Solved: Hijack this log, need expert

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rebif

Thread Starter
Joined
Mar 21, 2005
Messages
61
If someone could advise me on what to remove, much appreciated. I ran AdAware before I made the log. I'm trying to help a friend out.
WinXP SP2 Pro.
I'll check back in an hour or so.

Logfile of HijackThis v1.99.1
Scan saved at 2:56:31 PM, on 12/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [BI1HelperStartUp] C:\PROGRA~1\BEACHI~1\BI1HEL~1.EXE /partner BI1
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135213478865
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {D05F33E0-3F75-11D3-A176-006008944486} (Audible Words Codec) - http://download.audible.com/AM36/awrdscdc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C62FDCC4-54C1-489C-AE02-CE4BC4ECB5D5}: NameServer = 24.140.1.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
84,168
Don't assume that you're going to get such a quick response all the time. These forums are very busy and are manned by volunteers who help others on their own time. You're just fortunate that I happen to spot your thread when I did.

-------------------------------------------------------------------------------------

I'm not an "expert" with these logs, so you'll likely hear from others who are.

-------------------------------------------------------------------------------------

There are some programs running in the background that don't need to be. The smaller the startup list is kept, the better a computer will usually run.

Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. Remove the checkmark from

ATIPTA (atiptaxx.exe)

DVDLauncher (DVDLauncher.exe)

MsnMsgr (MsnMsgr.exe)
(Note: You also need to go into the options/preference settings of MSN Messenger and disable the command that tells it load when Windows starts)

ViewMgr (ViewMgr.exe)

Click Apply - OK afterwards, then reboot when prompted to. When the SCU window appears during reboot, place a checkmark in it, then click OK.

--------------------------------------------------------------------------------------

Go into the Add/Remove Programs list in the Control Panel, then uninstall Viewpoint. After that's done, go into the C:\Program Files folder, then delete the entire Viewpoint folder.

--------------------------------------------------------------------------------------
 

rebif

Thread Starter
Joined
Mar 21, 2005
Messages
61
Thanks, I realize that you won't always get a response right away, please don't take me the wrong way. I do appreciate your response. When I got back my friend said it won't even boot up. I think she's been messing around with it to the point it won't work at all. Now I have to get it to boot first, thinking of just reformatting. I'm sorry but just disregard this log.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
84,168
A format and fresh install of XP might be a good idea if things are really messed up in that computer.

Do you have a regular XP CD? Is it a full version CD or an upgrade version CD? I'm asking for a reason.

--------------------------------------------------------------------------------------
 

rebif

Thread Starter
Joined
Mar 21, 2005
Messages
61
Hi, sorry it took so long to reply. We got it to boot up, however a lot of times there are a couple programs that say ending now when I restart or shut down. One is called Session controller dlbx and another is called MCI Command Handeling Window, not responding. She says they have been appearing for a few weeks. It's a Dell laptop, a 600m, and I had to use the Dell restore utility about 3 or 4 months ago and it was fine untill now. (I think she messes with things she shouldn't be messing with). I don't know if she's deleted important files or what. The only thing I could find about dlbx on the internet was about dlbx.exe which has something to do with her Dell 962 printer software. I don't think it is the same as the session controller dlbx, I could be wrong though. I have scanned for viruses and adware. She said other errors have popped up but she didn't write them down like I asked. The thing is screwy. If you or anyone has any thoughts, I'm all ears. Oh yeah, she has the full install CD. Thanks for your patients.
 

rebif

Thread Starter
Joined
Mar 21, 2005
Messages
61
I know I marked this thread solved, I didn't know what else to do at the time, should I start a new thread?
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
84,168
Stay with this thread and DON'T start a new one.

-------------------------------------------------------------------------------------

Go back into the "Startup" tab like I previously asked you to do. It appears that you haven't unchecked any of the entries that I previously asked you to do. Remove the checkmark from those entries and from these additional entries:

dlbxmon.exe (dlbxmon.exe)
(This entry is associated with the DELL printer and is the cause of one of your error messages)

Dell Quickset (quickset.exe)

Dell Support (DSAgnt.exe)

Click Apply - OK afterwards, then reboot when prompted to. When the SCU window appears during reboot, ignore the message. Just place a checkmark in it, then click OK.

Run another scan with HijackThis, then post that new log here.

--------------------------------------------------------------------------------------

You're fighting a losing battle when you continually help someone who keeps messing up their computer. They tend to develop the mindset, "If I mess up my computer, he/she will help me again and fix it". I've quit helping certain people over the years because of this mindset and because it was a big waste of my time, especially since I wasn't getting paid to do it.

-------------------------------------------------------------------------------------
 

rebif

Thread Starter
Joined
Mar 21, 2005
Messages
61
Thanks flavallee,

I'll uncheck everything you asked and see how it goes. I agree 100% with you. This is the last time I help, especially if I have to reformat.
i had to help once before using that restore utility, that takes about as long as a reformat. At least she has all the install CDs she needs. What a job. I'll get back here sometime and let you know how it's working. With Christmas and everything it could be 2, 3 or 4 days. Happy holidays to you and everyone else.

Thanks. :)
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
84,168
I'm assuming what she has are recovery/restore CD's and not an actual Windows CD. If that's the case and it comes down to using the recovery/restore CD's, make sure to disconnect all peripherals(i.e. printer, scanner, etc.) before you start. The only components that should be connected are the tower, monitor, keyboard, mouse, and speakers. If the recovery/restore process goes okay, it'll revert that computer back to just like it was when it was first brought home and set up.

-------------------------------------------------------------------------------------
 

rebif

Thread Starter
Joined
Mar 21, 2005
Messages
61
I know what you mean, she has the actual windows cd and all the other cds for other apps. and I'll disconnect all unneaded peripherals. I do appreciate your time and thoughts. Thanks.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
84,168
The BIOS boot order will need to be changed to where the CDROM drive is listed first so that the computer can boot from the XP CD after it's turned on. When the prompt, "Press any key to boot from CD", appears, press a key quickly before the prompt disappears, or else you'll need to reboot and start over.

The current C: partition will need to be deleted.

A new C: partition will need to be created.

The new C: partition will need to be formatted with the NTFS file system.

Just follow the directions and press the correct key as each screen appears and you won't have any trouble following these steps. After the hard drive is formatted, the Windows install process will start. Make sure to have the 25-digit product code handy to enter when asked for it. After the install process is complete, you may need to re-activate Windows with Microsoft.

Warning! The "Press any key to boot from CD" prompt will appear every time the computer reboots during the install process. Other than the very first time you do it, do NOT press any key when it subsequently appears, or else the install process will start all over again. Keep your hands away from the keyboard, and the prompt will disappear within a few seconds.

Depending on the speed of the computer and the size of the hard drive, the entire process will take 1-1/2 to 2 hours.

------------------------------------------------------------------------------------
 

rebif

Thread Starter
Joined
Mar 21, 2005
Messages
61
Thanks so much for the info, I've already went through that process before with my pc, so I pretty much know what to do, I printed info out on how to do this. I found out how to change the boot order on her laptop. Now she tells me she opened a email which contained a possible virus from the Myway email, even though they have a warning posted right there on the sign in page. I'm curently on their forum trying to find out just exactly what virus they are refering to. So it looks like I may just do this reformat but with the holidays I won't get a chance to until early next week.

I'll keep checking back here once in a while. As soon as I find out what virus she may be dealing with, I'll post back here.

Thanks flavallee.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
84,168
You're welcome, and good luck.

-------------------------------------------------------------------------------------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top