Here is the new HJT log.
Here is what I found for msmsgs.exe
msmsgs.exe C:/I386/MMSSETUP.CAB
msmsgs.exe C:/Program Files/Messenger
msmsgs.exe.manifest C:/Program Files/Messenger
msmsgs.exe-0620E8B3.pf C:/Windows/Prefetch
msmsgs.exe C:/Windows/ServicePackFiles/i386
Deleted all except the top one, wouldnt let me.
I have rebooted and I have had one pop-up while on Firefox but it was from IE and it said that the website could not be found. We are getting there.
Here is a new log. I have added several things since last log (ie: window washer, etc.)
Logfile of HijackThis v1.99.1
Scan saved at 10:25:20 AM, on 3/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\WINDOWS\System32\CAPM5RSK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPM5SWK.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPM5SWK.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Rob Thompson\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670}
- C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -
C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\RunServicesOnce: [washindex] c:\Program
Files\Washer\washidx.exe "Rob Thompson"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program
Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: symsupportutil -
https://www-secure.symantec.com/tech...upportutil.CAB
O16 - DPF: Yahoo! Poker -
http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/...fo.apple.com/q
t505/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/...fo.apple.com/s
aba/us/win/QuickTimeInstaller.exe
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates
Technologies, Inc. - C:\Program Files\McAfee\McAfee
VirusScan\Avsynmgr.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother
Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation -
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc.
- C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common
Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner -
C:\WINDOWS\Nhksrv.exe
Thanks so much. What else needs to go?
Kent
Login 
Search 
Solved: HELP Serchmaid/Virtual Maid HiJack HJT Log included 
Suzy9874 
How to solve pop-up problem 
Facebook
Twitter
TechGuy.tv
TSG Mobile