sizk

hi there,
i've followed the steps of the sticky threads but there's still one thing i can't get rid of, however i try (see line 017).
i already had some troubles previously with others spy- or malwares and had the opportunity to try most of well-effective anti-spywares but none of them will do the job. when fixing with hijackthis, it won't reappear immediatly but does pretty soon anyway.

thx for your help!

Logfile of HijackThis v1.99.1
Scan saved at 23:46:47, on 14/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\Ati2evxx.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\WINNT\system32\rundll32.exe
E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\WINNT\System32\hphmon05.exe
E:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09. exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\MessengerPlus! 3\MsgPlus.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\WINNT\System32\HPZipm12.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINNT\system32\ntvdm.exe
E:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\# PROGRAMS\# PROGRAMS\Setups\# UTILS\hijackthis\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHmon05] E:\WINNT\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09. exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [THGuard] "E:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] E:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKCU\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f010.mail.caramail.lycos.fr/a...leUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B44176-C987-40AA-B09D-C9989DFC9FA3}: NameServer = 212.151.136.254 130.244.127.161
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINNT\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Byteman

You have to disable Spybot's TeaTimer, then you should be able to whack the 017 line. If you still have problems, you could also boot to safemode to do it, BUT disable teatimer should allow you to do it just fine. Other than that you look free from malware (FYI: the messengerplus software is bundle with lop.com spyware, if you check the box to install the sponsor programs, during installation).

__________________
Don't byte off more than you can chew...

sizk

Teatimer can't be the reason, i started using it after the problem appeared. anyway, there's one simple thing i've not done that might explain... i couldn't find where to disable the system restore in win2K

sizk

about E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe can i just uninstall control panel in Add/Remove programs and should i do that with HJT?
for the others 4 1st lines, must i backup first or can i blindly delete 'em?

Buzz1927

Byteman is saying that Teatimer is interfering with hijackthis fixing the 017. Also, block it with your firewall.

sizk

i got that but i tried to fix it with HJT before i use Teatimer so my bet is i just need to disable the system restore. just, i can't find it the option.

Buzz1927

I'm not sure there is a system restore in win2k, anyone know?

Byteman

nope, no sys restore in w2k, only ME and XP. And you may want to check your settings with your ISP and make sure those DNS are bogus.

__________________
Don't byte off more than you can chew...

sizk

what does that mean and how should i do that?
anyone can answer my question about praetor's reply plz?

Buzz1927

Fixing the 04's in hijackthis won't delete anything, but you will need to disable them in some programs as well e.g. realplayer.