Jump to content

[SOLVED]Hijths


wyjoe63
 Share

Recommended Posts

I have some junk on my comp. Could someone check this out for me?

 

 

Logfile of HijackThis v1.97.7

Scan saved at 6:03:55 PM, on 11/2/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Fam\Desktop\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lnioyilwaryitxa.com/2DyDtSvuCmh...ASiMLiTh70a.jsp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {AA9F9251-AEC1-6AA6-F989-305E1D6A5D1D} - C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

O2 - BHO: (no name) - {F15C67F7-331F-6EFE-AFB0-2BB8D9BFC5D1} - C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3

O4 - HKLM\..\Run: [RemoteBaitTeamDrv] C:\Documents and Settings\All Users\Application Data\movesetupremotebait\spamplay.exe

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"

O4 - HKCU\..\Run: [drive mail] C:\DOCUME~1\Fam\APPLIC~1\COOLMA~1\Link Grey Else.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{B963A0C5-9B28-49BA-BE6A-8E88AF507227}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

Link to comment
Share on other sites

Hi wyjoe63

 

There are a number of things on your HJT log that need to be addressed.

To speed up the process you might want to update to the newest version

of HJT. You can find it:

HERE

 

Run a scan with the new version and post a new log in this thread.

Someone experienced will be along to help you as soon as they can. ;)

Regards

Toke

Edited by tokehemp
Link to comment
Share on other sites

K i got the updated version heres what i got. Hopefully you guys can help me out

 

 

Logfile of HijackThis v1.98.2

Scan saved at 7:09:51 PM, on 11/2/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ydyltmwquj.com/2DyDtSvuCmh0iMBq...SiMLiTh70a.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {AA9F9251-AEC1-6AA6-F989-305E1D6A5D1D} - C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

O2 - BHO: (no name) - {F15C67F7-331F-6EFE-AFB0-2BB8D9BFC5D1} - C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3

O4 - HKLM\..\Run: [RemoteBaitTeamDrv] C:\Documents and Settings\All Users\Application Data\movesetupremotebait\spamplay.exe

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"

O4 - HKCU\..\Run: [drive mail] C:\DOCUME~1\Fam\APPLIC~1\COOLMA~1\Link Grey Else.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{B963A0C5-9B28-49BA-BE6A-8E88AF507227}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

Link to comment
Share on other sites

There are a lot of folks getting overun by spyware,

and the problems getting worse as time goes by.

Even more troubling is that the number of people properly

trained to deal with this overload remains limited.

Don't be frustrated...just be patient and someone will

assist you.

 

 

  I ask again can someone help me?

Yes...and it will be worth the wait

 

Regards

Toke

Link to comment
Share on other sites

Hi wyjoe63,

 

please click Start Select Control Panel

double click Add/Remove Programs

look for any of the following, and uninstall them:

 

Window Search

Window Searching

Lop.com

LOP SEARCH

Browser Enhancer

Ultimate Browser Enhancer

 

IMPORTANT!!!

you may find entries similair to the above but with strange/weird spacing in the names.

 

They are Lop.com, uninstall them.

 

You may be given a code to insert, do so and reboot when done.

 

If none of those are listed in Add/Remove Programs then download and run this uninstaller. Reboot when done and post a new log.

 

http://lop.com/new_uninstall.exe

Link to comment
Share on other sites

I checked for those and they arent there. I also tried the uninstaller but it didn't work cause it said my security settings wouldnt allow it. I don't think its a good idea to lower the settings for that website cause ive heard bad things about. thx for the help though.

 

Anytime someone can get around to mine is cool with me no rush

Link to comment
Share on other sites

Heres new log just in case

 

Logfile of HijackThis v1.98.2

Scan saved at 9:17:03 PM, on 11/3/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dmwhayrxtluylmmgfeedbbohy.net/2DyDt...SiMLiTh70a.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {AA9F9251-AEC1-6AA6-F989-305E1D6A5D1D} - C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

O2 - BHO: (no name) - {F15C67F7-331F-6EFE-AFB0-2BB8D9BFC5D1} - C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3

O4 - HKLM\..\Run: [RemoteBaitTeamDrv] C:\Documents and Settings\All Users\Application Data\movesetupremotebait\spamplay.exe

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"

O4 - HKCU\..\Run: [drive mail] C:\DOCUME~1\Fam\APPLIC~1\COOLMA~1\Link Grey Else.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{B963A0C5-9B28-49BA-BE6A-8E88AF507227}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

Link to comment
Share on other sites

It found one thing. Heres the new log.

 

 

 

Logfile of HijackThis v1.98.2

Scan saved at 3:24:27 PM, on 11/4/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nbhfprotwttwehnjvjsyw.com/2DyDt...SiMLiTh70a.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {AA9F9251-AEC1-6AA6-F989-305E1D6A5D1D} - C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

O2 - BHO: (no name) - {F15C67F7-331F-6EFE-AFB0-2BB8D9BFC5D1} - C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3

O4 - HKLM\..\Run: [RemoteBaitTeamDrv] C:\Documents and Settings\All Users\Application Data\movesetupremotebait\spamplay.exe

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"

O4 - HKCU\..\Run: [drive mail] C:\DOCUME~1\Fam\APPLIC~1\COOLMA~1\Link Grey Else.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{B963A0C5-9B28-49BA-BE6A-8E88AF507227}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

Link to comment
Share on other sites

Rescan with HJT, close browser/explorer windows, check these items then click 'fix checked':

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nbhfprotwttwehnjvjsyw.com/2DyDt...SiMLiTh70a.html

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

O2 - BHO: (no name) - {AA9F9251-AEC1-6AA6-F989-305E1D6A5D1D} - C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

 

O2 - BHO: (no name) - {F15C67F7-331F-6EFE-AFB0-2BB8D9BFC5D1} - C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

 

O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3

Not much information on this...is it a screensaver? If you know what it is then leave it alone

 

O4 - HKLM\..\Run: [RemoteBaitTeamDrv] C:\Documents and Settings\All Users\Application Data\movesetupremotebait\spamplay.exe

 

O4 - HKCU\..\Run: [drive mail] C:\DOCUME~1\Fam\APPLIC~1\COOLMA~1\Link Grey Else.exe

 

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

This is backWeb, it doesn't need to be running in the background

http://www.pestpatrol.com/PestInfo/b/backweb.asp

 

Reboot into safe mode:

Restart the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Show Hidden Files and Folders

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

Search for and delete:

(Do not delete the Documents folder)

 

C:\DOCUME~1\Fam\APPLIC~1\SOFTWA~1\corn fork.exe

C:\Documents and Settings\All Users\Application Data\movesetupremotebait\spamplay.exe

C:\DOCUME~1\Fam\APPLIC~1\COOLMA~1\Link Grey Else.exe

 

C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3 <--delete this only if you checked and had HJT 'fix' it.

 

Reboot into normal mode...go into Internet Options - General tab. Delete temporary internet files, and choose to delete all Offline content. Also, go to Start - Find - Files or folders - in the named box, type: *.tmp and choose Edit - select all - File - delete. Empty the contents of the C:\Windows\temp folder and C:\temp folder, if you have one. Empty Recycle bin, clear history and cookies.

 

If you haven't deep scanned with both Ad-aware SE and Spybot s&d, download update and scan following the tutorials.

 

Install and how to use Ad-aware SE

http://www.bleepingcomputer.com/forums/ind...showtutorial=48

 

Install and how to use Spybot s&d

http://www.bleepingcomputer.com/forums/ind...showtutorial=43

 

Reboot after scanning with both and post a new log.

Link to comment
Share on other sites

K thx heres the new log

 

 

Logfile of HijackThis v1.98.2

Scan saved at 5:32:33 PM, on 11/4/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qnxgwhzozjarim.com/2DyDtSvuCmh0...SiMLiTh70a.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{B963A0C5-9B28-49BA-BE6A-8E88AF507227}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

Link to comment
Share on other sites

did as you said hers new log

 

 

Logfile of HijackThis v1.98.2

Scan saved at 3:53:55 PM, on 11/5/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\QuickTime\qttask.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yflruguyckz.net/enOXj9VZfaSv1Gp...63szUmBhDv.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{B963A0C5-9B28-49BA-BE6A-8E88AF507227}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

Link to comment
Share on other sites

A couple of things....I don't see where you downloaded and scanned with Spybot s&d, would you please do that and also scan with Ad-aware SE.

 

Reboot after deep scanning following the tutorials above.

 

Also do you recognize this IP?

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{B963A0C5-9B28-49BA-BE6A-8E88AF507227}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

Link to comment
Share on other sites

Alright i downloaded and scanned and did all that stuff. As for the ip address im behind a router so it says that it us a DNS server. I dont know what that is but i think its ok. Heres my HJT log

 

 

 

Logfile of HijackThis v1.98.2

Scan saved at 6:46:21 PM, on 11/5/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yflruguyckz.net/enOXj9VZfaSv1Gp...63szUmBhDv.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{B963A0C5-9B28-49BA-BE6A-8E88AF507227}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

Link to comment
Share on other sites

Rescan with HJT in safe mode again, and check these items to be fixed:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yflruguyckz.net/enOXj9VZfaSv1Gp...63szUmBhDv.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

 

Reboot and post a new log.

 

we've got to find the "charm" in here someplace :P

(we'll reset your home page later)

Link to comment
Share on other sites

K did that. heres the new log. hopefully can this figured out

 

 

 

Logfile of HijackThis v1.98.2

Scan saved at 8:42:22 PM, on 11/5/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintballgear.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{B963A0C5-9B28-49BA-BE6A-8E88AF507227}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B366931-A148-4AA8-B9F4-A1F8A859BBC9}: NameServer = 4.2.2.1,4.2.2.2

 

thx

Link to comment
Share on other sites

 Share

×
×
  • Create New...