Potentially unwanted programs listed on Mcafee virus scan

i think u should delete it. However that might not get ride of the problem, use spybot search and destry. u can get ut from here:

http://download.com.com/3120-20-0.html?qt=spybot&tg=dl-2001

We need you to download and install an analysis and repair tool called Hijackthis.

Go here and download the file: http://tomcoyote.com/hjt

Please unzip Hijackthis.zip into a new folder you create in the root level of the C: drive. Name this folder C:\HJT for best and safest results. (don't put in a temp folder, or the desktop, etc...as it needs a safe folder to keep backup logs). Also when people post here and place it on the Desktop the log usually shows their full name since their Windows user profile is commonly named with their full name. We try not to disturb your privacy. *;-)

See this link for graphical instruction: http://russelltexas.com/spywareinfo/createhjtfolder.htm


Run Hijackthis, click on the 'scan' button and then 'save log' button. Copy and paste the contents of the text file you save into a reply to this message. A lot of posters make mistakes here in copying and pasting so reread the left info sidebar called Copy and Paste at http://www.tomcoyote.com/hjt

Do not fix anything in HJT log screen without assistance. Many items are normal for Windows operation. It should identify the vast majority of your problems and enable us to help you clean them off your system.


Stay in this thread for continuity. Reply to this message.


HTH (Hope that Helps)

Texruss

Hey Tex, sorry I took so long to reply..

Here's my HJLogfile of HijackThis v1.97.7
Scan saved at 6:32:20 PM, on 5/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\HOLEBA~1\Typeonce.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Zoom\Modem Status\ZoomCableModemStatus.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=cr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=cr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\Program Files\SurfAssistant.com\saiemod.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: (no name) - {D220B4CB-F588-5D32-EA09-88E3FF14C843} - C:\PROGRA~1\MORECA~1\Cash pop.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\msoq\msiesh.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: deadatomhold - {828C91B9-3C9F-C8B6-C32F-04ABF44BE4B0} - C:\PROGRA~1\MORECA~1\Cash pop.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [great 4] C:\PROGRA~1\HOLEBA~1\Typeonce.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Zoom Cable Monitor.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.c

I was HJK'd yesterday, and I did a hjt scan and in a blind fury I deleted C:\submithook.dll and I know 4 sure I deleted the one I still have on there that I see-C:\WINDOWS\MSOQ\MSIESH.DLL-which is probably in a hidden folder right?

Message Edited by Cyklopz88 on 05-06-2004 09:18 PM

You have a lot of issues..but then so do I as I am moving the next five days (slowly, but methodically) to a new house and new internet service. I have emailed Chris to see if he can take a look in a few hours.

Texruss

Ok! Thanks, I'l keep checking this thread periodically.

It's OK...I'm at work for a special meeting and I saw the first step you need to take:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=cr

Don't delete that in HJT...it's a CWS infection and we need to use the tool.

You have a CoolWebsearch infection.

Get CW Shredder to repair your CoolWebSearch infestations:
http://www.spywareinfo.com/~merijn/files/cwshredder.zip version 1.57.0

Follow the directions for running the program at the next link.

http://www.bleepingcomputer.com/forums/index.php?showtutorial=47

At bleepingcomputer.com start reading at the section that says:

You can download this program here: CWShredder

(Note...we have noticed recently some CWS variants are harder to remove unless the shredder is run in Safe Mode...hit F8 while booting to enter Safe Mode and run the shredder.)

After cleaning with the shredder in Safe Mode (tell it to FIX items!)  do this:

Download and run these two programs (Spybot S&D and Adaware). Use Spybot first. (1.3 version)
http://www.majorgeeks.com/download2471.html

Follow the directions completely at:

http://www.cjwd.demon.co.uk/spybot-adaware.html

Reboot if asked by either program and let it complete any cleanup. Then reboot a final time after running both and run Windows Disk Cleanup: Start/Run/ type: cleanmgr

I check all the categories to be deleted here and remove the files.

Then reboot and make a new C:\HJT folder. Your present folder is a bad place to run Hijackthis as backup logs will be in a precarious location for safety. Follow my directions here for relocating your Hijackthis file:

http://russelltexas.com/spywareinfo/createhjtfolder.htm

Failure to have a safe folder may lead to system failure if you
or I make a mistake on a HJT deletion.

In new folder C:\HJT run hijackthis and scan.  Place a check by these line items if they still exist:

C:\PROGRA~1\HOLEBA~1\Typeonce.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=cr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=cr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html

OK...with all items above checked except for Weatherbug and NO OTHER windows open except for Hijackthis, click on 'Fix checked' button.

Reboot to SAFE mode
How to start the computer in Safe mode

Show hidden files.

