1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijacked Browser????

Discussion in 'Virus & Other Malware Removal' started by flpanhead, Apr 19, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. flpanhead

    flpanhead Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    9
    Hello. I've been having a problem with my internet. It will sign on when no one is at the computer, it will randomly change my homepage, and many things have been added to my favorites list that neither I nor my family put on it. The computer locks up often and when I attempt to fix the problem by hitting control/alt/delete, I get a message that says, "System resources are dangerously low. Would you like to terminate this application?" I click yes, but nothing happens. Then I attempt the same procedure again but it asks me to terminate the same application over and over. I try to reach the restart option by going through the start menu, but when I click on the start button, nothing happens. I have already run SpyBot and AdAware. You will probably ask me for a Hijack This log file, but I can't figure out how to add an attachment to this message. I have looked for the browse option at the bottom of the post composition page but can't find it. Any help you could give would be appreciated. Thanks in advance.
     
  2. stillearning

    stillearning

    Joined:
    Mar 15, 2004
    Messages:
    389
    When you have saved your HijackThis log to txt file, open the file & copy the entire log to your clipboard. Simply paste it here in the body of your post.
    Did you update both Adaware & spybot B4 use? If not, please do so & run them again, rebooting after & B4 posting the new log.
     
  3. flpanhead

    flpanhead Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    9
    Here is a copy of the Hijack file. By the way, every time the computer is turned on or rebooted it says "Please wait while setup updates your configuration files." Also Spybot goes through the motions and finds the same 4 files. 3 say "Redirected Host" and the last one says "Register or Registry" I think. I immunize but it says "All known bad products are already blocked."


    Logfile of HijackThis v1.97.2
    Scan saved at 8:18:56 AM, on 4/20/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
    C:\WINDOWS\SYSTEM\LXAMSP32.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\SPAMKILLER\SPAMKILLER.EXE
    C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
    C:\PROGRAM FILES\LEXMARKX63\ACBTNMGR_X63.EXE
    C:\PROGRAM FILES\LEXMARKX63\ACMONITOR_X63.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: erted by Spybot - Search & Destroy
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: }
    O1 - Hosts: ww.igetnet.com
    O1 - Hosts: "')", Timeout);
    O1 - Hosts: }
    O1 - Hosts: }
    O1 - Hosts: ";
    O1 - Hosts: et.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
    O4 - HKLM\..\Run: [KodakCCS] c:\windows\System32\Drivers\KodakCCS.exe
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\mcafee.com\SpamKiller\SpamKiller.exe
    O4 - Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
    O4 - Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    O4 - Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.149/code/PWActiveXImgCtl.CAB
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/OilChange/MGOcCtl_new.cab
    O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab
    O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.1847453704
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.rightnowtech.com/na/na/rnt/rnl/java/RntX.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/ym/yiebio5_1_6_0.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
     
  4. stillearning

    stillearning

    Joined:
    Mar 15, 2004
    Messages:
    389
    First up you have an ancient version of HijackThis. Download the latest from here

    In the meanwhile close ALL windows except HijackThis & place a check next to the following entries then press 'fix checked' =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: erted by Spybot - Search & Destroy
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: }
    O1 - Hosts: ww.igetnet.com
    O1 - Hosts: "')", Timeout);
    O1 - Hosts: }
    O1 - Hosts: }
    O1 - Hosts: ";
    O1 - Hosts: et.com

    Download LSPfix from here
    On the opening screen, click the "I know what I'm doing" checkbox. Check all instances of "inetadpt.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish.

    reboot & delete this file=

    c:\windows\system\inetadpt.dll

    Reboot & scan with the latest version of HijackThis that you have just downloaded. Post the log back here plz. :)
     
  5. flpanhead

    flpanhead Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    9
    Good morning! Here's the latest from my end. I followed your instructions about removing the mentioned files which turned out to be only one file and rebooted then deleted the windows system file.

    Logfile of HijackThis v1.97.7
    Scan saved at 8:10:01 AM, on 4/21/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LXAMSP32.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\SPAMKILLER\SPAMKILLER.EXE
    C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
    C:\PROGRAM FILES\LEXMARKX63\ACBTNMGR_X63.EXE
    C:\PROGRAM FILES\LEXMARKX63\ACMONITOR_X63.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
    O4 - HKLM\..\Run: [KodakCCS] c:\windows\System32\Drivers\KodakCCS.exe
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\mcafee.com\SpamKiller\SpamKiller.exe
    O4 - Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
    O4 - Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    O4 - Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.149/code/PWActiveXImgCtl.CAB
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/OilChange/MGOcCtl_new.cab
    O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab
    O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.1847453704
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.rightnowtech.com/na/na/rnt/rnl/java/RntX.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/ym/yiebio5_1_6_0.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
     
  6. stillearning

    stillearning

    Joined:
    Mar 15, 2004
    Messages:
    389
    Hi. :) Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box=

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.5.cab

    Your next step is to go here & install ALL critical updates required for your system.
     
  7. flpanhead

    flpanhead Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    9
    Hello Stillearning, I deleted the selected file as instructed and downloaded the critical updates but am still getting hyjacked. By looking at the Hyjack log that I ran this morning some of the "Host" files are back and so is the proxy override = localhost file that I deleted a day or two ago. Are they getting back in as fast as I can delete them? I do not have a firewall but am considering getting one. Would a firewall stop this from happening? Is Active X doing this to me and if so how do I turn Active X off or are there other ways to keep Active X and still be protected? I thank you very much for taking the time to help me with these problems.



    Logfile of HijackThis v1.97.7
    Scan saved at 7:48:15 AM, on 4/22/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
    C:\WINDOWS\SYSTEM\LXAMSP32.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\SPAMKILLER\SPAMKILLER.EXE
    C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
    C:\PROGRAM FILES\LEXMARKX63\ACBTNMGR_X63.EXE
    C:\PROGRAM FILES\LEXMARKX63\ACMONITOR_X63.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
    O4 - HKLM\..\Run: [KodakCCS] c:\windows\System32\Drivers\KodakCCS.exe
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\mcafee.com\SpamKiller\SpamKiller.exe
    O4 - Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
    O4 - Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    O4 - Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.149/code/PWActiveXImgCtl.CAB
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/OilChange/MGOcCtl_new.cab
    O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab
    O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.1847453704
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.rightnowtech.com/na/na/rnt/rnl/java/RntX.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/ym/yiebio5_1_6_0.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
     
  8. stillearning

    stillearning

    Joined:
    Mar 15, 2004
    Messages:
    389
    Looking at that log the critical update isn't installed. IE6 should have SP1 installed otherwise you are still vulnerable to certain exploits. You can install spywareblaster to protect you from bad active x installs. Also spybot is able to install a list of known baddies into your hosts file, preventing redirection there. Can't remember offhand where the setting is for that. A small program called ie-spyad does the same.

    Boot into safe mode & delete these entries with HJT making certain that only HJT is open.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch

    reboot normally once done.

    Firewalls are a must. Zonealarm & sygate both offer excellent free versions & are easy to use.
     
  9. flpanhead

    flpanhead Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    9
    I deleted the files in safe mode that you mentioned in your last reply but they are back. When I tried to install the critical update I get a message that reads "A previous installation has pending work requiring a reboot. You need to restart your computer to complete that installation before running Internet Explorer Setup. Setup will now close." I can remember getting that message a long time age when I downloaded several updates but I had forgotten about it. How can I remedy this problem and get the critical update to complete the installation?
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Reboot your machine and post another log.
     
  11. flpanhead

    flpanhead Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    9
    Hello cybertech, Here's the latest log. By the way when I try to save the Hyjack log I get a message that says "Windows cannot locate C:\ BMP.exe. This file is needed to run this file or something like that." I have tried to locate it without success. What can I do to fix the problem?
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You didn't post the log.
     
  13. flpanhead

    flpanhead Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    9
    Sorry, I guess I got sidetracked. Since sending the last reply I have downloaded the Zonealarm firewall program. Here's the log.




    Logfile of HijackThis v1.97.7
    Scan saved at 7:30:10 PM, on 4/24/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\LXAMSP32.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
    C:\PROGRAM FILES\LEXMARKX63\ACBTNMGR_X63.EXE
    C:\PROGRAM FILES\LEXMARKX63\ACMONITOR_X63.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: etnet.com
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: Id('myScript').src = "";
    O1 - Hosts: ElementById('myScript').src = Url;
    O1 - Hosts: }
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
    O4 - HKLM\..\Run: [KodakCCS] c:\windows\System32\Drivers\KodakCCS.exe
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\mcafee.com\SpamKiller\SpamKiller.exe
    O4 - Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
    O4 - Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    O4 - Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.149/code/PWActiveXImgCtl.CAB
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/OilChange/MGOcCtl_new.cab
    O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab
    O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.1847453704
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.rightnowtech.com/na/na/rnt/rnl/java/RntX.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/ym/yiebio5_1_6_0.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again check:

    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.149/code/PWActiveXImgCtl.CAB

    Close all browser windows and applications before clicking "fix checked".

    What of your original problems still exist?
     
  15. flpanhead

    flpanhead Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    9
    Deleted the 2 files per instructions. Haven't been hyjacked since downloading the firewall. Problem 1: The computer will still lock up and when I hit ctrl/alt/del I am still getting the message that says "System resources are dangerously low, would I like to terminate the following application?" Then it goes through the list of things that are running as I click ctrll/alt/del each time and close some of the programs. I don't know if I should close all of them so usually either hit ctrl/alt/del a second time and the computer restarts or I have to hit the power button to get it to do anything. My computer has 384 megs of SDRAM so should I be that low on resources? Problem 2: Can't seem to get the critical update to finish installation (see reply #9 to get the specifics.) Thanks!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221787

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice