1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Tired of fighting the battles

Discussion in 'Virus & Other Malware Removal' started by slmerrill, Apr 5, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. slmerrill

    slmerrill Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    13
    My system has problems - locks frequently, lots of pop-ups, etc

    Please see the Hijack This log below and let me know how to proceed.

    Thanks


    Logfile of HijackThis v1.97.2
    Scan saved at 3:49:43 PM, on 4/5/04
    Platform: Windows 95 B (Win9x 4.00.1212)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\CPQDMI.EXE
    C:\WINDOWS\CPQALERT.EXE
    C:\WINDOWS\SYSTEM\DRMON\SMARTAGT\SMARTAGT.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\DMI95\WIN32\BIN\WIN32SL.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE
    C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE
    C:\WINDOWS\SYSTEM\COMSMD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\LS.EXE
    C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
    C:\TOOLS_95\IMGICON.EXE
    C:\PROGRAM FILES\ANALOGX\POW\POW.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\95\MAPISP32.EXE
    M:\MAS90\HOME\PVXWIN32.EXE
    M:\MAS90\LAUNCHER\LAUNCH32.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
    M:\MAS90\HOME\PVXWIN32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
    M:\MAS90\HOME\PVXWIN32.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\TECH SUPPORT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://209.120.179.64/search.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {58359010-BF36-11D3-99A2-0050DA2EE1BE} - (no file)
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\BENCEED.DLL
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe
    O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe
    O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAM FILES\SCBAR\V1\SCBAR.EXE" /U
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
    O4 - HKLM\..\Run: [QuickZip] C:\WINDOWS\SYSTEM\LS.EXE
    O4 - HKLM\..\RunServices: [CPQDMI] CPQDMI.EXE
    O4 - HKLM\..\RunServices: [CPQALERT] CPQAlert.exe
    O4 - HKLM\..\RunServices: [dRMON SmartAgent] drmon\SmartAgt\SmartAgt.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Outlook.lnk = D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IoWatch.Exe
    O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\ImgStart.Exe
    O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\ImgIcon.Exe
    O4 - Startup: pow.exe.lnk = C:\Program Files\AnalogX\POW\pow.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: xxx (HKLM)
    O9 - Extra button: Y! Help (HKCU)
    O12 - Plugin for .fpx: C:\PROGRA~1\INTERN~1\PLUGINS\NPRVRT32.dll
    O12 - Plugin for .vdo: C:\PROGRA~1\INTERN~1\PLUGINS\npsmlvdo.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .EXE: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.msnbc.com/download/nm0713.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {BCDC74F2-0322-11D3-B3D6-0008C7B96284} (GenesisLabel.ctlGenesisLabel) - https://thegenesisnetwork.equilon.com/Genesis/Files/GenesisLabel.CAB
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central1.clevercontent.com/cccabs/CleverContent.cab
    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
    O16 - DPF: {73A79B04-B94C-11D3-800E-00C04F3655E3} (vb6projectGenesisLabel.ctlGenesisLabel) - https://thegenesisnetwork.equilon.com/Genesis/Files/GenesisLabel.CAB
    O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - http://209.132.192.13/EMI404/download/Uncensored_Sex.exe
    O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://www.cookiecentral.com/activex/ikcntrls.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} (McAfee Clinic AV Installer Control) - http://download.mcafee.com/molbin/clinic/virusscan/mgavinst.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {36B455F4-5E76-11D4-8052-00C04F0DBD7B} (vb6projectGenesisLabel.ctlGenesisLabel) - https://thegenesisnetwork.equilon.com/Genesis/Files/GenesisLabel.CAB
    O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://a32.g.akamai.net/7/32/1828/108b4256c2b548/europe-download1.cult3d.com/cult.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.road.com/oralmasp/download/mgaxctrl.cab
    O16 - DPF: {67268BDF-9F6A-4AE6-AD53-7C959336F6AD} (Dlgsw Class) - http://207.38.64.32/datalifeguard/datalifeguardpdf.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {85F2A370-83E6-11D2-915B-00A024D651E7} - http://download.mcafee.com/molbin/Clinic/VirusScan/MgAvDat.cab
    O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt503/us/win/QuickTimeInstaller.exe
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.htmlcompendium.org/wfplayer/tdserver.cab
    O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://adeskftp.autodesk.com/webpub/whip/english/whip.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://128.197.197.243/activex/AxisCamControl.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {152CDB33-3503-4FC4-95E3-13A7A92D542C} (GenBatchPrint.ctlGenLabelPrint) - http://www.shellsource.com/Include/PrintControl/GenBatchPrint.CAB
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = kirkland
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 198.60.253.132,204.134.214.10
     
    slmerrill, Apr 5, 2004
    #1
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,458
    Please update Hijack This to the latest version which is v1.97.7 and then repost another log. There is definitely viral stuff in your first log but it would be best to post one with the latest version for the experts.

