1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware in Win 2k computer

Discussion in 'Virus & Other Malware Removal' started by greross, Feb 7, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. greross

    greross Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    5
    Thanks for previously helping with a WinXPHome computer. Now I want to tackle my Win2000 installation.

    I've run
    Spybot and have cleared all items.

    I've run Ad-Aware and found about 170 objects, but the program never ends and I'm unable to clear them.

    Following is my HijackThis log. Any help would be appreciated. Thanks.

    Logfile of HijackThis v1.99.0
    Scan saved at 9:32:24 AM, on 2/7/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    E:\WINNT\System32\smss.exe
    E:\WINNT\system32\winlogon.exe
    E:\WINNT\system32\services.exe
    E:\WINNT\system32\lsass.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\system32\spoolsv.exe
    E:\WINNT\System32\ati2plxx.exe
    E:\ESM2\eEBAgent.exe
    E:\ESM2\eEBSVC.exe
    E:\ESM2\SAgent2.exe
    E:\WINNT\System32\E_S00RP2.EXE
    E:\WINNT\System32\svchost.exe
    E:\WINNT\System32\GEARSEC.EXE
    E:\WINNT\system32\hidserv.exe
    E:\WINNT\system32\drivers\KodakCCS.exe
    E:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
    E:\WINNT\system32\regsvc.exe
    E:\WINNT\system32\MSTask.exe
    E:\WINNT\system32\ScsiAccess.EXE
    E:\WINNT\System32\ShuttlePROEngine.exe
    E:\ESM2\SAgentNT.exe
    E:\WINNT\System32\Tablet.exe
    E:\ESM2\EBRR.EXE
    E:\WINNT\System32\WBEM\WinMgmt.exe
    E:\WINNT\System32\mspmspsv.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\Explorer.EXE
    E:\WINNT\system32\Atiptaxx.exe
    E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    E:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    E:\Program Files\Neato\MediaFACE 4.0\SetHook.exe
    E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    E:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    E:\Program Files\Contour ShuttlePRO\ShuttlePRO Helper.exe
    E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    E:\PROGRA~1\Zinio\ZDLM.exe
    E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    E:\Program Files\E-Color\Common\IconMgr.exe
    E:\Program Files\E-Color\Colorific\hgcctl95.exe
    E:\Program Files\GuruNet\GuruNet.exe
    E:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    E:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    E:\Program Files\WinSize\winsize.exe
    E:\Program Files\WinZip\WZQKPICK.EXE
    E:\Program Files\Clippy\clippy.exe
    E:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
    E:\Program Files\WinTidy\WinTidy.exe
    E:\PROGRA~1\COMMON~1\ATOMIC~1\agtserv.exe
    E:\WINNT\System32\svchost.exe
    E:\Program Files\Network Associates\VirusScan\avsynmgr.exe
    E:\Program Files\Network Associates\VirusScan\VsStat.exe
    E:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    E:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
    E:\Program Files\Network Associates\VirusScan\Webscanx.exe
    E:\Program Files\Network Associates\VirusScan\Avconsol.exe
    E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    E:\Program Files\Audible\Bin\Manager.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\Documents and Settings\Gary\Desktop\Spyware\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = E:\Program Files\Copernic Agent\Web\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=localhost:1
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://E%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (E:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\default\afryj3wi.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - E:\Program Files\Common Files\Atomica Shared\agtbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
    O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - E:\WINNT\System32\nzdd.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\COPERN~2\COPERN~1.DLL
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [FinePrint Dispatcher v4] E:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    O4 - HKLM\..\Run: [TkBellExe] E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [TotalRecorderScheduler] E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [MediaFace Integration] E:\Program Files\Neato\MediaFACE 4.0\SetHook.exe
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    O4 - HKLM\..\Run: [StorageGuard] "E:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ShuttlePRO Helper] "E:\Program Files\Contour ShuttlePRO\ShuttlePRO Helper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus Photo 960] E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O5 "LPT1:" /M "Stylus Photo 960"