Show hidden files and folders

Open Windows Explorer: type the word explorer at Start/Run box and click OK:

Drill on down and delete the following files and/or folders:

C:\Program Files\HOLEBA~1\Typeonce.exe   (folder will be longer named...delete entire folder and subcontents)
C:\Program Files\More Cash   folder

C:\WINDOWS\msoq\msiesh.dll    delete msoq folder and all subcontents

C:\WINDOWS\image.dll   file

Reboot in Normal Mode and run Disk Cleaner again.

Browse a bit and post a new Hijackthis log for followup.

After the final all clear is given by us you should flush your Restore Points for XP. That means disabling the Restore Point, rebooting to flush it, then re-enabling a new Restore Point. The reason why we need to do this is to purge the bad files hidden in System restore which can't be cleaned by your antivirus programs.

HTH,

Texruss

Ok- I will run your instructions as soon as I get home from work @ around 6:15 AZ time. I did install adaware and ran a scan and deleted last night, do I do it again?

Message Edited by Cyklopz88 on 05-07-2004 01:21 PM

Message Edited by Cyklopz88 on 05-07-2004 01:26 PM

Message Edited by Cyklopz88 on 05-08-2004 11:36 AM

Message Edited by Cyklopz88 on 05-08-2004 12:10 PM

Message Edited by Cyklopz88 on 05-08-2004 12:10 PM

Message Edited by Cyklopz88 on 05-08-2004 12:13 PM

Message Edited by Cyklopz88 on 05-09-2004 12:38 AM

You do seem to have done it right. Although the line for the 'typeonce.exe' is still in your log, it is not running so this fix below should make you clean.
=======================
Check these in hijackthis, AND WITH ALL OTHER WINDOWS CLOSED, fix checked.

O4 - HKLM\..\Run: [great 4] C:\PROGRA~1\HOLEBA~1\Typeonce.exe

Then Reboot to safe mode (F8 on boot) and delete the following files/folders:-
NOTE: To avoid the risk of any of the above not being found due to them having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show:
How to Show Hidden/System Files : http://www.xtra.co.nz/help/0,,4155-1916458,00.html

The folder > C:\PROGRA~1\HOLEBA~1\Typeonce.exe
(If still there)

Then Reboot and post a fresh log for me to check.

I am seeing files named "backup-20040507-212156-289

20040507-212156-324 and about 8 more series like those up to -539 in my C: drive-Should I be concerned about those?

Message Edited by Cyklopz88 on 05-08-2004 05:50 PM

Message Edited by Cyklopz88 on 05-08-2004 05:51 PM

Logfile of HijackThis v1.97.7
Scan saved at 3:34:35 PM, on 5/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Documents and Settings\\My Documents\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AWS\WeatherBug\Weather.EXE
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Zoom\Modem Status\ZoomCableModemStatus.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\Program Files\SurfAssistant.com\saiemod.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\\My Documents\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Zoom Cable Monitor.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Message Edited by Cyklopz88 on 05-09-2004 12:40 AM

Well, no problem...those are HJT backup files...you didn't make a folder in the C: drive...just dumped hijackthis.exe file in the root level. *;-) Save them for a week at least...then if everything is OK delete them.

See here again for making a proper HJT folder:

Please unzip Hijackthis.zip into a new folder you create in the root level of the C: drive. Name this folder C:\HJT for best and safest results. (don't put in a temp folder, or the desktop, etc...as it needs a safe folder to keep backup logs). Also when people post here and place it on the Desktop the log usually shows their full name since their Windows user profile is commonly named with their full name. We try not to disturb your privacy. *;-)

See this link for graphical instruction: http://russelltexas.com/spywareinfo/createhjtfolder.htm

BTW...you are doing a great job on deleting the nasties! That was a motley crew!

Sorry I have been unable to pick up the thread as I am moving 45 miles to a house in Abilene and I'm slightly out of action for most of the daytime until next Thursday. Should be back in business soon and better than ever...(cable modem service and it rips bigtime). *;-) Chris has picked up the slack and I appreciate his advice as always as he is the main man here at DellTalk (Go Rubber Duckie) !

Texruss

Hey Tex and Chris,

I appreciate the dedication and commitment that's been applied to my PC prob's amidst your schedules and am willing to volunteer any services that I can to help ease the burden (cleaning up the boards or something-after the proper training, of course) and give back to the community.

I'm pretty much avail anytime after 6:30 Mon.-Fri. and whenever on Sat & Sun.MT My E-mail is vitroscell@hotmail.com if you need to email me. I also will create that new folder.

Good luck with the move Tex, & thanks for helping this Yank Chris!

Message Edited by Cyklopz88 on 05-09-2004 12:15 AM

Message Edited by Cyklopz88 on 05-09-2004 12:42 AM