1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I really need help on this!!! I have no idea what has happened to my computer!!!

Discussion in 'Virus & Other Malware Removal' started by Americanna, May 2, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Americanna

    Americanna Thread Starter

    Joined:
    Apr 6, 2003
    Messages:
    37
    Well I have been having problems fo rthe past couple days with my computer... My family has a computer set up where each user has their own private desktop and settings well the virus only seems to be in my account.... My virus scanner detected it and keeps detecting extra files from it .... I don't know what to do ...
    Everytime I sign on to the internet browser I'll be fine for a couple minutes then all of a sudden all these white blank pages pop up... and cover the whole desktop including the taskbar .... Then I have to hit the windows icon button on my keyboard to bring the pages back... Then it goes away then comes back so on and so on... Then the taskbar is filled with like 60 to 70 pages that I can't close because they are all blank ..... and cover everything.... It started when I was either logged in MSN or when my friend was copying a cd to another cd on my computer... If anyone can help I would be so thankfull.... I have gotten some great advice on this site... and reccomend it to anyone with a computer problem... Thank you if I have any more info Ill be sure to let you all know..... :( :mad:
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    hi.............need to know what your antivirus named the virus it found........then we can find the specific instructions on removal.

    can you also go here:http://housecall.trendmicro.com/
    and do an online scan as a second opinion.
    and here:http://www.lurkhere.com/~nicefiles/
    download "startuplist" run the program........copy/paste the generated textfile here in your next post along with housecalls findings.
    thanx;)
     
  3. Americanna

    Americanna Thread Starter

    Joined:
    Apr 6, 2003
    Messages:
    37
    Trojan Name Risk Assessment
    JS/Seeker.gen

    I think that is what it was called....
    Could be from those freescratch cards?? That everyone is talking about?
    Cause my computer has them too and I been trying to get rid of them and ever since I them this has been going on....

    Is there anyway I can find the name of both the viruses.... Are the links you gave me to do that... If so what do I do when I enter them.... The only way I am getting on the internet is through my sisters account....
     
  4. Americanna

    Americanna Thread Starter

    Joined:
    Apr 6, 2003
    Messages:
    37
    They found no viruses... I did the housecall... They found nothing....what did you want me to paste?
     
  5. Top Banana

    Top Banana

    Joined:
    Nov 10, 2002
    Messages:
    1,344
    Copy and paste "StartupList".
     
  6. Americanna

    Americanna Thread Starter

    Joined:
    Apr 6, 2003
    Messages:
    37
    I went back on my name and the virus detector was on and it said it had goung this ......

    C:\Documents and Settings\Carly\Local Settings\Temporary Internet Files\Content.IE5\WPY7ST2F\Search Creator[1].js was infected by the ......JS/Seeker.gen.e



    Here is the "STARTUPLIST" that I got .... This is all my files.......