    O4 - HKLM\..\RunServices: [TrayManager] E:\PROGRA~1\TrayMan\trayman.exe
    O4 - HKCU\..\Run: [Zinio DLM] E:\PROGRA~1\Zinio\ZDLM.exe /hide
    O4 - Startup: Clippy.lnk = E:\Program Files\Clippy\clippy.exe
    O4 - Startup: WinTidy.lnk = E:\Program Files\WinTidy\WinTidy.exe
    O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: E-Color.lnk = E:\Program Files\E-Color\Common\IconMgr.exe
    O4 - Global Startup: EPSON Background Monitor.lnk = E:\ESM2\STMS.exe
    O4 - Global Startup: GuruNet.lnk = E:\Program Files\GuruNet\GuruNet.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = E:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RealDownload.lnk = E:\Program Files\RealDownload\Realdownload.exe
    O4 - Global Startup: WinSize.lnk = E:\Program Files\WinSize\winsize.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Download All Files by HiDownload - E:\Program Files\HiDownload\HDGetAll.htm
    O8 - Extra context menu item: Download by HiDownload - E:\Program Files\HiDownload\HDGet.htm
    O8 - Extra context menu item: Edit with &XML Spy - E:\Program Files\Altova\AUTHENTIC\spy.htm
    O8 - Extra context menu item: GuruNet... - file:E:\Program Files\GuruNet\Html\atiemenu.htm
    O8 - Extra context menu item: Search Using Copernic Agent - E:\Program Files\Copernic Agent\Web\SearchExt.htm
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - E:\Program Files\HiDownload\hidownload.exe
    O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - E:\Program Files\Altova\AUTHENTIC\spy.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - E:\Program Files\Altova\AUTHENTIC\spy.htm (HKCU)
    O12 - Plugin for .bcf: E:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=www.viewpoint.com
    O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/downloads/samples/internet/sbncheck.cab
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1268/ftp.coupons.com/v6/brix6ie.cab
    O16 - DPF: {2BE9C39E-8386-4435-B337-FCDAD8EAB006} (SqueakOCX Class) - http://squeakland.org/installers/SqueakPluginInstaller.exe
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.103/064b80653fb6e6090516/netzip/RdxIE.cab
    O16 - DPF: {532E95D8-B2B4-42F7-A5AC-C475F3E5BED0} (CheckPort2 Control) - http://www.netmeetinghq.com/CheckPort/CheckPort2.ocx
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0739f650c08b04564106/netzip/RdxIE2.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio.com/reader/isetup.cab
    O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} (MMRadioHostX Class) - http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab
    O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
    O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
    O23 - Service: Ati HotKey Poller - Unknown - E:\WINNT\System32\ati2plxx.exe
    O23 - Service: AVSync Manager - Unknown - E:\Program Files\Network Associates\VirusScan\avsynmgr.exe
    O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
    O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - E:\ESM2\eEBAgent.exe
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - E:\ESM2\SAgent2.exe
    O23 - Service: EPSON V3 Service2(02) - SEIKO EPSON CORPORATION - E:\WINNT\System32\E_S00RP2.EXE
    O23 - Service: GEARSecurity - GEAR Software - E:\WINNT\System32\GEARSEC.EXE
    O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - E:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: McShield - Unknown - E:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
    O23 - Service: ptssvc - KODAK - E:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
    O23 - Service: ScsiAccess - Unknown - E:\WINNT\system32\ScsiAccess.EXE
    O23 - Service: ShuttlePRO Engine - Unknown - E:\WINNT\System32\ShuttlePROEngine.exe
    O23 - Service: Epson Printer Status Agent - SEIKO EPSON CORPORATION - E:\ESM2\SAgentNT.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINNT\System32\Tablet.exe
     

    Attached Files:

  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi greross, Welcome to TSG!! :)

    Run HJT again and put a check in the following:

    O4 - Global Startup: RealDownload.lnk = E:\Program Files\RealDownload\Realdownload.exe
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...w.viewpoint.com
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0739f650c08b04...tzip/RdxIE2.cab
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)


    Close all applications and browser windows before you click "fix checked".

    Restart in Safe Mode

    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Go to E:\Documents and Settings\Gary\Local Setting\Temp and empty that folder. Repeat for each profile on the device.

    Empty the c:\winnt\temp folder as well.

    Now while in safe mode try running Ad-Aware. After if find 50 items cancel the scan, clean those and restart the program. Repeat until you have completed a full scan.

    Reboot let us know if that works and post your HJT log again.
     
  3. greross

    greross Thread Starter

    Joined:
    Feb 5, 2005
    Messages:
    5
    I was able to run Microsoft AntiSpyware and clean-up a lot of the problems.
    I followed your instructions too.

    Below is the HJT log
    Thanks!


    Logfile of HijackThis v1.99.0
    Scan saved at 2:26:50 PM, on 2/10/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    E:\WINNT\System32\smss.exe
    E:\WINNT\system32\winlogon.exe
    E:\WINNT\system32\services.exe
    E:\WINNT\system32\lsass.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\system32\spoolsv.exe
    E:\WINNT\System32\ati2plxx.exe
    E:\Program Files\Network Associates\VirusScan\avsynmgr.exe
    E:\ESM2\eEBAgent.exe
    E:\ESM2\eEBSVC.exe
    E:\ESM2\SAgent2.exe
    E:\WINNT\System32\E_S00RP2.EXE
    E:\WINNT\System32\svchost.exe
    E:\WINNT\System32\GEARSEC.EXE
    E:\WINNT\system32\hidserv.exe
    E:\WINNT\system32\drivers\KodakCCS.exe
    E:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
    E:\WINNT\system32\regsvc.exe
    E:\WINNT\system32\MSTask.exe
    E:\WINNT\system32\ScsiAccess.EXE
    E:\WINNT\System32\ShuttlePROEngine.exe
    E:\ESM2\SAgentNT.exe
    E:\ESM2\EBRR.EXE
    E:\WINNT\System32\Tablet.exe
    E:\WINNT\System32\WBEM\WinMgmt.exe
    E:\WINNT\System32\mspmspsv.exe
    E:\WINNT\system32\svchost.exe
    E:\Program Files\Network Associates\VirusScan\VsStat.exe
    E:\Program Files\Network Associates\VirusScan\Webscanx.exe
    E:\Program Files\Network Associates\VirusScan\Avconsol.exe
    E:\WINNT\Explorer.EXE
    E:\WINNT\system32\Atiptaxx.exe
    E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    E:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    E:\Program Files\Neato\MediaFACE 4.0\SetHook.exe
    E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    E:\Program Files\Contour ShuttlePRO\ShuttlePRO Helper.exe
    E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    E:\PROGRA~1\Zinio\ZDLM.exe
    E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    E:\Program Files\E-Color\Common\IconMgr.exe
    E:\Program Files\E-Color\Colorific\hgcctl95.exe
    E:\Program Files\GuruNet\GuruNet.exe
    E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    E:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    E:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    E:\Program Files\WinSize\winsize.exe
    E:\Program Files\WinZip\WZQKPICK.EXE
    E:\Program Files\Clippy\clippy.exe
    E:\Program Files\WinTidy\WinTidy.exe
    E:\PROGRA~1\COMMON~1\ATOMIC~1\agtserv.exe
    E:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\Documents and Settings\Gary\Desktop\Spyware\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=localhost:1
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://E%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (E:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\default\afryj3wi.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - E:\Program Files\Common Files\Atomica Shared\agtbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
    O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - E:\WINNT\System32\nzdd.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\COPERN~2\COPERN~1.DLL
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [FinePrint Dispatcher v4] E:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    O4 - HKLM\..\Run: [TkBellExe] E:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [TotalRecorderScheduler] E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [MediaFace Integration] E:\Program Files\Neato\MediaFACE 4.0\SetHook.exe
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    O4 - HKLM\..\Run: [StorageGuard] "E:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ShuttlePRO Helper] "E:\Program Files\Contour ShuttlePRO\ShuttlePRO Helper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus Photo 960] E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 960" /O5 "LPT1:" /M "Stylus Photo 960"
    O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\RunServices: [TrayManager] E:\PROGRA~1\TrayMan\trayman.exe
    O4 - HKCU\..\Run: [Zinio DLM] E:\PROGRA~1\Zinio\ZDLM.exe /hide
    O4 - Startup: Clippy.lnk = E:\Program Files\Clippy\clippy.exe
    O4 - Startup: WinTidy.lnk = E:\Program Files\WinTidy\WinTidy.exe
    O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: E-Color.lnk = E:\Program Files\E-Color\Common\IconMgr.exe
    O4 - Global Startup: EPSON Background Monitor.lnk = E:\ESM2\STMS.exe
    O4 - Global Startup: GuruNet.lnk = E:\Program Files\GuruNet\GuruNet.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = E:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RealDownload.lnk = E:\Program Files\RealDownload\Realdownload.exe
    O4 - Global Startup: WinSize.lnk = E:\Program Files\WinSize\winsize.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Download All Files by HiDownload - E:\Program Files\HiDownload\HDGetAll.htm
    O8 - Extra context menu item: Download by HiDownload - E:\Program Files\HiDownload\HDGet.htm
    O8 - Extra context menu item: Edit with &XML Spy - E:\Program Files\Altova\AUTHENTIC\spy.htm
    O8 - Extra context menu item: GuruNet... - file:E:\Program Files\GuruNet\Html\atiemenu.htm
    O8 - Extra context menu item: Search Using Copernic Agent - E:\Program Files\Copernic Agent\Web\SearchExt.htm
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\COPERN~2\COPERN~1.EXE
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - E:\Program Files\HiDownload\hidownload.exe
    O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - E:\Program Files\Altova\AUTHENTIC\spy.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - E:\Program Files\Altova\AUTHENTIC\spy.htm (HKCU)
    O12 - Plugin for .bcf: E:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/downloads/samples/internet/sbncheck.cab
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1268/ftp.coupons.com/v6/brix6ie.cab
    O16 - DPF: {2BE9C39E-8386-4435-B337-FCDAD8EAB006} (SqueakOCX Class) - http://squeakland.org/installers/SqueakPluginInstaller.exe
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.103/064b80653fb6e6090516/netzip/RdxIE.cab
    O16 - DPF: {532E95D8-B2B4-42F7-A5AC-C475F3E5BED0} (CheckPort2 Control) - http://www.netmeetinghq.com/CheckPort/CheckPort2.ocx
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio.com/reader/isetup.cab
    O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} (MMRadioHostX Class) - http://wwws.musicmatch.com/graphics/WebPlayer/MMLRadio.cab
    O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
    O23 - Service: Ati HotKey Poller - Unknown - E:\WINNT\System32\ati2plxx.exe
    O23 - Service: AVSync Manager - Unknown - E:\Program Files\Network Associates\VirusScan\avsynmgr.exe
    O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
    O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - E:\ESM2\eEBAgent.exe
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - E:\ESM2\SAgent2.exe
    O23 - Service: EPSON V3 Service2(02) - SEIKO EPSON CORPORATION - E:\WINNT\System32\E_S00RP2.EXE
    O23 - Service: GEARSecurity - GEAR Software - E:\WINNT\System32\GEARSEC.EXE
    O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - E:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: McShield - Unknown - E:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
    O23 - Service: ptssvc - KODAK - E:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
    O23 - Service: ScsiAccess - Unknown - E:\WINNT\system32\ScsiAccess.EXE
    O23 - Service: ShuttlePRO Engine - Unknown - E:\WINNT\System32\ShuttlePROEngine.exe
    O23 - Service: Epson Printer Status Agent - SEIKO EPSON CORPORATION - E:\ESM2\SAgentNT.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINNT\System32\Tablet.exe



    Thanks
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - E:\WINNT\System32\nzdd.dll

    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

    Close all applications and browser windows before you click "fix checked".
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/327713

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice