1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: HELP tried everything nothing is working res:SHDOCLC.DLL/dnserror.htm

Discussion in 'Web & Email' started by dannohahn, Nov 30, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. dannohahn

    dannohahn Thread Starter

    Joined:
    Nov 30, 2005
    Messages:
    18
    i've been searching different forums and trying to solve this problem but nothing has been working.

    internet explorer wont load web pages on other profiles on this computer, but it works on mine. the message reads res://c:\windows\system\SHDOCLC.DLL/dnserror.htm on the bottom of IE

    i hear HijackThis helps out with sloving problem so heres the log from the problem profile

    Logfile of HijackThis v1.99.1
    Scan saved at 8:45:34 PM, on 11/30/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\3DMouse\3DMouse.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\WINDOWS\System32\umonit.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\CenturyTel\fptool.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\WinPortrait\floater.exe
    C:\Program Files\Common Files\AOL\1124921170\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1124921170\ee\AOLServiceHost.exe
    C:\Program Files\CenturyTel FastLine Accelerator\PropelAC.exe
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurytel.net/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trafficzap.com/exchange/traffic.php?id=41420&refurl=http://www.myfreesoftware.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.v2premier.com"); (C:\Documents and Settings\Daddy\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Daddy\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
    O2 - BHO: (no name) - {1AA63441-83FF-DE7F-80BB-F00A725BA79D} - C:\WINDOWS\system32\kgzvwu.dll
    O2 - BHO: (no name) - {1CF76E47-DEFF-8F28-80BB-F00A725BA79C} - C:\WINDOWS\system32\kgzvwu.dll
    O2 - BHO: (no name) - {29DA5E47-F3CC-BA1C-AD8B-C027426B8AAC} - C:\WINDOWS\system32\kgzvwu.dll
    O2 - BHO: (no name) - {2F8B0441-AECC-EB4B-AD8B-C027426B8AAD} - C:\WINDOWS\system32\kgzvwu.dll
    O2 - BHO: (no name) - {457777B8-D23B-94B0-00C1-E4D5BDA6BDFF} - blank (file missing)
    O2 - BHO: (no name) - {526FF3EE-0730-15EF-0681-30B8FBC0A3AB} - C:\WINDOWS\system32\nhziyvn.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5734F3E8-046F-44EB-0681-30B8FBC0A3AA} - C:\WINDOWS\system32\nhziyvn.dll
    O2 - BHO: (no name) - {6219C3E8-295C-71DF-2BB1-0095CBF08E9A} - C:\WINDOWS\system32\nhziyvn.dll
    O2 - BHO: (no name) - {6742C3EE-2A03-20DB-2BB1-0095CBF08E9B} - C:\WINDOWS\system32\nhziyvn.dll
    O2 - BHO: (no name) - {7283F4D5-0054-11D4-3BA2-628D18CFDFFF} - (no file)
    O2 - BHO: (no name) - {7AFBCCE8-383F-7BEB-0441-0C9B397DD9AF} - (no file)
    O2 - BHO: (no name) - {8DD59BF0-3D25-7FFF-4535-5B9E198924FE} - blank (file missing)
    O2 - BHO: (no name) - {91A0B37E-13A4-0028-9FB8-234934BE61F5} - blank (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {9B070AE9-E503-BC85-7454-CE09821575C6} - C:\WINDOWS\system32\qlvunb.dll
    O2 - BHO: (no name) - {9E5608B8-E003-EF86-7454-CE09821575C1} - C:\WINDOWS\system32\qlvunb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AB7B38B8-CD30-DAB2-5964-FE24B22558F1} - C:\WINDOWS\system32\qlvunb.dll
    O2 - BHO: (no name) - {AE2A3AE9-C830-89B1-5964-FE24B22558F6} - C:\WINDOWS\system32\qlvunb.dll
    O2 - BHO: (no name) - {B6B44223-EFAA-FD2C-C06D-8E9379491FAE} - (no file)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O2 - BHO: (no name) - {CCA3C1C8-6413-209B-25E3-567E373A3AF2} - blank (file missing)
    O2 - BHO: (no name) - {CDF793C9-6541-7391-25E3-567E373A6BA6} - blank (file missing)
    O2 - BHO: (no name) - {F8DAA3C9-4872-46A5-08D3-6653070A4696} - blank (file missing)
    O2 - BHO: (no name) - {F98EF1C8-4920-15AF-08D3-6653070A17C2} - blank (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {7435856C-6CA1-45CF-A00D-82178387F223} - (no file)
    O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMouse\3DMouse.EXE
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
    O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\CenturyTel FastLine Accelerator\trayctl.exe" /STARTUPLAUNCH
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Total Internet] C:\Program Files\CenturyTel\fptool.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\CenturyTel FastLine Accelerator\pac-addwl.html
    O8 - Extra context menu item: Capture Links - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCaptureLinks.js
    O8 - Extra context menu item: Capture Page - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCapturePage.js
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\CenturyTel FastLine Accelerator\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\CenturyTel FastLine Accelerator\pac-image.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4437/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF70C818-1F27-40B2-AF3C-DA8094E2EA5B}: NameServer = 207.230.202.28 207.230.192.251
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe




    hope somebody can help, i'm getting really frustrated with this, thanks
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido
    · It will prompt you to update click the OK button and it will go to the main screen
    · On the left side of the main screen click update
    · Click on Start and let it update.
    · DO NOT run a scan yet. You will do that later in safe mode.

    Restart your computer into safe mode now. Perform the following steps in safe mode:

    Run Ewido:
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · During the scan it will prompt you to clean files, click OK
    · When the scan is finished, look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    Boot to normal mode
    Post that log and a new HiJack log – If the Ewido log is too large attach it.
     
  3. dannohahn

    dannohahn Thread Starter

    Joined:
    Nov 30, 2005
    Messages:
    18
    thanks for the reply
    The ewido solved the problem but will it be permanent? The search also got rid of my dial-up, i noticed it said "cleaned with back" can i restore this? here are the new logs


    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 12:17:29 AM, 12/1/2005
    + Report-Checksum: 79718803

    + Scan result:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
    HKU\S-1-5-21-1123561945-884357618-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F} -> Spyware.JKSearch : Cleaned with backup
    C:\Documents and Settings\Mommy\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Mommy\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Mommy\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Mommy\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Mommy\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Mommy\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Mommy\Application Data\Mozilla\Profiles\Hahn\hi8mnk9n.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Mommy\Application Data\Mozilla\Profiles\Hahn\hi8mnk9n.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Mommy\Application Data\Mozilla\Profiles\Hahn\hi8mnk9n.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Mommy\Application Data\Mozilla\Profiles\Hahn\hi8mnk9n.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Mommy\Application Data\Mozilla\Profiles\Hahn\hi8mnk9n.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Dan the man\Cookies\dan the [email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Dan the man\Cookies\dan the [email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Dan the man\Cookies\dan the [email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Dan the man\Cookies\dan the [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Daddy\Application Data\Mozilla\Profiles\Joseph\tniqrdvg.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Daddy\Application Data\Mozilla\Profiles\Joseph\tniqrdvg.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Program Files\CenturyTel\Connection Manager\TICM32.exe -> Heuristic.Win32.Dialer : Cleaned with backup
    C:\Program Files\CenturyTel\FPSetup.exe -> Heuristic.Win32.Dialer : Cleaned with backup
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP178\A0023404.exe -> Spyware.PurityScan : Cleaned with backup
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP180\A0023430.dll -> Spyware.PurityScan : Cleaned with backup
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP210\A0026289.dll -> Spyware.PurityScan : Cleaned with backup


    ::Report End

    Logfile of HijackThis v1.99.1
    Scan saved at 12:29:39 AM, on 12/1/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\3DMouse\3DMouse.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\WINDOWS\System32\umonit.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\CenturyTel\fptool.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CenturyTel FastLine Accelerator\PropelAC.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurytel.net/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trafficzap.com/exchange/traffic.php?id=41420&refurl=http://www.myfreesoftware.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
    R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.v2premier.com"); (C:\Documents and Settings\Daddy\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Daddy\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
    O2 - BHO: (no name) - {1AA63441-83FF-DE7F-80BB-F00A725BA79D} - C:\WINDOWS\system32\kgzvwu.dll
    O2 - BHO: (no name) - {1CF76E47-DEFF-8F28-80BB-F00A725BA79C} - C:\WINDOWS\system32\kgzvwu.dll
    O2 - BHO: (no name) - {29DA5E47-F3CC-BA1C-AD8B-C027426B8AAC} - C:\WINDOWS\system32\kgzvwu.dll
    O2 - BHO: (no name) - {2F8B0441-AECC-EB4B-AD8B-C027426B8AAD} - C:\WINDOWS\system32\kgzvwu.dll
    O2 - BHO: (no name) - {457777B8-D23B-94B0-00C1-E4D5BDA6BDFF} - blank (file missing)
    O2 - BHO: (no name) - {526FF3EE-0730-15EF-0681-30B8FBC0A3AB} - C:\WINDOWS\system32\nhziyvn.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5734F3E8-046F-44EB-0681-30B8FBC0A3AA} - C:\WINDOWS\system32\nhziyvn.dll
    O2 - BHO: (no name) - {6219C3E8-295C-71DF-2BB1-0095CBF08E9A} - C:\WINDOWS\system32\nhziyvn.dll
    O2 - BHO: (no name) - {6742C3EE-2A03-20DB-2BB1-0095CBF08E9B} - C:\WINDOWS\system32\nhziyvn.dll
    O2 - BHO: (no name) - {7283F4D5-0054-11D4-3BA2-628D18CFDFFF} - (no file)
    O2 - BHO: (no name) - {7AFBCCE8-383F-7BEB-0441-0C9B397DD9AF} - (no file)
    O2 - BHO: (no name) - {8DD59BF0-3D25-7FFF-4535-5B9E198924FE} - blank (file missing)
    O2 - BHO: (no name) - {91A0B37E-13A4-0028-9FB8-234934BE61F5} - blank (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {9B070AE9-E503-BC85-7454-CE09821575C6} - C:\WINDOWS\system32\qlvunb.dll
    O2 - BHO: (no name) - {9E5608B8-E003-EF86-7454-CE09821575C1} - C:\WINDOWS\system32\qlvunb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AB7B38B8-CD30-DAB2-5964-FE24B22558F1} - C:\WINDOWS\system32\qlvunb.dll
    O2 - BHO: (no name) - {AE2A3AE9-C830-89B1-5964-FE24B22558F6} - C:\WINDOWS\system32\qlvunb.dll
    O2 - BHO: (no name) - {B6B44223-EFAA-FD2C-C06D-8E9379491FAE} - (no file)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O2 - BHO: (no name) - {CCA3C1C8-6413-209B-25E3-567E373A3AF2} - blank (file missing)
    O2 - BHO: (no name) - {CDF793C9-6541-7391-25E3-567E373A6BA6} - blank (file missing)
    O2 - BHO: (no name) - {F8DAA3C9-4872-46A5-08D3-6653070A4696} - blank (file missing)
    O2 - BHO: (no name) - {F98EF1C8-4920-15AF-08D3-6653070A17C2} - blank (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {7435856C-6CA1-45CF-A00D-82178387F223} - (no file)
    O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMouse\3DMouse.EXE
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
    O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\CenturyTel FastLine Accelerator\trayctl.exe" /STARTUPLAUNCH
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Total Internet] C:\Program Files\CenturyTel\fptool.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\CenturyTel FastLine Accelerator\pac-addwl.html
    O8 - Extra context menu item: Capture Links - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCaptureLinks.js
    O8 - Extra context menu item: Capture Page - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCapturePage.js
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\CenturyTel FastLine Accelerator\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\CenturyTel FastLine Accelerator\pac-image.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4437/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF70C818-1F27-40B2-AF3C-DA8094E2EA5B}: NameServer = 207.230.202.28 207.230.192.251
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe




    Thank you so much
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    In normal mode - Run Ewido click on the Quarantine tab select those 2 entries and click on restore


    Fix these with HJT – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)

    O2 - BHO: (no name) - {1AA63441-83FF-DE7F-80BB-F00A725BA79D} - C:\WINDOWS\system32\kgzvwu.dll

    O2 - BHO: (no name) - {1CF76E47-DEFF-8F28-80BB-F00A725BA79C} - C:\WINDOWS\system32\kgzvwu.dll

    O2 - BHO: (no name) - {29DA5E47-F3CC-BA1C-AD8B-C027426B8AAC} - C:\WINDOWS\system32\kgzvwu.dll

    O2 - BHO: (no name) - {2F8B0441-AECC-EB4B-AD8B-C027426B8AAD} - C:\WINDOWS\system32\kgzvwu.dll

    O2 - BHO: (no name) - {457777B8-D23B-94B0-00C1-E4D5BDA6BDFF} - blank (file missing)

    O2 - BHO: (no name) - {526FF3EE-0730-15EF-0681-30B8FBC0A3AB} - C:\WINDOWS\system32\nhziyvn.dll

    O2 - BHO: (no name) - {5734F3E8-046F-44EB-0681-30B8FBC0A3AA} - C:\WINDOWS\system32\nhziyvn.dll

    O2 - BHO: (no name) - {6219C3E8-295C-71DF-2BB1-0095CBF08E9A} - C:\WINDOWS\system32\nhziyvn.dll

    O2 - BHO: (no name) - {6742C3EE-2A03-20DB-2BB1-0095CBF08E9B} - C:\WINDOWS\system32\nhziyvn.dll

    O2 - BHO: (no name) - {7283F4D5-0054-11D4-3BA2-628D18CFDFFF} - (no file)

    O2 - BHO: (no name) - {7AFBCCE8-383F-7BEB-0441-0C9B397DD9AF} - (no file)

    O2 - BHO: (no name) - {8DD59BF0-3D25-7FFF-4535-5B9E198924FE} - blank (file missing)

    O2 - BHO: (no name) - {91A0B37E-13A4-0028-9FB8-234934BE61F5} - blank (file missing)

    O2 - BHO: (no name) - {9B070AE9-E503-BC85-7454-CE09821575C6} - C:\WINDOWS\system32\qlvunb.dll

    O2 - BHO: (no name) - {9E5608B8-E003-EF86-7454-CE09821575C1} - C:\WINDOWS\system32\qlvunb.dll

    O2 - BHO: (no name) - {AB7B38B8-CD30-DAB2-5964-FE24B22558F1} - C:\WINDOWS\system32\qlvunb.dll

    O2 - BHO: (no name) - {AE2A3AE9-C830-89B1-5964-FE24B22558F6} - C:\WINDOWS\system32\qlvunb.dll

    O2 - BHO: (no name) - {B6B44223-EFAA-FD2C-C06D-8E9379491FAE} - (no file)

    O2 - BHO: (no name) - {CCA3C1C8-6413-209B-25E3-567E373A3AF2} - blank (file missing)

    O2 - BHO: (no name) - {CDF793C9-6541-7391-25E3-567E373A6BA6} - blank (file missing)

    O2 - BHO: (no name) - {F8DAA3C9-4872-46A5-08D3-6653070A4696} - blank (file missing)

    O2 - BHO: (no name) - {F98EF1C8-4920-15AF-08D3-6653070A17C2} - blank (file missing)

    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)

    O3 - Toolbar: (no name) - {7435856C-6CA1-45CF-A00D-82178387F223} - (no file)

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    DL http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\system32\qlvunb.dll
    C:\WINDOWS\system32\nhziyvn.dll
    C:\WINDOWS\system32\kgzvwu.dll


    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete
    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  5. dannohahn

    dannohahn Thread Starter

    Joined:
    Nov 30, 2005
    Messages:
    18
    that didnt work. it was working fine after the ewido but after i did the last thing you said to do. its back to same problem. heres the new log



    Logfile of HijackThis v1.99.1
    Scan saved at 7:06:46 PM, on 12/1/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\3DMouse\3DMouse.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\WINDOWS\System32\umonit.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\Program Files\CenturyTel\fptool.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CenturyTel\Connection Manager\TICM32.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    c:\program files\mcafee.com\shared\mcinfo.exe
    C:\Program Files\CenturyTel FastLine Accelerator\PropelAC.exe
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centurytel.net/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trafficzap.com/exchange/traffic.php?id=41420&refurl=http://www.myfreesoftware.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.v2premier.com"); (C:\Documents and Settings\Daddy\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Daddy\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {8DD59BF0-3D25-7FFF-4535-5B9E198924FE} - blank (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMouse\3DMouse.EXE
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
    O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\CenturyTel FastLine Accelerator\trayctl.exe" /STARTUPLAUNCH
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Total Internet] C:\Program Files\CenturyTel\fptool.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Capture Links - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCaptureLinks.js
    O8 - Extra context menu item: Capture Page - C:\Program Files\Insight Development\Net Knowledge Tools\common\MenuExtCapturePage.js
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4437/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF70C818-1F27-40B2-AF3C-DA8094E2EA5B}: NameServer = 207.230.202.28 207.230.192.251
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Are these valid entries that you know – otherwise fix them

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/...ernet-0,00.html

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trafficzap.com/exchange/...software.com/

    After your user we need to see a log from the other user(s) one at a time

    Fix these with HJT – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)

    O2 - BHO: (no name) - {8DD59BF0-3D25-7FFF-4535-5B9E198924FE} - blank (file missing)

    ==================

    Please give feedback on what worked/didn’t work and the current status of your system
     
  7. dannohahn

    dannohahn Thread Starter

    Joined:
    Nov 30, 2005
    Messages:
    18
    i've done what you said, still is the same thing.heres all the users logs,pappys and possibly brother had the original problem. i hope these attach right. thank you
     

    Attached Files:

  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Make sure you have removed my web search in add remove programs

    Also remove LimeShop - a likely source of infection and illegal activity

    In yours fix

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029XXUS_ZRxdm059
    ===================
    Pappy is fine
    ============
    Mom fix

    O4 - HKCU\..\Run: [Ltho] "C:\Program Files\sder\dees.exe" -vt ndrv

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029XXUS_ZRxdm059

    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

    Use KillBox to delete this folder - C:\Program Files\sder and C:\Program Files\LimeShop
    ===================
    Brother fix

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029XXUS_ZRxdm059
    ========================
    http://www.kaspersky.com/virusscanner - Online scan

    When the scan is finished, anything that it cannot clean, have it delete it.
    Save the results from the scan!

    Post a new HiJackThis log along with the results from Kaspersky scan
     
  9. dannohahn

    dannohahn Thread Starter

    Joined:
    Nov 30, 2005
    Messages:
    18
    ok did that heres the kasperky and the new hjt log, does the kasperky clean automatically or what? i didnt see a clean or delete feature

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Saturday, December 03, 2005 00:19:48
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 3/12/2005
    Kaspersky Anti-Virus database records: 162979
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 73933
    Number of viruses found: 11
    Number of infected objects: 44
    Number of suspicious objects: 0
    Duration of the scan process: 4011 sec

    Infected Object Name - Virus Name
    C:\WINDOWS\system32\nеtdde.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.s
    C:\WINDOWS\ast_4_main.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ah
    C:\WINDOWS\ast_4_main.exe Infected: Trojan-Downloader.Win32.VB.ah
    C:\Documents and Settings\Mommy\Local Settings\Temp\!update.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.r
    C:\Documents and Settings\Mommy\Application Data\tizupd.bin/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.w
    C:\Documents and Settings\Mommy\Application Data\tizupd.bin Infected: not-a-virus:AdWare.Win32.PurityScan.w
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-222.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-952.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-731.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-127.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-763.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-292.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-961.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-954.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-212.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-453.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-791.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups\backup-20051201-174801-434.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\Documents and Settings\Dan the man\Application Data\tizupd.bin/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.w
    C:\Documents and Settings\Dan the man\Application Data\tizupd.bin Infected: not-a-virus:AdWare.Win32.PurityScan.w
    C:\Documents and Settings\sanchez\Application Data\tizupd.bin/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.w
    C:\Documents and Settings\sanchez\Application Data\tizupd.bin Infected: not-a-virus:AdWare.Win32.PurityScan.w
    C:\Program Files\sder\dees.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.r
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP168\A0022481.exe/data0014/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP168\A0022481.exe/data0014 Infected: not-a-virus:AdWare.Win32.NavExcel.d
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP168\A0022481.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP168\A0022484.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP189\A0024086.exe Infected: Trojan-Downloader.Win32.PurityScan.an
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP203\A0025485.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP204\A0025494.exe Infected: not-a-virus:AdWare.Win32.PurityScan.dh
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP210\A0026306.exe/data0014/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP210\A0026306.exe/data0014 Infected: not-a-virus:AdWare.Win32.NavExcel.d
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP210\A0026306.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP210\A0026331.exe Infected: Trojan-Downloader.Win32.PurityScan.at
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP242\A0031464.exe Infected: Trojan-Downloader.Win32.Agent.xh
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP242\A0031580.exe Infected: Trojan-Downloader.Win32.PurityScan.av
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP245\A0032527.exe Infected: Trojan-Downloader.Win32.PurityScan.av
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP255\A0036134.exe Infected: Trojan-Downloader.Win32.PurityScan.av
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP266\A0039034.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.r
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP270\A0041605.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP270\A0041606.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP270\A0041607.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP272\A0041800.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ah
    C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP272\A0041800.exe Infected: Trojan-Downloader.Win32.VB.ah

    Scan process completed.

    _________________________________________________________________
    Logfile of HijackThis v1.99.1
    Scan saved at 12:31:39 AM, on 12/3/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\3DMouse\3DMouse.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\WinPortrait\floater.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\WINDOWS\System32\umonit.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\CenturyTel FastLine Accelerator\PropelAC.exe
    C:\Program Files\CenturyTel\fptool.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Common Files\AOL\1124921170\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1124921170\ee\AOLServiceHost.exe
    C:\Program Files\CenturyTel\Connection Manager\TICM32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.centurytel.net/"); (C:\Program Files\Netscape\Users\cny52823\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMouse\3DMouse.EXE
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
    O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\CenturyTel FastLine Accelerator\trayctl.exe" /STARTUPLAUNCH
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKCU\..\Run: [Total Internet] C:\Program Files\CenturyTel\fptool.exe
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\CenturyTel FastLine Accelerator\pac-addwl.html
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\CenturyTel FastLine Accelerator\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\CenturyTel FastLine Accelerator\pac-image.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4437/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF70C818-1F27-40B2-AF3C-DA8094E2EA5B}: NameServer = 207.230.202.28 207.230.192.251
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    HAPPY BIRTHDAY!!!!!!!!!!!!


    Fix these with HJT – mark them, close IE, click fix checked

    O4 - Startup: PowerReg Scheduler.exe

    DL http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\system32\nеtdde.exe
    C:\WINDOWS\ast_4_main.exe
    C:\Documents and Settings\Mommy\Local Settings\Temp\!update.exe
    C:\Documents and Settings\Mommy\Application Data\tizupd.bin

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\backups
    C:\Program Files\sder (Should have told you to delete this earlier)

    Now paste these folders in and make sure Deltree is checked before hitting the red x


    START – RUN – type in %temp% OK - Edit – Select all – File – Delete
    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Turn off restore points, boot, turn them back on – here’s how

    XP
    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam


    Please give feedback on what worked/didn’t work and the current status of your system
     
  11. dannohahn

    dannohahn Thread Starter

    Joined:
    Nov 30, 2005
    Messages:
    18
    ok got that,when i went to delete those files a message came up said "file did not exist" on all except the dees.exe and the hjt back up. the problem is still there. heres the new log

    Logfile of HijackThis v1.99.1
    Scan saved at 5:55:34 PM, on 12/4/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\PROGRA~1\3DMouse\3DMouse.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\WINDOWS\System32\umonit.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\CenturyTel FastLine Accelerator\PropelAC.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\Program Files\CenturyTel\fptool.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\CenturyTel\Connection Manager\TICM32.exe
    C:\Program Files\ewido\security suite\SecuritySuite.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dan the man\Desktop\Stuff\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.centurytel.net/"); (C:\Program Files\Netscape\Users\cny52823\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMouse\3DMouse.EXE
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
    O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\CenturyTel FastLine Accelerator\trayctl.exe" /STARTUPLAUNCH
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Total Internet] C:\Program Files\CenturyTel\fptool.exe
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\CenturyTel FastLine Accelerator\pac-addwl.html
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\CenturyTel FastLine Accelerator\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\CenturyTel FastLine Accelerator\pac-image.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4437/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF70C818-1F27-40B2-AF3C-DA8094E2EA5B}: NameServer = 207.230.202.28 207.230.192.251
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Log looks good - how are things??
     
  13. dannohahn

    dannohahn Thread Starter

    Joined:
    Nov 30, 2005
    Messages:
    18
    everything is working fine thanks a bunch
     
  14. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/421350

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice