://www.majorgeeks.com/download506.html





Boot and post a new log
 

Bogdenyvitch

Thread Starter
Joined
Jul 13, 2004
Messages
18
Thanks, I followed the steps, I couldn't find the files to delete even with the options set as mentioned. Below is the new hijack this log. I noticed that the BFIL.exe frsk.exe uhnjoh.exe and cbwx.exe files are still there.

Logfile of HijackThis v1.99.0
Scan saved at 14:24:46, on 31/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Siemens\Common\Ace\bin\CCAgent.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\sim9sync.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
c:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
C:\Siemens\Common\s7wnrmsx\s7wnrmsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thkeys.exe
C:\Program Files\Toshiba\Toshiba Applet\tme3srv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Siemens\Common\ACE\bin\CCEServer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ALMXPMGR.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\_koss.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
C:\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmgx.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Siemens\Common\Sqlany\dbsrv7.exe
C:\Hijack_This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snakenet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snakenet.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,ALMXPMGR.EXE
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Kill_Old_SimaticNet_Setup] C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\_koss
O4 - HKLM\..\Run: [simpcmon] C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [BFIL] C:\WINDOWS\BFIL.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKLM\..\Run: [vvhuuutxzqgsl] C:\WINDOWS\System32\uhnjoh.exe
O4 - HKLM\..\Run: [cbwx] C:\WINDOWS\cbwx.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKCU\..\Run: [DivX Updater] C:\WINNT\System32\DivX.Exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MsgPlus.exe.lnk = C:\Program Files\Messenger Plus! 3\MsgPlus.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Station Configurator.lnk = C:\Siemens\Common\s7wnsmsx\s7wnsmgx.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1044_pack_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {FE8400F2-C848-4379-989F-DF2ED39040BE} (Eyeball Instant Messaging Control) - http://www.rsvp.com.au/chat/RSVPChat.cab
O23 - Service: Automation License Key Service - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CCAgent - SIEMENS AG - C:\Siemens\Common\Ace\bin\CCAgent.EXE
O23 - Service: CCEClient - SIEMENS AG - C:\Siemens\Common\ACE\bin\CCEClient.exe
O23 - Service: CCEServer - SIEMENS AG - C:\Siemens\Common\ACE\bin\CCEServer.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\System32\OPCEnum.exe
O23 - Service: SIMATIC NET Synchronization Service - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\sim9sync.exe
O23 - Service: SIMATIC NET Configuration Server - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
O23 - Service: SIMATIC NET Configuration Service - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
O23 - Service: SIMATIC NET Core Server DP - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp\scoredp.exe
O23 - Service: SIMATIC NET Core Server DP2 - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp2\scoredp2.exe
O23 - Service: SIMATIC NET Core Server FDL - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfdl\scorefdl.exe
O23 - Service: SIMATIC NET Core Server FMS - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfms\scorefms.exe
O23 - Service: SIMATIC NET Core Server PD - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binpd\scorepd.exe
O23 - Service: SIMATIC NET Core Server PN - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binPN\scorepn.exe
O23 - Service: SIMATIC NET Core Server S7 - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binS7\SCoreS7.exe
O23 - Service: SIMATIC NET Core Server SNMP - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binSNMP\scoresnmp.exe
O23 - Service: SIMATIC NET Core Server SR - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binsr\scoresr.exe
O23 - Service: SIMATIC NET P&P Manager - Siemens AG - c:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
O23 - Service: SIMATIC NET Route Manager - SIEMENS AG - C:\Siemens\Common\s7wnrmsx\s7wnrmsx.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SIMATIC NET Station-Manager - SIEMENS AG - C:\Siemens\Common\s7wnsmsx\s7wnsmsx.exe
O23 - Service: THKEYS - Unknown - C:\Program Files\Toshiba\Toshiba Applet\thkeys.exe
O23 - Service: TME3SRV - IEC - C:\Program Files\Toshiba\Toshiba Applet\tme3srv.exe
O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
 
Joined
Sep 7, 2004
Messages
49,014
With the exception of the BTGrab follow the instructions in #5 in detail - you apparently did not follow it as I still see AdAware 6 and Messenger Plus
 

Bogdenyvitch

Thread Starter
Joined
Jul 13, 2004
Messages
18
Sorry about that. Thanks. Below is the new HJT log, appears to have got them this time.

Logfile of HijackThis v1.99.0
Scan saved at 11:16:27, on 1/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Siemens\Common\Ace\bin\CCAgent.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\sim9sync.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
c:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
C:\Siemens\Common\s7wnrmsx\s7wnrmsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thkeys.exe
C:\Program Files\Toshiba\Toshiba Applet\tme3srv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Siemens\Common\ACE\bin\CCEServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\_koss.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
C:\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmgx.exe
C:\Siemens\Common\Sqlany\dbsrv7.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Hijack_This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snakenet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snakenet.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Kill_Old_SimaticNet_Setup] C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\_koss
O4 - HKLM\..\Run: [simpcmon] C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKCU\..\Run: [DivX Updater] C:\WINNT\System32\DivX.Exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Station Configurator.lnk = C:\Siemens\Common\s7wnsmsx\s7wnsmgx.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1044_pack_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {FE8400F2-C848-4379-989F-DF2ED39040BE} (Eyeball Instant Messaging Control) - http://www.rsvp.com.au/chat/RSVPChat.cab
O23 - Service: Automation License Key Service - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CCAgent - SIEMENS AG - C:\Siemens\Common\Ace\bin\CCAgent.EXE
O23 - Service: CCEClient - SIEMENS AG - C:\Siemens\Common\ACE\bin\CCEClient.exe
O23 - Service: CCEServer - SIEMENS AG - C:\Siemens\Common\ACE\bin\CCEServer.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\System32\OPCEnum.exe
O23 - Service: SIMATIC NET Synchronization Service - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\sim9sync.exe
O23 - Service: SIMATIC NET Configuration Server - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
O23 - Service: SIMATIC NET Configuration Service - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
O23 - Service: SIMATIC NET Core Server DP - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp\scoredp.exe
O23 - Service: SIMATIC NET Core Server DP2 - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bindp2\scoredp2.exe
O23 - Service: SIMATIC NET Core Server FDL - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfdl\scorefdl.exe
O23 - Service: SIMATIC NET Core Server FMS - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binfms\scorefms.exe
O23 - Service: SIMATIC NET Core Server PD - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binpd\scorepd.exe
O23 - Service: SIMATIC NET Core Server PN - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binPN\scorepn.exe
O23 - Service: SIMATIC NET Core Server S7 - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binS7\SCoreS7.exe
O23 - Service: SIMATIC NET Core Server SNMP - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binSNMP\scoresnmp.exe
O23 - Service: SIMATIC NET Core Server SR - Siemens AG - C:\Program Files\SIEMENS\SIMATIC.NET\opc2\binsr\scoresr.exe
O23 - Service: SIMATIC NET P&P Manager - Siemens AG - c:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
O23 - Service: SIMATIC NET Route Manager - SIEMENS AG - C:\Siemens\Common\s7wnrmsx\s7wnrmsx.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SIMATIC NET Station-Manager - SIEMENS AG - C:\Siemens\Common\s7wnsmsx\s7wnsmsx.exe
O23 - Service: THKEYS - Unknown - C:\Program Files\Toshiba\Toshiba Applet\thkeys.exe
O23 - Service: TME3SRV - IEC - C:\Program Files\Toshiba\Toshiba Applet\tme3srv.exe
O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
 
Joined
Sep 7, 2004
Messages
49,014
Better but u still have

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

Which can be a prob, but the rest is OK
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top