    StartupList report, 5/2/2003, 8:16:24 AM
    StartupList version: 1.52
    Started from : C:\unzipped\startuplist1521[1]\StartupList.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Save\Save.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\DownloadWare\dw.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\nCase\msbb.exe
    C:\WINDOWS\TVMD.exe
    C:\Program Files\Common Files\Presentia\LTDMgr.exe
    C:\Program Files\Common Files\Presentia\LSvr.exe
    C:\Program Files\Hotbar\bin\4.2.8.0\HbInst.exe
    C:\WINDOWS\SYSTEM32\tbctray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM95\aim.exe
    C:\PROGRA~1\CLOCKS~1\Sync.exe
    C:\Program Files\WeatherCast\Weather.exe
    C:\Program Files\America Online 7.0\aoltray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hotbar\bin\4.2.8.0\HbSrv.exe
    C:\unzipped\startuplist1521[1]\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    Digital Line Detect.lnk = ?
    WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    BCMSMMSG = BCMSMMSG.exe
    DVDSentry = C:\WINDOWS\System32\DSentry.exe
    MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    MCAgentExe = C:\Program Files\McAfee.com\Agent\mcagent.exe
    MCUpdateExe = C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    VirusScan Online = c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe
    Lexmark X74-X75 = "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    ComcastSUPPORT = C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    WhenUSave = C:\PROGRA~1\Save\Save.exe
    DownloadWare = "C:\Program Files\DownloadWare\dw.exe" /H
    yqmpxitv = C:\WINDOWS\System32\yqmpxitv.exe
    mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    msbb = C:\Program Files\nCase\msbb.exe
    GMTZDJQWG = C:\WINDOWS\GMTZDJQWG.exe
    MemoryMeter = C:\Program Files\MemoryMeter\MemoryMeter.exe
    TVMD = C:\WINDOWS\TVMD.exe
    LTDMgr = C:\Program Files\Common Files\Presentia\LTDMgr.exe
    LSvr = C:\Program Files\Common Files\Presentia\LSvr.exe
    FZGMTZAGN = C:\WINDOWS\FZGMTZAGN.exe
    QISA = C:\WINDOWS\QISA.exe
    HBOC = C:\WINDOWS\HBOC.exe
    KRXELRYIO = C:\WINDOWS\KRXELRYIO.exe
    Hotbar = C:\Program Files\Hotbar\bin\4.2.8.0\HbInst.exe /Upgrade
    TraySantaCruz = C:\WINDOWS\SYSTEM32\tbctray.exe
    LexPPS.exe = C:\WINDOWS\System32\lexpps.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    AIM = C:\Program Files\AIM95\aim.exe -cnetwait.odl
    ClockSync = C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    WeatherCast = C:\Program Files\WeatherCast\Weather.exe /q
    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\SSTEXT3D.SCR
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\DOCUME~1\Corey\APPLIC~1\oajblsbrglr.dll - {17fd9d8f-9248-428b-8132-3c98874f1c57}
    (no name) - C:\DOCUME~1\Cindy\APPLIC~1\oajblsbrglr.dll - {73b2cd05-9bf7-48d6-ac40-9e6071674b0c}
    Support Software - C:\Program Files\Support Software\SS1.DLL - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    Hotbar - C:\Program Files\Hotbar\bin\4.2.8.0\HbHostIE.dll - {B195B3B3-8A05-11D3-97A4-0004ACA6948E}
    (no name) - C:\DOCUME~1\Babygirl\APPLIC~1\oajblsbrglb.dll - {D44B5436-B3E4-4595-B0E9-106690E70A58}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    McAfee.com Update Check (DJZ74F21-Owner).job
    McAfee.com Update Check (STACEY-Babygirl).job
    McAfee.com Update Check (STACEY-Carly).job
    McAfee.com Update Check (STACEY-Cindy).job
    McAfee.com Update Check (STACEY-Corey).job
    McAfee.com Update Check (STACEY-Fran).job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Musicnotes Viewer]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\mnviewer.dll
    CODEBASE = http://www.musicnotes.com/download/mnviewer.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [HbInstObj Class]
    InProcServer32 = C:\Program Files\Hotbar\bin\4.2.8.0\HbInstIE.dll
    CODEBASE = http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab

    [nCaseInstaller Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\nCaseInstaller.dll
    CODEBASE = http://bis.180solutions.com/activexinstallers/291/nCaseInstaller.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2003042101/housecall.antivirus.com/housecall/xscan53.cab

    [PSSetup Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\PSOCX.dll
    CODEBASE = http://www.adsvr.net/PowerStrip/PSOCX.cab

    [{A1DC3241-B122-195F-B21A-000000000000}]
    CODEBASE = http://www.blowsearch.com/TB/The_Ultimate_Browser_Enhancer.exe

    [{AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B}]
    CODEBASE = http://www.totalvelocity.com/MemoryMeterbb.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [{EB6AFDAB-E16D-430B-A5EE-0408A12289DC}]
    CODEBASE = http://download.fordaleltd.com/install/setup.cab

    [{ED3ADB6E-5AA9-41B0-9DDC-6F31A34552BE}]
    CODEBASE = http://206.161.193.101/install.exe

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    [{FC327B3F-377B-4CB7-8B61-27CD69816BC3}]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SNDbMark.dll
    CODEBASE = http://www.clock-sync.com/ClockSyncAutoSYNC0014.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 9,614 bytes
    Report generated in 0.407 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only




    I think this is from my whole computer !!!!! I could only do this on my sisters account!!! Mine won't let me!!!!:mad:
     
  7. Gordon7000

    Gordon7000

    Joined:
    Mar 22, 2003
    Messages:
    213
    Hi Americanna,

    You've got WhenUSave, Hotbar, and other malware. However, could you deal with the Trojan first please. Go to the link below and download a 30-Day evaluation copy of Trojan Hunter. Run this program to clear up the trojan, and afterward post a HijackThis log to the forum (in addition to the StartupList log you've already provided).

    http://www.misec.net/

    WhenUSave and Hotbar will need to be uninstalled from Add/Remove Programs (if listed) before doing any of the fixes with HijackThis. Someone here will guide you through the procedure.

    Run Spybot Search and Destroy after you've uninstalled those programs from Add/Remove. Again, someone will guide you on how to download and use Spybot.

    Regards, Gordon
     
  8. Corrosive

    Corrosive

    Joined:
    Jan 9, 2003
    Messages:
    1,058
    Just plain out of interest, would anyone be able to say what these are? They do look pretty dodgy, and I suspect they may be spyware.

    BCMSMMSG = BCMSMMSG.exe
    FZGMTZAGN = C:\WINDOWS\FZGMTZAGN.exe
    QISA = C:\WINDOWS\QISA.exe
    HBOC = C:\WINDOWS\HBOC.exe
    KRXELRYIO = C:\WINDOWS\KRXELRYIO.exe
    yqmpxitv = C:\WINDOWS\System32\yqmpxitv.exe
    GMTZDJQWG = C:\WINDOWS\GMTZDJQWG.exe
     
  9. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    The first is a BCM voicemodem driver.

    The rest are all malware, I should think.
    Yqmpxitv is probably Free_Scratch_Cards spyware, and the rest very likely backdoor trojans or worms.

    These are Powerstrip spyware:

    LTDMgr = C:\Program Files\Common Files\Presentia\LTDMgr.exe
    LSvr = C:\Program Files\Common Files\Presentia\LSvr.exe


    And so on... :rolleyes:
     
  10. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    one thing at a time,lets not confuse things:)
    download trojan hunter from the site gordon posted.there should be an update button somewhere.......download any updates and then do a full system scan.......let the hunter clean anything it finds.

    now go here:http://beam.to/spybotsd
    download "spybot" and install it.hit the "search for updates" tab and download whatever there is.
    now hit the "settings" and then "file sets" tabs and uncheck "system internals" and "usage tracking"
    now its time to see what spyware baddies you have.
    at the top of the window just under the "file "language" and "help" buttons are,hit the "spybot s&d" button(with the magnifying glass)now your on the maim window....now close all browser windows and hit the "check for problems" button and your away.....dont be alarmed if spybot finds a lot of stuff,its pretty normal 1st time around.
    after the scan hit "fix selected problems"

    re-boot the comp and run "startuplist" again and post another list.
    we are not quite done yet but all will be well soon ;)
     
  11. Americanna

    Americanna Thread Starter

    Joined:
    Apr 6, 2003
    Messages:
    37
    What is a HIJACK THIS log?
     
  12. Top Banana

    Top Banana

    Joined:
    Nov 10, 2002
    Messages:
    1,344
  13. Americanna

    Americanna Thread Starter

    Joined:
    Apr 6, 2003
    Messages:
    37
    Here is my hijackthis log I hope I did it right.....




    Logfile of HijackThis v1.93.0
    Scan saved at 12:43:08 AM, on 5/3/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://is1.websearch.com/huntsp.wbcrwl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.hotmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.comcast.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://is1.websearch.com/huntsp.wbcrwl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=http://localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {17fd9d8f-9248-428b-8132-3c98874f1c57} - C:\DOCUME~1\Corey\APPLIC~1\oajblsbrglr.dll
    O2 - BHO: (no name) - {73b2cd05-9bf7-48d6-ac40-9e6071674b0c} - C:\DOCUME~1\Cindy\APPLIC~1\oajblsbrglr.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
    O4 - HKLM\..\Run: [yqmpxitv] C:\WINDOWS\System32\yqmpxitv.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [GMTZDJQWG] C:\WINDOWS\GMTZDJQWG.exe
    O4 - HKLM\..\Run: [TVMD] C:\WINDOWS\TVMD.exe
    O4 - HKLM\..\Run: [LTDMgr] C:\Program Files\Common Files\Presentia\LTDMgr.exe
    O4 - HKLM\..\Run: [LSvr] C:\Program Files\Common Files\Presentia\LSvr.exe
    O4 - HKLM\..\Run: [FZGMTZAGN] C:\WINDOWS\FZGMTZAGN.exe
    O4 - HKLM\..\Run: [HBOC] C:\WINDOWS\HBOC.exe
    O4 - HKLM\..\Run: [KRXELRYIO] C:\WINDOWS\KRXELRYIO.exe
    O4 - HKLM\..\Run: [AHKQXUE] C:\WINDOWS\AHKQXUE.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.5\THGuard.exe"
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\SYSTEM32\tbctray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: Support (HKCU)
    O9 - Extra button: ComcastHSI (HKCU)
    O9 - Extra button: Help (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstallers/291/nCaseInstaller.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003042101/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {7704D8D8-9EFE-4D82-9C89-0ECBA8434EEE} (PSSetup Class) - http://www.adsvr.net/PowerStrip/PSOCX.cab
    O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.totalvelocity.com/MemoryMeterbb.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://bannerfarm.ace.advertising.com/bannerfarm/42833/VbouncerOuter1123030429.exe
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST0021.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ao.lop.com
    O17 - HKLM\Software\..\Telephony: DomainName = ao.lop.com
     
  14. Americanna

    Americanna Thread Starter

    Joined:
    Apr 6, 2003
    Messages:
    37
    Does reboot mean restart computer???
     
  15. Americanna

    Americanna Thread Starter

    Joined:
    Apr 6, 2003
    Messages:
    37
    Here is the stratup list..... I restarted the computer.... Then did a sartuplist......


    Oh and I got a questions about something else.... I erased my whole account and made a new one so all my files and everything are gone.... My new was missing later.... Is it possible for me to make a new one??




    StartupList report, 5/3/2003, 12:50:04 AM
    StartupList version: 1.52
    Started from : C:\unzipped\startuplist1521[1]\StartupList.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\WINDOWS\TVMD.exe
    C:\Program Files\Common Files\Presentia\LTDMgr.exe
    C:\Program Files\Common Files\Presentia\LSvr.exe
    C:\Program Files\TrojanHunter 3.5\THGuard.exe
    C:\WINDOWS\SYSTEM32\tbctray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\America Online 7.0\aoltray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\startuplist1521[1]\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    Digital Line Detect.lnk = ?

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    BCMSMMSG = BCMSMMSG.exe
    DVDSentry = C:\WINDOWS\System32\DSentry.exe
    MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    MCAgentExe = C:\Program Files\McAfee.com\Agent\mcagent.exe
    MCUpdateExe = C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    VirusScan Online = c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe
    Lexmark X74-X75 = "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
    ComcastSUPPORT = C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
    yqmpxitv = C:\WINDOWS\System32\yqmpxitv.exe
    mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    GMTZDJQWG = C:\WINDOWS\GMTZDJQWG.exe
    TVMD = C:\WINDOWS\TVMD.exe
    LTDMgr = C:\Program Files\Common Files\Presentia\LTDMgr.exe
    LSvr = C:\Program Files\Common Files\Presentia\LSvr.exe
    FZGMTZAGN = C:\WINDOWS\FZGMTZAGN.exe
    HBOC = C:\WINDOWS\HBOC.exe
    KRXELRYIO = C:\WINDOWS\KRXELRYIO.exe
    AHKQXUE = C:\WINDOWS\AHKQXUE.exe
    THGuard = "C:\Program Files\TrojanHunter 3.5\THGuard.exe"
    TraySantaCruz = C:\WINDOWS\SYSTEM32\tbctray.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\SSTEXT3D.SCR
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\DOCUME~1\Corey\APPLIC~1\oajblsbrglr.dll - {17fd9d8f-9248-428b-8132-3c98874f1c57}
    (no name) - C:\DOCUME~1\Cindy\APPLIC~1\oajblsbrglr.dll - {73b2cd05-9bf7-48d6-ac40-9e6071674b0c}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    McAfee.com Update Check (DJZ74F21-Owner).job
    McAfee.com Update Check (STACEY-America).job
    McAfee.com Update Check (STACEY-Babygirl).job
    McAfee.com Update Check (STACEY-Carly).job
    McAfee.com Update Check (STACEY-Cindy).job
    McAfee.com Update Check (STACEY-Corey).job
    McAfee.com Update Check (STACEY-Fran).job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Musicnotes Viewer]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\mnviewer.dll
    CODEBASE = http://www.musicnotes.com/download/mnviewer.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [nCaseInstaller Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\nCaseInstaller.dll
    CODEBASE = http://bis.180solutions.com/activexinstallers/291/nCaseInstaller.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2003042101/housecall.antivirus.com/housecall/xscan53.cab

    [PSSetup Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\PSOCX.dll
    CODEBASE = http://www.adsvr.net/PowerStrip/PSOCX.cab

    [{AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B}]
    CODEBASE = http://www.totalvelocity.com/MemoryMeterbb.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [{D9EC0A76-03BF-11D4-A509-0090270F86E3}]
    CODEBASE = http://bannerfarm.ace.advertising.com/bannerfarm/42833/VbouncerOuter1123030429.exe

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    [{FC327B3F-377B-4CB7-8B61-27CD69816BC3}]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SNDbMark.dll
    CODEBASE = http://www.getweathercast.com/WeatherAutoCAST0021.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 8,016 bytes
    Report generated in 0.047 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only



    I want to thank you guys so much for helping me through this all... You all helped me on my last problem and I will continue to come here for advice....

    I have other questions but they can wait til after all this .... We'll do one thing at a time!!
    :)

    Americanna
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/131626

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice