Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Search Search
Search for:
Tech Support Guy > > >

Should I format my HD and reinstall?


(!)

Michael S.'s Avatar
Michael S. Michael S. is offline
Member with 177 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Mesa, Arizona
Experience: Intermediate
01-Nov-2003, 12:05 AM #1
Unhappy Should I format my HD and reinstall?
I am giving up. I have a virus I cannot read, I bought new McAfee VirusScan Online today. My account seems OK, went to Guest Account , default for WinXP. That is still infected, McAfee, Stinger, Lavasoft products cannot see it.

My teacher said I should look in the Help Files, for "command Line" . That is a little too much for me to learn right now!

I have more than one program that I cannot uninstall. I am losing track of cumulative problems. Now, I am thinking that formatting - erasing everything from my HD - might be an answer. [1] Gets rid of the prob? [2] Speeds up my system, by getting rid of unnecessary crap.

Logfile of HijackThis v1.97.3
Scan saved at 21:42:25, on 10/31/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\cidaemon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\McAfee.com\Secure IE\SecureIE.exe
C:\Documents and Settings\Michael Lawrence\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download File - C:\Program Files\McAfee.com\Secure IE\Scripts\AddToTransferQueue.htm
O8 - Extra context menu item: &Highlight - C:\Program Files\McAfee.com\Secure IE\Scripts\highlight.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Zoom &In - C:\Program Files\McAfee.com\Secure IE\Scripts\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\Program Files\McAfee.com\Secure IE\Scripts\zoomout.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...2/mcinsctl.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7919.605150463
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...15/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Please help, I also have an EasyCleaner logfile of my registry:

