Spyware in Win 2k computer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

greross

Thread Starter
Joined
Feb 5, 2005
Messages
5
Thanks for previously helping with a WinXPHome computer. Now I want to tackle my Win2000 installation.

I've run
Spybot and have cleared all items.

I've run Ad-Aware and found about 170 objects, but the program never ends and I'm unable to clear them.

Following is my HijackThis log. Any help would be appreciated. Thanks.

Logfile of HijackThis v1.99.0
Scan saved at 9:32:24 AM, on 2/7/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\ati2plxx.exe
E:\ESM2\eEBAgent.exe
E:\ESM2\eEBSVC.exe
E:\ESM2\SAgent2.exe
E:\WINNT\System32\E_S00RP2.EXE
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\GEARSEC.EXE
E:\WINNT\system32\hidserv.exe
E:\WINNT\system32\drivers\KodakCCS.exe
E:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\ScsiAccess.EXE
E:\WINNT\System32\ShuttlePROEngine.exe
E:\ESM2\SAgentNT.exe
E:\WINNT\System32\Tablet.exe
E:\ESM2\EBRR.EXE
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\Atiptaxx.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
E:\Program Files\Neato\MediaFACE 4.0\SetHook.exe
E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
E:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
E:\Program Files\Contour ShuttlePRO\ShuttlePRO Helper.exe
E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
E:\PROGRA~1\Zinio\ZDLM.exe
E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
E:\Program Files\E-Color\Common\IconMgr.exe
E:\Program Files\E-Color\Colorific\hgcctl95.exe
E:\Program Files\GuruNet\GuruNet.exe
E:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
E:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
E:\Program Files\WinSize\winsize.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Clippy\clippy.exe
E:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
E:\Program Files\WinTidy\WinTidy.exe
E:\PROGRA~1\COMMON~1\ATOMIC~1\agtserv.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Network Associates\VirusScan\avsynmgr.exe
E:\Program Files\Network Associates\VirusScan\VsStat.exe
E:\Program Files\Network Associates\VirusScan\Vshwin32.exe
E:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
E:\Program Files\Network Associates\VirusScan\Webscanx.exe
E:\Program Files\Network Associates\VirusScan\Avconsol.exe
E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
E:\Program Files\Audible\Bin\Manager.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Gary\Desktop\Spyware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = E:\Program Files\Copernic Agent\Web\SearchBar.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=localhost:1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://E%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (E:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\default\afryj3wi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - E:\Program Files\Common Files\Atomica Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - E:\WINNT\System32\nzdd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\COPERN~2\COPERN~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] E:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [TkBellExe] E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [TotalRecorderScheduler] E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [MediaFace Integration] E:\Program Files\Neato\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [StorageGuard] "E:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ShuttlePRO Helper] "E:\Program Files\Contour ShuttlePRO\ShuttlePRO Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo 960] E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O5 "LPT1:" /M "Stylus Photo 960"
O4 - HKLM\..\RunServices: [TrayManager] E:\PROGRA~1\TrayMan\trayman.exe
O4 - HKCU\..\Run: [Zinio DLM] E:\PROGRA~1\Zinio\ZDLM.exe /hide
O4 - Startup: Clippy.lnk = E:\Program Files\Clippy\clippy.exe
O4 - Startup: WinTidy.lnk = E:\Program Files\WinTidy\WinTidy.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = E:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: EPSON Background Monitor.lnk = E:\ESM2\STMS.exe
O4 - Global Startup: GuruNet.lnk = E:\Program Files\GuruNet\GuruNet.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = E:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = E:\Program Files\RealDownload\Realdownload.exe
O4 - Global Startup: WinSize.lnk = E:\Program Files\WinSize\winsize.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All Files by HiDownload - E:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - E:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Edit with &XML Spy - E:\Program Files\Altova\AUTHENTIC\spy.htm
O8 - Extra context menu item: GuruNet... - file:E:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Search Using Copernic Agent - E:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - E:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - E:\Program Files\Altova\AUTHENTIC\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - E:\Program Files\Altova\AUTHENTIC\spy.htm (HKCU)
O12 - Plugin for .bcf: E:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=www.viewpoint.com
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/downloads/samples/internet/sbncheck.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1268/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {2BE9C39E-8386-4435-B337-FCDAD8EAB006} (SqueakOCX Class) - http://squeakland.org/installers/SqueakPluginInstaller.exe
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.103/064b80653fb6e6090516/netzip/RdxIE.cab
O16 - DPF: {532E95D8-B2B4-42F7-A5AC-C475F3E5BED0} (CheckPort2 Control) - http://www.netmeetinghq.com/CheckPort/CheckPort2.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0739f650c08b04564106/netzip/RdxIE2.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio.com/reader/isetup.cab
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} (MMRadioHostX Class) - http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O23 - Service: Ati HotKey Poller - Unknown - E:\WINNT\System32\ati2plxx.exe
O23 - Service: AVSync Manager - Unknown - E:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - E:\ESM2\eEBAgent.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - E:\ESM2\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) - SEIKO EPSON CORPORATION - E:\WINNT\System32\E_S00RP2.EXE
O23 - Service: GEARSecurity - GEAR Software - E:\WINNT\System32\GEARSEC.EXE
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - E:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McShield - Unknown - E:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: ptssvc - KODAK - E:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
O23 - Service: ScsiAccess - Unknown - E:\WINNT\system32\ScsiAccess.EXE
O23 - Service: ShuttlePRO Engine - Unknown - E:\WINNT\System32\ShuttlePROEngine.exe
O23 - Service: Epson Printer Status Agent - SEIKO EPSON CORPORATION - E:\ESM2\SAgentNT.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINNT\System32\Tablet.exe
 

Attachments

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi greross, Welcome to TSG!! :)

Run HJT again and put a check in the following:

O4 - Global Startup: RealDownload.lnk = E:\Program Files\RealDownload\Realdownload.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...w.viewpoint.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0739f650c08b04...tzip/RdxIE2.cab
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)


Close all applications and browser windows before you click "fix checked".

Restart in Safe Mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Go to E:\Documents and Settings\Gary\Local Setting\Temp and empty that folder. Repeat for each profile on the device.

Empty the c:\winnt\temp folder as well.

Now while in safe mode try running Ad-Aware. After if find 50 items cancel the scan, clean those and restart the program. Repeat until you have completed a full scan.

Reboot let us know if that works and post your HJT log again.
 

greross

Thread Starter
Joined
Feb 5, 2005
Messages
5
I was able to run Microsoft AntiSpyware and clean-up a lot of the problems.
I followed your instructions too.

Below is the HJT log
Thanks!


Logfile of HijackThis v1.99.0
Scan saved at 2:26:50 PM, on 2/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\ati2plxx.exe
E:\Program Files\Network Associates\VirusScan\avsynmgr.exe
E:\ESM2\eEBAgent.exe
E:\ESM2\eEBSVC.exe
E:\ESM2\SAgent2.exe
E:\WINNT\System32\E_S00RP2.EXE
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\GEARSEC.EXE
E:\WINNT\system32\hidserv.exe
E:\WINNT\system32\drivers\KodakCCS.exe
E:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\ScsiAccess.EXE
E:\WINNT\System32\ShuttlePROEngine.exe
E:\ESM2\SAgentNT.exe
E:\ESM2\EBRR.EXE
E:\WINNT\System32\Tablet.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\Network Associates\VirusScan\VsStat.exe
E:\Program Files\Network Associates\VirusScan\Webscanx.exe
E:\Program Files\Network Associates\VirusScan\Avconsol.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\Atiptaxx.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
E:\Program Files\Neato\MediaFACE 4.0\SetHook.exe
E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
E:\Program Files\Contour ShuttlePRO\ShuttlePRO Helper.exe
E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\PROGRA~1\Zinio\ZDLM.exe
E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
E:\Program Files\E-Color\Common\IconMgr.exe
E:\Program Files\E-Color\Colorific\hgcctl95.exe
E:\Program Files\GuruNet\GuruNet.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
E:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
E:\Program Files\WinSize\winsize.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Clippy\clippy.exe
E:\Program Files\WinTidy\WinTidy.exe
E:\PROGRA~1\COMMON~1\ATOMIC~1\agtserv.exe
E:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Gary\Desktop\Spyware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=localhost:1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://E%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (E:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\default\afryj3wi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - E:\Program Files\Common Files\Atomica Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - E:\WINNT\System32\nzdd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\COPERN~2\COPERN~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] E:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [TkBellExe] E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [TotalRecorderScheduler] E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [MediaFace Integration] E:\Program Files\Neato\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [StorageGuard] "E:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ShuttlePRO Helper] "E:\Program Files\Contour ShuttlePRO\ShuttlePRO Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo 960] E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O5 "LPT1:" /M "Stylus Photo 960"
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [TrayManager] E:\PROGRA~1\TrayMan\trayman.exe
O4 - HKCU\..\Run: [Zinio DLM] E:\PROGRA~1\Zinio\ZDLM.exe /hide
O4 - Startup: Clippy.lnk = E:\Program Files\Clippy\clippy.exe
O4 - Startup: WinTidy.lnk = E:\Program Files\WinTidy\WinTidy.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = E:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: EPSON Background Monitor.lnk = E:\ESM2\STMS.exe
O4 - Global Startup: GuruNet.lnk = E:\Program Files\GuruNet\GuruNet.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = E:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = E:\Program Files\RealDownload\Realdownload.exe
O4 - Global Startup: WinSize.lnk = E:\Program Files\WinSize\winsize.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All Files by HiDownload - E:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - E:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Edit with &XML Spy - E:\Program Files\Altova\AUTHENTIC\spy.htm
O8 - Extra context menu item: GuruNet... - file:E:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: Search Using Copernic Agent - E:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - E:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - E:\Program Files\Altova\AUTHENTIC\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - E:\Program Files\Altova\AUTHENTIC\spy.htm (HKCU)
O12 - Plugin for .bcf: E:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/downloads/samples/internet/sbncheck.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1268/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {2BE9C39E-8386-4435-B337-FCDAD8EAB006} (SqueakOCX Class) - http://squeakland.org/installers/SqueakPluginInstaller.exe
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.103/064b80653fb6e6090516/netzip/RdxIE.cab
O16 - DPF: {532E95D8-B2B4-42F7-A5AC-C475F3E5BED0} (CheckPort2 Control) - http://www.netmeetinghq.com/CheckPort/CheckPort2.ocx
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio.com/reader/isetup.cab
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} (MMRadioHostX Class) - http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O23 - Service: Ati HotKey Poller - Unknown - E:\WINNT\System32\ati2plxx.exe
O23 - Service: AVSync Manager - Unknown - E:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - E:\ESM2\eEBAgent.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - E:\ESM2\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) - SEIKO EPSON CORPORATION - E:\WINNT\System32\E_S00RP2.EXE
O23 - Service: GEARSecurity - GEAR Software - E:\WINNT\System32\GEARSEC.EXE
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - E:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McShield - Unknown - E:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: ptssvc - KODAK - E:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown - E:\WINNT\system32\ScsiAccess.EXE
O23 - Service: ShuttlePRO Engine - Unknown - E:\WINNT\System32\ShuttlePROEngine.exe
O23 - Service: Epson Printer Status Agent - SEIKO EPSON CORPORATION - E:\ESM2\SAgentNT.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINNT\System32\Tablet.exe



Thanks
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - E:\WINNT\System32\nzdd.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

Close all applications and browser windows before you click "fix checked".
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top