More Trojan Virus help Please! [Archive]

View Full Version : More Trojan Virus help Please!

alligatoreyes

07-06-2005, 06:01 AM

I have the following viruses that I can't get rid of. Please help! Also have a search bar that is pop-up on desktop that needs to go also. I didn't download it.

Trojan Horse Small 18.T in C:\WINTT\isrvs\sysupd.dll
Trojan Horse small 21.AE in C:\WINTT\inst\3p_3.exe

My log is posted below. I thank you for any help you can provide.

Logfile of HijackThis v1.99.1
Scan saved at 8:25:44 AM, on 7/6/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\S3apphk.exe
C:\QUICKENW\QAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Open Site\opnste.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05. exe
C:\WINNT\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\isrvs\desktop.exe
C:\WINNT\system32\mrtMngr.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\HPHipm11.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05. exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe" -wait 0
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.imbum.com/Imbum.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://aerial.leepa.org/ecwplugins/ncs.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{818B560E-6388-481F-81BB-4499D3DC17EA}: NameServer = 63.160.179.3,63.160.179.4
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe

Again thanks for any help,

Eyes

nightowl

07-06-2005, 02:18 PM

http://forums.designtechnica.com/showthread.php?t=5583

Download The Stand Alone Version of CW Shredder,Spybot, AdAware, Hijack This (Links Above)

You may want to print this out
Unplug the internet from your computer
Reboot To Safe Mode (tap F8 on Startup)

Delete these Files and or Folders

C:\Program Files\Open Site\opnste.exe
C:\WINNT\isrvs\desktop.exe

Still In Safe Mode Open up Hijack This and Place a check next to each of these and click Fix Checked.

O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.imbum.com/Imbum.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://aerial.leepa.org/ecwplugins/ncs.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll

Still In Safe Mode Delete all Temporary Internet Files, Cookies, Run CW Shredder, AdAware and Spybot,delete what they find , Empty recycle bin.

Plug the internet back in and Reboot to normal mode and post a new log..........Jim

alligatoreyes

07-06-2005, 07:01 PM

NightOwl

Thanks so much. AVG is now happy as it can find no Trojan Horse virus. So am I..Picked up a little speed in the process. I appreciate all your time and help.

Current log posted below:

Logfile of HijackThis v1.99.1
Scan saved at 9:19:19 PM, on 7/6/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\S3apphk.exe
C:\QUICKENW\QAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05. exe
C:\WINNT\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\system32\mrtMngr.EXE
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\HPHipm11.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05. exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe" -wait 0
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{818B560E-6388-481F-81BB-4499D3DC17EA}: NameServer = 63.160.179.3,63.160.179.4
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe

If something is amiss please let me know. Again I thank you for your help.

Eyes

nightowl

07-06-2005, 10:09 PM

Looks much better, Just one left. Reboot to safe Mode and fix the selected item.

R3 - Default URLSearchHook is missing

Still In Safe Mode Delete all Temporary Internet Files, Cookies, AdAware and Spybot,delete what they find , Empty recycle bin.

Reboot to normal mode and post a new log..........Jim

alligatoreyes

07-12-2005, 03:57 AM

Sorry it took so long to get this posted. Really appreciate your help. Do you help resolve Windows 2000 problem issues also?

Logfile of HijackThis v1.99.1
Scan saved at 6:40:17 AM, on 7/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\S3apphk.exe
C:\QUICKENW\QAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05. exe
C:\WINNT\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\system32\mrtMngr.EXE
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\HPHipm11.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05. exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe" -wait 0
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{818B560E-6388-481F-81BB-4499D3DC17EA}: NameServer = 63.160.179.3,63.160.179.4
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe

Again I really appreciate it.

Eyes

nightowl

07-12-2005, 10:39 AM

Your lastlog looks good, How is it running?

I can help on Windows 2000 if its related to Spyware.

If its software or something else you can post your question in theComputer-Software section.

http://forums.designtechnica.com/forumdisplay.php?f=79

Download SpywareBlaster for prevention Here is the link.

http://www.javacoolsoftware.com/spywareblaster.html

Run and Update Adaware and Spybot at least once a week to keep it clean.
Update SpywareBlaster once a week Enable all Protection and let it run in the background.........Jim :vivi

alligatoreyes

07-12-2005, 07:23 PM

It seems to be running better than it was. I really do appreciate your help. Thanks for the link. Again Many Thanks!!

Eyes

nightowl

07-12-2005, 09:55 PM

Glad I was able to help..........Jim :vivi