Registry key Last modification String value File/path reference
HKEY_CURRENT_USER: Software\Autodesk\AutoCAD\R16.0\ACAD-201:409\MiniDump 06/06/2003 04:19PM DmpFilePath C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\acminidump.dmp
HKEY_CURRENT_USER: Software\Microsoft\FrontPage 10/10/2003 08:17PM WecErrorLog C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\wecerr.txt
HKEY_CURRENT_USER: Software\Microsoft\Internet Explorer\Main 11/01/2003 04:36AM Local Page C:\WINDOWS\SYSTEM\blank.htm
HKEY_CURRENT_USER: Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\ieupdate.exe IEUNINST
HKEY_CURRENT_USER: Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS6B.tmp INS6B
HKEY_CURRENT_USER: Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS6E.tmp INS6E
HKEY_CURRENT_USER: Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS3.tmp INS3
HKEY_CURRENT_USER: Software\Netscape\Netscape Navigator\User Trusted External Applications 09/30/2003 08:24AM C:\PROGRA~1\QUICKT~1\PictureViewer.exe Yes
HKEY_USERS: .DEFAULT\Software\Microsoft\Internet Explorer\Main 10/25/2003 09:01PM Local Page C:\WINDOWS\SYSTEM\blank.htm
HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Autodesk\AutoCAD\R16.0\ACAD-201:409\MiniDump 06/06/2003 04:19PM DmpFilePath C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\acminidump.dmp
HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\FrontPage 10/10/2003 08:17PM WecErrorLog C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\wecerr.txt
HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\Internet Explorer\Main 11/01/2003 04:36AM Local Page C:\WINDOWS\SYSTEM\blank.htm
HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\ieupdate.exe IEUNINST
HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS6B.tmp INS6B
HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS6E.tmp INS6E
HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS3.tmp INS3
HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Netscape\Netscape Navigator\User Trusted External Applications 09/30/2003 08:24AM C:\PROGRA~1\QUICKT~1\PictureViewer.exe Yes
HKEY_USERS: S-1-5-18\Software\Microsoft\Internet Explorer\Main 10/25/2003 09:01PM Local Page C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE: Software\Classes\AppID\NMSSvc.EXE 10/06/2003 03:57PM LogFile C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NMSSvc.log
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{28FDF524-4075-11D3-88B2-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF474-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF476-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF478-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF47A-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF47C-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF47E-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF480-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF482-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{56083E4D-2042-11D3-BF4A-0060B0FBE1C8}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{56083E56-2042-11D3-BF4A-0060B0FBE1C8}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{56083E59-2042-11D3-BF4A-0060B0FBE1C8}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{56083E5C-2042-11D3-BF4A-0060B0FBE1C8}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{62025762-E692-11D2-9B44-0060089F7CC9}\LocalServer32 10/06/2003 03:57PM C:\PROGRA~1\EARTHL~1.0\ELNhelp.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{78F00D94-3EC7-11D3-88AC-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{7C3292CC-C25A-11D2-9949-00104BD069D6}\LocalServer32 10/06/2003 03:57PM C:\PROGRA~1\EARTHL~1.0\EARTHL~1.EXE
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{7CA7D1D5-711B-11D3-88D0-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{7CA7D1DA-711B-11D3-88D0-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{7E711AA6-572D-11D3-88CE-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{8E75D913-3D21-11d2-85C4-080009A0C626}\LocalServer32 10/06/2003 03:57PM C:\PROGRA~1\AUTOCA~1\acad.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{B5F16961-679D-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{CC2C83A6-9BE4-11D0-98E7-00C04FC2CAF5}\InprocServer32 10/25/2003 09:08PM SystemDB C:\WINDOWS\System32\system.mdw
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{F2E5865E-2DA2-11D3-889C-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{F8C7FB72-BCD4-11D4-ABD6-0060B0FB3286}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\Installer\Patches\30925B1811C46D116B1E000B0D9431F9\SourceL ist\Net 10/06/2003 03:57PM 1 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE: Software\Classes\Installer\Products\1AA49DCE568D4FE4F8C7A56AD873BA9E\Source List\Net 10/06/2003 03:57PM 1 C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\pft1C~tmp\Control\
HKEY_LOCAL_MACHINE: Software\Classes\Installer\Products\462509CEEFCBB324C9243C1A60627609\Source List\Net 10/06/2003 03:57PM 1 C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE: Software\Classes\Installer\Products\AA75334BD6A349D45BE6344CD4905E84\Source List\Net 10/06/2003 03:57PM 1 C:\DELL\6w650\
HKEY_LOCAL_MACHINE: Software\Classes\Installer\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\Source List\Net 10/06/2003 03:57PM 1 C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE: Software\Classes\Software\RealNetworks\RealPlayer\6.0\Preferences\SystemCoo kiesPath 10/06/2003 03:57PM C:\WINDOWS\System32\syscookies.txt
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{0D3DEBA1-DEBE-11D1-8B87-00C04FD7A924}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\2
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{0D3DEBA1-DEBE-11D1-8B87-00C04FD7A924}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{1C565858-F302-471E-B409-F180AA4ABEC6}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\hnetcfg.dll\2
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{1C565858-F302-471E-B409-F180AA4ABEC6}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\System32\hnetcfg.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{29894293-C0FE-11D1-8D87-0060088F38C8}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\5
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{29894293-C0FE-11D1-8D87-0060088F38C8}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\vbscript.dll\2
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\5.5\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\vbscript.dll\3
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{45993405-FFE8-4138-B8E9-8F782E741E61}\2.0\0\win32 10/10/2003 05:23AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\PPT10.0\MSForms.exd
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{45993405-FFE8-4138-B8E9-8F782E741E61}\2.0\HELPDIR 10/10/2003 05:23AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\PPT10.0
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{4F69D2A3-5594-11D3-88C4-0080C7CA1A70}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{56BC53D1-96DB-11D1-BF3F-000000000000}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\iassdo.dll\2
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{56BC53D1-96DB-11D1-BF3F-000000000000}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\System32\iassdo.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{5DD8EFD1-75D8-4F4C-B63B-3E695CFC29B6}\1.0\0\win32 10/06/2003 03:57PM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{5DD8EFD1-75D8-4F4C-B63B-3E695CFC29B6}\1.0\HELPDIR 10/06/2003 03:57PM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Word8.0
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{640D3148-A423-11D2-B943-00C04F79D22F}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\7
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{640D3148-A423-11D2-B943-00C04F79D22F}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{680C64B0-8DA2-4399-BF4B-E94C1E52983E}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\mmc.exe\4
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{680C64B0-8DA2-4399-BF4B-E94C1E52983E}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\System32\mmc.exe\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}\1.0\0\win32 10/08/2003 08:31AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\InfoWindow.dll
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{81DDF732-4AA8-4A35-BDFF-8B42EFE7C624}\1.0\0\win32 10/25/2003 09:09PM C:\WINDOWS\System32\iassdo.dll\1
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{81DDF732-4AA8-4A35-BDFF-8B42EFE7C624}\1.0\HELPDIR 10/25/2003 09:09PM C:\WINDOWS\System32\iassdo.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{8E17FFE3-C5BA-11D1-8D8A-0060088F38C8}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\6
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{8E17FFE3-C5BA-11D1-8D8A-0060088F38C8}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{8F0DD2C7-786E-11D0-A671-000092909AB2}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\SYSTEM32\popup.ocx
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{97177EBC-0C54-11D0-B407-00AA00C14969}\5.0\9\win32 10/06/2003 03:57PM C:\WINDOWS\System32\msvbvm50.dll\2
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{9B085638-018E-11D3-9D8E-00C04F72D980}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\msvidctl.dll\2
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{9B085638-018E-11D3-9D8E-00C04F72D980}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\System32\msvidctl.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{AC2DE821-36A2-11CF-8053-00AA006009FA}\2.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\FM20.DLL\2
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{B79DCE14-3C32-41C1-B26E-61FE415225E5}\2.0\0\win32 10/08/2003 04:34AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Word8.0\MSForms.exd
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{B79DCE14-3C32-41C1-B26E-61FE415225E5}\2.0\HELPDIR 10/08/2003 04:34AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Word8.0
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{BF981FCC-B743-11D1-A69A-00C04FB9988E}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\4
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{BF981FCC-B743-11D1-A69A-00C04FB9988E}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{C2BE6961-DF9E-11D1-8B87-00C04FD7A924}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\3
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{C2BE6961-DF9E-11D1-8B87-00C04FD7A924}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{CB39A774-E5E4-11D1-8CC0-00C04FC3261D}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrv.dll\2
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{CB39A774-E5E4-11D1-8CC0-00C04FC3261D}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrv.dll\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{CFFAAD91-3E1B-11D3-88AC-0080C7CA1A70}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\KzDesktop.dll
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\msagent\AgentSvr.exe\2
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\msagent\AgentSvr.exe\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}\6.0\9\win32 10/06/2003 03:57PM C:\WINDOWS\System32\msvbvm60.dll\3
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{FC7D9000-3F9E-11D3-93C0-00C04F72DAF7}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\2
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{FC7D9000-3F9E-11D3-93C0-00C04F72DAF7}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{FC7D9E00-3F9E-11D3-93C0-00C04F72DAF7}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\1
HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{FC7D9E00-3F9E-11D3-93C0-00C04F72DAF7}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\
HKEY_LOCAL_MACHINE: Software\CyberLink\PowerDVD 10/25/2003 09:01PM SrcDir C:\DELL\D0844\
HKEY_LOCAL_MACHINE: Software\Dell\America Online 8.0 10/25/2003 09:01PM IconPath c:\Windows\System32\OOBE\Images\AOLFINI.jpg
HKEY_LOCAL_MACHINE: Software\Intel\NETWORK_SERVICES\NMS\DiagnosticsLogInformation 10/25/2003 09:01PM FilePath C:\WINDOWS\System32\NMSDiag.log
HKEY_LOCAL_MACHINE: Software\McAfee.com\Personal Firewall\Installer 10/14/2003 02:46PM MPFDownloadPath C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\MCAD898.tmp
HKEY_LOCAL_MACHINE: Software\McAfee.com\Virusscan Online\Installer 10/31/2003 09:23PM VSODownloadPath C:\WINDOWS\TEMP\mcuF1.tmp
HKEY_LOCAL_MACHINE: Software\Microsoft\Advanced INF Setup\ieupdate 10/27/2003 09:57PM InstallINFFile C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\Q828750.inf
HKEY_LOCAL_MACHINE: Software\Microsoft\Advanced INF Setup\oeupdate 10/27/2003 09:58PM InstallINFFile C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\Q330994.inf
HKEY_LOCAL_MACHINE: Software\Microsoft\IMAPI\StashInfo 10/06/2003 03:57PM StashPath C:\WINDOWS\Temp\StashIMAPI.bin
HKEY_LOCAL_MACHINE: Software\Microsoft\Java VM 10/06/2003 03:57PM LibsDirectory C:\WINDOWS\java\lib
HKEY_LOCAL_MACHINE: Software\Microsoft\Microsoft Interactive Training 10/06/2003 03:57PM MediaPath C:\DELL\SBS\content\
HKEY_LOCAL_MACHINE: Software\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD 10/06/2003 03:57PM RequiredFile C:\WINDOWS\System32\enable.dvd
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\advapi32.dll[MofResourceName] LowDateTime:237388672,HighDateTime:29512518***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\ACPI.sys[ACPIMOFResource] LowDateTime:137388672,HighDateTime:29512518***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\e100b325.sys[NdisMofResource] LowDateTime:1882760960,HighDateTime:29515740***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\BCMSM.sys[MofResource] LowDateTime:-1641761280,HighDateTime:29547554***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\Drivers\Modem.SYS[MODEMWMI] LowDateTime:-1647578624,HighDateTime:29512518***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\ipnat.sys[IPNATMofResource] LowDateTime:442421376,HighDateTime:29512519***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\advapi32.dll[MofResourceName] LowDateTime:237388672,HighDateTime:29512518***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\ACPI.sys[ACPIMOFResource] LowDateTime:137388672,HighDateTime:29512518***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\e100b325.sys[NdisMofResource] LowDateTime:1882760960,HighDateTime:29515740***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\BCMSM.sys[MofResource] LowDateTime:-1641761280,HighDateTime:29547554***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\Drivers\Modem.SYS[MODEMWMI] LowDateTime:-1647578624,HighDateTime:29512518***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\ipnat.sys[IPNATMofResource] LowDateTime:442421376,HighDateTime:29512519***Binary mof compiled successfully
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders 10/06/2003 03:57PM Folder C:\WINDOWS\msdownld.tmp|?:\msdownld.tmp
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A3E483FB3B84D116B4D000972310F18 06/21/2003 02:12PM 00000000000000000000000000000000 C:\WINDOWS\Fonts\Wpco01na.ttf
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A3E483FB3B84D116B4D000972310F18 06/21/2003 02:12PM 00000000000000000000000000000000 C:\WINDOWS\Fonts\Wpce08n_.ttf
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5EF59D0D5306D647C77D68571B6DF388 09/22/2003 07:22AM 462509CEEFCBB324C9243C1A60627609 C:\WINDOWS\System32\DRM\msdrmv1.CAT
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B93E483FB3B84D116B4D000972310F18 06/21/2003 02:12PM 00000000000000000000000000000000 C:\WINDOWS\Fonts\Wpco08n_.ttf
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D93E483FB3B84D116B4D000972310F18 06/21/2003 02:12PM 00000000000000000000000000000000 C:\WINDOWS\Fonts\Wpco03n_.ttf
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F93E483FB3B84D116B4D000972310F18 06/21/2003 02:12PM 00000000000000000000000000000000 C:\WINDOWS\Fonts\wpco01nb.ttf
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1AA49DCE568D4FE4F8C7A56AD873BA9E\InstallProperties 05/11/2003 04:20AM InstallSource C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\pft1C~tmp\Control\
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\462509CEEFCBB324C9243C1A60627609\InstallProperties 09/22/2003 12:07PM InstallSource C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA75334BD6A349D45BE6344CD4905E84\InstallProperties 04/25/2003 10:37PM InstallSource C:\DELL\6w650\
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\InstallProperties 10/06/2003 03:57PM InstallSource C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Setup 10/25/2003 09:09PM ServicePackCachePath c:\windows\ServicePackFiles\ServicePackCache
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Uninstall\{5783F2D7-0204-0409-0000-0060B0CE6BBA} 10/06/2003 03:57PM DisplayIcon C:\WINDOWS\Installer\{5783F2D7-0204-0409-0000-0060B0CE6BBA}\Adt4Icon.exe
HKEY_LOCAL_MACHINE: Software\Microsoft\Windows Media Device Manager 10/06/2003 03:57PM Log.Filename C:\WINDOWS\System32\Wmdm.log


Michael S.
scmazter's Avatar
scmazter scmazter is offline
Senior Member with 557 posts.
 
Join Date: Oct 2003
Location: Sydney, Australia
Experience: Advanced
01-Nov-2003, 01:25 AM #2
Umm, well how do you know if it's a virus? Well, if it is, start windows in safe mode with networking and scan your comp with housecall located here: http://housecall.trendmicro.com and if it turns up with something remove it, using removing instructions @ trendmicro.

Last edited by scmazter; 01-Nov-2003 at 02:01 AM..
Michael S.'s Avatar
Michael S. Michael S. is offline
Member with 177 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Mesa, Arizona
Experience: Intermediate
01-Nov-2003, 01:34 AM #3
Quote:
"start windows in fase mode and scan your comp with housecall located here: http://housecall.trendmicro.com and if it turns up with something remove it, using removing instructions @ trendmicro."
End Quote:

You meant "safe mode", correct?
Michael S.'s Avatar
Michael S. Michael S. is offline
Member with 177 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Mesa, Arizona
Experience: Intermediate
01-Nov-2003, 01:40 AM #4
I know it is a virus becuase it "reinitializes" my McAfee Security Sytstem, by disabling the program. then it tends to start removing tasks and major groups of files. Like Restoring/Maximizing a window, Removing all of the Help Files, rendering exiting a window unusable, blacking out the status bar, start menu and ecetera.
Spiritwalker's Avatar
Spiritwalker Spiritwalker is offline
Member with 175 posts.
 
Join Date: Sep 2003
01-Nov-2003, 01:51 AM #5
BCMSMMSG.exe is spyware
DSentry.exe is a trojan
scmazter's Avatar
scmazter scmazter is offline
Senior Member with 557 posts.
 
Join Date: Oct 2003
Location: Sydney, Australia
Experience: Advanced
01-Nov-2003, 02:00 AM #6
Ooooopsy, thanks Michael S.
Michael S.'s Avatar
Michael S. Michael S. is offline
Member with 177 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Mesa, Arizona
Experience: Intermediate
01-Nov-2003, 02:00 AM #7
O.K. , I went to the web site, My Computer doesn't show what I believe I was told should appear, maybe I didn't undertand well enough. Even so, I appear to be LOSING THE POWER AND/OR ABILITY TO COMMUNICATE.

I cannot refresh any screen; a half hour ago, I had super speed, now IO am a snail!!!
scmazter's Avatar
scmazter scmazter is offline
Senior Member with 557 posts.
 
Join Date: Oct 2003
Location: Sydney, Australia
Experience: Advanced
01-Nov-2003, 02:04 AM #8
Errr, are you sure you were in SAFE MODE WITH NETWORKING? (I know I put networking in just now, but lol i forgot 2 mention that earlier), because some viruses stop you from going 2 anti-virus sites.
Michael S.'s Avatar
Michael S. Michael S. is offline
Member with 177 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Mesa, Arizona
Experience: Intermediate
01-Nov-2003, 02:16 AM #9
O.K., I am scared of doing things that i don't much about.
Safe is done how?
CTRL+ALT+DEL, the when startup runs I press DEL to run Setup?
Am I right?
scmazter's Avatar
scmazter scmazter is offline
Senior Member with 557 posts.
 
Join Date: Oct 2003
Location: Sydney, Australia
Experience: Advanced
01-Nov-2003, 02:30 AM #10
Ahh sorry, i'm not thinkinh 4 dimentionally again (LOL), when your computer starts up, just before it displays windows XP logo, press f9, and use arrow keys 2 navigate, and choose "Safe Mode with Networking" and press enter.
Michael S.'s Avatar
Michael S. Michael S. is offline
Member with 177 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Mesa, Arizona
Experience: Intermediate
05-Nov-2003, 02:16 AM #11
At startup F9 does not do a thing, for a menu to chose how my system starts.
scmazter's Avatar
scmazter scmazter is offline
Senior Member with 557 posts.
 
Join Date: Oct 2003
Location: Sydney, Australia
Experience: Advanced
05-Nov-2003, 02:20 AM #12
Umm, the trick is to press f9 with the speed of light, start about 10 seconds before the windows XP logo comes on at startup (with the green things going through the bar).
KeithKman's Avatar
Computer Specs
Senior Member with 1,983 posts.
 
Join Date: Dec 2002
Location: Southern California
Experience: Intermediate
05-Nov-2003, 02:22 AM #13
Do this in order:

1) Open Internet Explorer -> Tools -> Internet Options -> delete cookies, delete files (select off-line content), clear history. Then click ok and exit Internet Explorer.


2) Read http://tomcoyote.org/SPYBOT/index1.html then download and run SpyBot. Make sure to get the updates for SpyBot before you have it scan your computer. After you scan and remove anything SpyBot finds, make sure to click the Immunize button followed by OK and then click the Immunize button in the right pane.


3) Run two of the following free online Anti-Virus scans here:

http://housecall.trendmicro.com - I found this to work the best.

http://security.symantec.com/default.asp?

http://www.pandasoftware.com/activescan

http://www.ravantivirus.com/scan


4) Run:
http://www.anti-trojan.net/en/onlinecheck.aspx
(site might be slow, just be patient.)


5) RePost a fresh HiJackThis log.
Michael S.'s Avatar
Michael S. Michael S. is offline
Member with 177 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Mesa, Arizona
Experience: Intermediate
06-Nov-2003, 11:44 PM #14
Keith:
Thank You for the help

This would not run, failed on readiding my IP Adderess
http://www.anti-trojan.net/en/onlinecheck.aspx

Inserting NEW HIJACK!

Logfile of HijackThis v1.97.3
Scan saved at 21:44:36, on 11/6/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\Secure IE\SecureIE.exe
C:\Documents and Settings\Michael Lawrence\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download File - C:\Program Files\McAfee.com\Secure IE\Scripts\AddToTransferQueue.htm
O8 - Extra context menu item: &Highlight - C:\Program Files\McAfee.com\Secure IE\Scripts\highlight.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Zoom &In - C:\Program Files\McAfee.com\Secure IE\Scripts\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\Program Files\McAfee.com\Secure IE\Scripts\zoomout.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...2/mcinsctl.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7919.605150463
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...15/mcgdmgr.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by10fd.bay10.hotmail.msn.com/...x/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
Michael S.'s Avatar
Michael S. Michael S. is offline
Member with 177 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Mesa, Arizona
Experience: Intermediate
07-Nov-2003, 03:01 AM #15
O.K., this thing acted like a nasty dog biting back. That could be funny if I knew a dog that didn't bite back!
I used some well-advised programs to look for it, didn't see it.

I followed instructions:

[QUOTE}Do this in order:

1) Open Internet Explorer -> Tools -> Internet Options -> delete cookies, delete files (select off-line content), clear history. Then click ok and exit Internet Explorer.


2) Read http://tomcoyote.org/SPYBOT/index1.html then download and run SpyBot. Make sure to get the updates for SpyBot before you have it scan your computer. After you scan and remove anything SpyBot finds, make sure to click the Immunize button followed by OK and then click the Immunize button in the right pane.


3) Run two of the following free online Anti-Virus scans here:

http://housecall.trendmicro.com - I found this to work the best.

http://security.symantec.com/default.asp?

http://www.pandasoftware.com/activescan

http://www.ravantivirus.com/scan


4) Run:
http://www.anti-trojan.net/en/onlinecheck.aspx
(site might be slow, just be patient.)


5) RePost a fresh HiJackThis log.
{END QUOTE}

After I did all of these things, SecureIE shut down, complaining that a non-running office application needed configuration or something.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2