    Cookie
     
    Cookiegal, Apr 5, 2004
    #2
  3. slmerrill

    slmerrill Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    13
    Thanks, Cookiegal

    Here's the updated version:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:07:53 AM, on 4/6/04
    Platform: Windows 95 B (Win9x 4.00.1212)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\CPQDMI.EXE
    C:\WINDOWS\CPQALERT.EXE
    C:\WINDOWS\SYSTEM\DRMON\SMARTAGT\SMARTAGT.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\DMI95\WIN32\BIN\WIN32SL.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE
    C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE
    C:\WINDOWS\SYSTEM\COMSMD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\LS.EXE
    C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
    D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
    C:\TOOLS_95\IMGICON.EXE
    C:\PROGRAM FILES\ANALOGX\POW\POW.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\95\MAPISP32.EXE
    M:\MAS90\HOME\PVXWIN32.EXE
    M:\MAS90\LAUNCHER\LAUNCH32.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    M:\MAS90\HOME\PVXWIN32.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://209.120.179.64/search.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {58359010-BF36-11D3-99A2-0050DA2EE1BE} - (no file)
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\BENCEED.DLL
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe
    O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe
    O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAM FILES\SCBAR\V1\SCBAR.EXE" /U
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\MCAFEE.COM\SHARED\MCAPPINS.EXE /v=3 /cleanup
    O4 - HKLM\..\Run: [QuickZip] C:\WINDOWS\SYSTEM\LS.EXE
    O4 - HKLM\..\RunServices: [CPQDMI] CPQDMI.EXE
    O4 - HKLM\..\RunServices: [CPQALERT] CPQAlert.exe
    O4 - HKLM\..\RunServices: [dRMON SmartAgent] drmon\SmartAgt\SmartAgt.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Outlook.lnk = D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IoWatch.Exe
    O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\ImgStart.Exe
    O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\ImgIcon.Exe
    O4 - Startup: pow.exe.lnk = C:\Program Files\AnalogX\POW\pow.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: xxx (HKLM)
    O9 - Extra button: Y! Help (HKCU)
    O12 - Plugin for .fpx: C:\PROGRA~1\INTERN~1\PLUGINS\NPRVRT32.dll
    O12 - Plugin for .vdo: C:\PROGRA~1\INTERN~1\PLUGINS\npsmlvdo.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .EXE: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O13 - WWW. Prefix: http://
    O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.msnbc.com/download/nm0713.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {BCDC74F2-0322-11D3-B3D6-0008C7B96284} (GenesisLabel.ctlGenesisLabel) - https://thegenesisnetwork.equilon.com/Genesis/Files/GenesisLabel.CAB
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central1.clevercontent.com/cccabs/CleverContent.cab
    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
    O16 - DPF: {73A79B04-B94C-11D3-800E-00C04F3655E3} (vb6projectGenesisLabel.ctlGenesisLabel) - https://thegenesisnetwork.equilon.com/Genesis/Files/GenesisLabel.CAB
    O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - http://209.132.192.13/EMI404/download/Uncensored_Sex.exe
    O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://www.cookiecentral.com/activex/ikcntrls.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} (McAfee Clinic AV Installer Control) - http://download.mcafee.com/molbin/clinic/virusscan/mgavinst.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {36B455F4-5E76-11D4-8052-00C04F0DBD7B} (vb6projectGenesisLabel.ctlGenesisLabel) - https://thegenesisnetwork.equilon.com/Genesis/Files/GenesisLabel.CAB
    O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://a32.g.akamai.net/7/32/1828/108b4256c2b548/europe-download1.cult3d.com/cult.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.road.com/oralmasp/download/mgaxctrl.cab
    O16 - DPF: {67268BDF-9F6A-4AE6-AD53-7C959336F6AD} (Dlgsw Class) - http://207.38.64.32/datalifeguard/datalifeguardpdf.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {85F2A370-83E6-11D2-915B-00A024D651E7} - http://download.mcafee.com/molbin/Clinic/VirusScan/MgAvDat.cab
    O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt503/us/win/QuickTimeInstaller.exe
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.htmlcompendium.org/wfplayer/tdserver.cab
    O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://adeskftp.autodesk.com/webpub/whip/english/whip.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://128.197.197.243/activex/AxisCamControl.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {152CDB33-3503-4FC4-95E3-13A7A92D542C} (GenBatchPrint.ctlGenLabelPrint) - http://www.shellsource.com/Include/PrintControl/GenBatchPrint.CAB
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = kirkland
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 198.60.253.132,204.134.214.10
     
    slmerrill, Apr 6, 2004
    #3
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download Spybot http://www.sherrylynn.us/privacypolicy.htm

    Make sure to follow the instructions for updates prior to running the scan.

    Click on "Search For updates" After the search has completed, the available Updates will be listed. Choose which Updates you would like to Download. Click "Download updates." The Updates will self install. The screen will change and the program will come back and be ready to use.

    Sometimes the default Download Location will produce an Error. If that happens, look in the right panel. There you will find a small arrow next to the name of the current Download site. Click on it for a list of alternate sites. One of those should be able to retrieve the files you have selected.

    Scan, click on fix problems then reboot.

    Next:

    Download AdAware http://www.lavasoftusa.com/support/download/

    Before you scan with AdAware, check for updates of the reference file by clicking

    on "Check for updates now", connect.

    Click on Start, Use custom scanning options, Customize.

    Make sure the following settings are made and on -------"ON=GREEN"

    "Scan within archives"
    "Scan active processes"
    "Scan registry"
    "Deep scan registry"
    "Scan my IE Favorites for banned URL"
    "Scan my host-file"

    Click on Tweak,
    Select scanning engine and click on "Unload recognized processes during scanning"
    Select cleaning engine and click on "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    Then click "proceed" to save your settings.

    Click on Next

    Run the scan and fix everything.

    Post another HJT log for review.
     
    cybertech, Apr 6, 2004
    #4
  5. slmerrill

    slmerrill Thread Starter

    Joined:
    Sep 1, 2003
    Messages:
    13
    OK, finally got everything scanned. Looked like there was lots to fix. Her's the latest HJT -

    Logfile of HijackThis v1.97.2
    Scan saved at 8:05:00 AM, on 4/8/04
    Platform: Windows 95 B (Win9x 4.00.1212)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\CPQDMI.EXE
    C:\WINDOWS\CPQALERT.EXE
    C:\WINDOWS\SYSTEM\DRMON\SMARTAGT\SMARTAGT.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\DMI95\WIN32\BIN\WIN32SL.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE
    C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE
    C:\WINDOWS\SYSTEM\COMSMD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
    C:\TOOLS_95\IMGICON.EXE
    C:\PROGRAM FILES\ANALOGX\POW\POW.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    M:\MAS90\HOME\PVXWIN32.EXE
    M:\MAS90\LAUNCHER\LAUNCH32.EXE
    M:\MAS90\HOME\PVXWIN32.EXE
    C:\TECH SUPPORT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://209.120.179.64/search.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe
    O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe
    O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [QuickZip] C:\WINDOWS\SYSTEM\LS.EXE
    O4 - HKLM\..\RunServices: [CPQDMI] CPQDMI.EXE
    O4 - HKLM\..\RunServices: [CPQALERT] CPQAlert.exe
    O4 - HKLM\..\RunServices: [dRMON SmartAgent] drmon\SmartAgt\SmartAgt.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Outlook.lnk = D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IoWatch.Exe
    O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\ImgStart.Exe
    O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\ImgIcon.Exe
    O4 - Startup: pow.exe.lnk = C:\Program Files\AnalogX\POW\pow.exe
    O9 - Extra button: xxx (HKLM)
    O9 - Extra button: Y! Help (HKCU)
    O12 - Plugin for .fpx: C:\PROGRA~1\INTERN~1\PLUGINS\NPRVRT32.dll
    O12 - Plugin for .vdo: C:\PROGRA~1\INTERN~1\PLUGINS\npsmlvdo.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .EXE: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.msnbc.com/download/nm0713.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {BCDC74F2-0322-11D3-B3D6-0008C7B96284} (GenesisLabel.ctlGenesisLabel) - https://thegenesisnetwork.equilon.com/Genesis/Files/GenesisLabel.CAB
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central1.clevercontent.com/cccabs/CleverContent.cab
    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
    O16 - DPF: {73A79B04-B94C-11D3-800E-00C04F3655E3} (vb6projectGenesisLabel.ctlGenesisLabel) - https://thegenesisnetwork.equilon.com/Genesis/Files/GenesisLabel.CAB
    O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://www.cookiecentral.com/activex/ikcntrls.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} (McAfee Clinic AV Installer Control) - http://download.mcafee.com/molbin/clinic/virusscan/mgavinst.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {36B455F4-5E76-11D4-8052-00C04F0DBD7B} (vb6projectGenesisLabel.ctlGenesisLabel) - https://thegenesisnetwork.equilon.com/Genesis/Files/GenesisLabel.CAB
    O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://a32.g.akamai.net/7/32/1828/108b4256c2b548/europe-download1.cult3d.com/cult.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.road.com/oralmasp/download/mgaxctrl.cab
    O16 - DPF: {67268BDF-9F6A-4AE6-AD53-7C959336F6AD} (Dlgsw Class) - http://207.38.64.32/datalifeguard/datalifeguardpdf.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {85F2A370-83E6-11D2-915B-00A024D651E7} - http://download.mcafee.com/molbin/Clinic/VirusScan/MgAvDat.cab
    O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt503/us/win/QuickTimeInstaller.exe
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.htmlcompendium.org/wfplayer/tdserver.cab
    O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://adeskftp.autodesk.com/webpub/whip/english/whip.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://128.197.197.243/activex/AxisCamControl.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {152CDB33-3503-4FC4-95E3-13A7A92D542C} (GenBatchPrint.ctlGenLabelPrint) - http://www.shellsource.com/Include/PrintControl/GenBatchPrint.CAB
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = kirkland
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 198.60.253.132,204.134.214.10
     
    slmerrill, Apr 8, 2004
    #5
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and check:

    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)

    Close all applications and browser windows before you click "fix checked".

    Include these if they are not valid
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = kirkland
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 198.60.253.132,204.134.214.10
     
    cybertech, Apr 8, 2004
    #6

  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217434

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice