Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '
in use', try deleting them from "
Safe Mode".
Post back a new log, and let me know how everything goes.
-
Mike
Message Edited by Midnight Star on 02-27-2005 08:51 PM
Thank you Mike for responding to my cry for help! You are such a terrific person, you and everyone here who helps out with things like this. I did what you said and here is my latest HJT log. It seems like my PC is back to normal but it is making a loud whirling sound that it didn't do before. Also, should I run Disk cleanup and defrag now? Thanks again :-)
Logfile of HijackThis v1.99.1 Scan saved at 9:19:38 PM, on 3/1/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Spoke too soon, I rebooted and I still have pop-ups, ran Ad-Aware and deleted 118 items but when I reboot, they come back. Here is a fresh log straight from a fresh reboot:
Logfile of HijackThis v1.99.1 Scan saved at 9:54:44 PM, on 3/1/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Before you begin, be sure to read this entire solution. There are a few item(s) here that i'm not familar with, and if it's something your familar with, then omit it from the fix.
-
Let's continue on with the fix...
Let's look for, and delete, any program segments(
prefetches) that might be present, and are associated with the '
problems' we're trying to remove from this system. To do this, let's:
1) Click "
Start | Search", then search for each of these program's
base name(s), in all files and folders:
*ockgcgog*
2) Then if any are found in the '
prefetch' folder, delete them.
Look closely, since the '
base' name will have a bunch of random numbers and letters attached to it.
Run
HiJackThis then:
1. Click "
Config..."
2. Click "
Misc Tools"
3. Click "
Open Process manager"
-
Next, while holding down the
CTRL key, locate (
if present) and click on (
highlight) each of the following:
Now double-check and make sure that only those item(s) above are highlighted, then click "
Kill process". Now, click "
Refresh", check again, and repeat this step if any remain.
Run
HiJackThis and click "
Scan", then check(tick) the following, if present:
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '
in use', try deleting them from "
Safe Mode".
Post back a new log, and let me know how everything goes.
Before you begin, be sure to read this entire solution. There are a few item(s) here that i'm not familar with, and if it's something your familar with, then omit it from the fix.
-
Let's continue on with the fix...
Let's look for, and delete, any program segments(
prefetches) that might be present, and are associated with the '
problems' we're trying to remove from this system. To do this, let's:
1) Click "
Start | Search", then search for each of these program's
base name(s), in all files and folders:
*ockgcgog*
2) Then if any are found in the '
prefetch' folder, delete them.
Look closely, since the '
base' name will have a bunch of random numbers and letters attached to it.
Run
HiJackThis then:
1. Click "
Config..."
2. Click "
Misc Tools"
3. Click "
Open Process manager"
-
Next, while holding down the
CTRL key, locate (
if present) and click on (
highlight) each of the following:
Now double-check and make sure that only those item(s) above are highlighted, then click "
Kill process". Now, click "
Refresh", check again, and repeat this step if any remain.
Run
HiJackThis and click "
Scan", then check(tick) the following, if present:
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '
in use', try deleting them from "
Safe Mode".
Post back a new log, and let me know how everything goes.
ok, I think we're clean now. At least I rebooted five minutes ago and have not had anything strange happen like freeze ups or pop ups. Here is my latest HJT log for your review. Thanks again for your help!
Logfile of HijackThis v1.99.1 Scan saved at 8:20:13 PM, on 3/2/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Reboot your computer, and try using different programs and make sure everything is running ok. If your still experiencing problems, post back any concerns or problems you may be having and wait for any advice before continuing with the cleanup.
Download, install and run
Cleanup! from
Steven Gould, then:
1. Click "
Cleanup!"
(
wait for the program to finish scanning your system, and selecting files to be removed.)
2. Exit the program and reboot the computer, if necessary.
-
For more information about using
Cleanup! see
here.
If everything is running ok, let's do the final cleanup...
1. Run "
Disk Cleanup" and allow it to remove everything it finds.
2. If you've downloaded
MicroWorld AV (
MWAV), run it again - but don't scan, just click "
Clear Log" and exit the program.
3. Go to
www.trendmicro.com and click "
Free Online Scan", then "
Scan now, it's free!". When it's downloaded, select all available drives, then check(tick) "
Auto clean", then click "
Scan".
4. Run
AdAware SE Personal and "
perform a full system scan", then
Spybot S&D, and "
Check for Problems". Let them both remove the residual 'problems' left that
HiJackThis couldn't fix.
ok, I ran the adaware, spybot and the free scan from trendmicro, all three found a couple things. Deleted/cleaned everything, did the disable and re-enable system restore and then created a new system point and everything seems to be working like it used to. My McAffee keeps popping up telling me that it detected a trojan and cleanes it about every 2-3 minutes, but everything seems back to normal. I can't thank you again for all your help! Bless you.
oops! must have deleted something I shouldn't have while doing the cleanup. All my software is working except for one. I have a software program called Pampered Partner becasue I am a Pampered Chef Consultant and I went to go into it and got the following message:
sub main error 399. component DWSBC36.ocx or one of its dependencies not correctly registered: a file is missing or invalid line:340
I assumed from the above message that I deleted a file that the program needed to run but wasn't worried because I just received my new spring software program to install. When I put the cd in I got this message:
C:Windows\system32\autoexec.nt The system file is not suitable for running ms-dos & microsoft windows applications. Choose close to terminate.
I thought maybe it was the disc they sent me but I tried a couple other program discs I had and when I tried to instal them, I got the same message. How do I get this issue fixed?
Midnight Star
4.8K Posts
0
February 28th, 2005 00:00
Let's see what we can do...
Download, unzip to your desktop CWShredder and run it, then:
1. Click " Check For Update"
( If an update isn't available, skip to step #4.)
2. Click " Click here to Download the upate".
3. When the new version has been downloaded, click " Save".
4. Click " Fix ->"
Go to Add/Remove programs and remove(uninstall) the following, if present:
Delfin Media Viewer
Begin2Search
The above could appear anywhere within the entry. Be careful not to remove any personal or system software.
Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u q99l0b7u.dll
regsvr32 /u rsyncmon.dll
regsvr32 /u AUNBHO.dll
regsvr32 /u ic2_win.dll
regsvr32 /u LinkBHO.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.130.185.122/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://216.130.185.122/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://216.130.185.122/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.130.185.122/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.130.185.122/sidesearch.html
O2 - BHO: (no name) - {0110C5B1-2B50-47B8-9A55-427961A6FDAF} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {0A47CA76-591F-495C-B20C-FA243848BB2E} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {12F701BD-ECC0-4100-B591-6D221ED8F7B2} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {162BB248-2E4C-4B40-97FF-EC0D51BA266C} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: (no name) - {1EEAAF29-0B50-470D-9DF9-FF0C8D330670} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {226F3C6B-058D-4B04-9B6A-DA817555491D} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {23EB1D24-2164-4A4F-9F5C-60255B73F474} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {29083DF5-3F47-4A06-9BD7-CFEAF539EFFC} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {2F086655-E1AD-4A91-8EC3-DCE336FBD1CC} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {3D6E37FC-5583-42DD-9492-488A8C6F4923} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {41555F0A-1B30-40F3-ADDD-B14B593D890D} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {4808616A-49B0-4F86-BA62-49D7BF7048BB} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {5026DEAF-B5C0-4502-B066-158FA965ABA3} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: CAUN Object - {59F12660-2B92-4554-98F9-87295AD8A0CE} - C:\WINDOWS\System32\AUNBHO.dll
O2 - BHO: (no name) - {671DE15D-25C7-466E-9F03-82514EB3239B} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {73FC17CC-0739-45F0-90FC-6DC496B920C8} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {7BE059B3-8D24-4FBA-AB86-0883E8142A46} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {8A34CECE-3013-41E9-866B-0E21743209F8} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {8ED518DF-9BDD-49F7-9A07-4B75DA6D4FC7} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: ohb Class - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - C:\WINDOWS\System32\ic2_win.dll
O2 - BHO: (no name) - {9B1DC02E-E021-42E0-AE48-EEFB24E297FF} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {A092DE95-DC64-46DD-9083-A1F5D0B08CBD} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {B2242B93-EC9F-464E-B158-27D209B3EBEF} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {B489056B-8765-4CB2-9A2D-5B09E412931F} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {BB757D99-162E-4EBB-AE43-B2A24D276943} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {BDB4C20A-238C-446C-833E-19EC585C3CB1} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {C2B21E0A-88E0-43C1-9544-FA235993DBAF} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: LinkBHO.cIExplorer - {CC924BD1-7382-4619-A706-070CB00F2325} - C:\Documents and Settings\All Users\Application Data\linkbho\LinkBHO.dll
O2 - BHO: (no name) - {D0D2B748-C458-44D0-959A-879F4CCD4383} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {D31C76B3-3920-450D-B3A1-F3C3448458C5} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: (no name) - {FE0DD030-4EDB-43D8-AEFF-5DCEC6E8F769} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O2 - BHO: (no name) - {FEFC7466-386F-4281-99D9-7587B8C29A1C} - C:\Program Files\q99l0b7u\q99l0b7u.dll
O3 - Toolbar: Begin2Search.com Bar - {207AEF46-0596-4966-A7BF-098F247E85BB} - C:\WINDOWS\System32\ic2_win.dll
O4 - HKLM\..\Run: [nkvdubvm] c:\windows\system32\nkvdubvm.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [jdepbc] C:\WINDOWS\System32\jdepbc.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [dwdywc] C:\WINDOWS\System32\dwdywc.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitedme32.exe
O4 - HKLM\..\Run: [sssasasb32] C:\WINDOWS\sssasasb32.exe
O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\winagent.exe /i
O4 - HKLM\..\Run: [C:\WINDOWS\omakymc.exe] C:\WINDOWS\omakymc.exe
O4 - HKLM\..\Run: [q99l0b7u] C:\Program Files\q99l0b7u\q99l0b7u.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [33tj39P] olebject.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [abcdefgh] c:\windows\system32\abcdefgh.exe /install
O4 - HKLM\..\Run: [AutoLoader3w2N1LSjZZLc] "C:\WINDOWS\System32\olebject.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Debbie\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [I02tRVjpe] odplsp.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\Run: [oqoi] C:\PROGRA~1\COMMON~1\oqoi\oqoim.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
folders...
C:\Program Files\q99l0b7u
C:\WINDOWS\System32\wsxsvc
C:\WINDOWS\System32\vmss
C:\Program Files\sf
C:\PROGRA~1\COMMON~1\oqoi
files...
C:\WINDOWS\System32\rsyncmon.dll
C:\WINDOWS\System32\AUNBHO.dll
C:\WINDOWS\System32\ic2_win.dll
C:\Documents and Settings\All Users\Application Data\linkbho\LinkBHO.dll
c:\windows\system32\nkvdubvm.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\jdepbc.exe
C:\WINDOWS\System32\dwdywc.exe
C:\windows\system32\msnavc32.exe
C:\windows\system32\elitedme32.exe
C:\WINDOWS\sssasasb32.exe
C:\WINDOWS\winagent.exe
C:\WINDOWS\omakymc.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\logon.exe
C:\WINDOWS\farmmext.exe
c:\windows\system32\abcdefgh.exe
C:\WINDOWS\System32\olebject.exe
C:\DOCUME~1\Debbie\LOCALS~1\Temp\se.dll
C:\WINDOWS\sfita.exe
Search for...
E6F1873B.DLL
odplsp.exe
...using " Start | Search...".
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log, and let me know how everything goes.
-
Mike
Message Edited by Midnight Star on 02-27-2005 08:51 PM
DHAVENS
25 Posts
0
March 2nd, 2005 00:00
Thank you Mike for responding to my cry for help! You are such a terrific person, you and everyone here who helps out with things like this. I did what you said and here is my latest HJT log. It seems like my PC is back to normal but it is making a loud whirling sound that it didn't do before. Also, should I run Disk cleanup and defrag now? Thanks again :-)
Logfile of HijackThis v1.99.1
Scan saved at 9:19:38 PM, on 3/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\hijackthis\HijackThis.exe
O3 - Toolbar: (no name) - {207AEF46-0596-4966-A7BF-098F247E85BB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
O4 - HKLM\..\Run: [abcdefgh] c:\windows\system32\abcdefgh.exe /install
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Debbie\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [AutoLoader3w2N1LSjZZLc] "C:\WINDOWS\System32\olebject.exe"
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitedme32.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [33tj39P] olebject.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bidispl] C:\WINDOWS\System32\bidispl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108999446264
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
DHAVENS
25 Posts
0
March 2nd, 2005 00:00
Spoke too soon, I rebooted and I still have pop-ups, ran Ad-Aware and deleted 118 items but when I reboot, they come back. Here is a fresh log straight from a fresh reboot:
Logfile of HijackThis v1.99.1
Scan saved at 9:54:44 PM, on 3/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\System32\gah95on6.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system\ockgcgog.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\bidispl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\hijackthis\HijackThis.exe
O3 - Toolbar: (no name) - {207AEF46-0596-4966-A7BF-098F247E85BB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
O4 - HKLM\..\Run: [abcdefgh] c:\windows\system32\abcdefgh.exe /install
O4 - HKLM\..\Run: [AutoLoader3w2N1LSjZZLc] "C:\WINDOWS\System32\olebject.exe"
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitedme32.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [33tj39P] olebject.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bidispl] C:\WINDOWS\System32\bidispl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108999446264
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Midnight Star
4.8K Posts
0
March 2nd, 2005 02:00
Before you begin, be sure to read this entire solution. There are a few item(s) here that i'm not familar with, and if it's something your familar with, then omit it from the fix.
-
Let's continue on with the fix...
Let's look for, and delete, any program segments( prefetches) that might be present, and are associated with the ' problems' we're trying to remove from this system. To do this, let's:
1) Click " Start | Search", then search for each of these program's base name(s), in all files and folders:
*ockgcgog*
2) Then if any are found in the ' prefetch' folder, delete them.
Look closely, since the ' base' name will have a bunch of random numbers and letters attached to it.
Run HiJackThis then:
1. Click " Config..."
2. Click " Misc Tools"
3. Click " Open Process manager"
-
Next, while holding down the CTRL key, locate ( if present) and click on ( highlight) each of the following:
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\system\ockgcgog.exe
C:\WINDOWS\System32\bidispl.exe
Now double-check and make sure that only those item(s) above are highlighted, then click " Kill process". Now, click " Refresh", check again, and repeat this step if any remain.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
O3 - Toolbar: (no name) - {207AEF46-0596-4966-A7BF-098F247E85BB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [abcdefgh] c:\windows\system32\abcdefgh.exe /install
O4 - HKLM\..\Run: [AutoLoader3w2N1LSjZZLc] "C:\WINDOWS\System32\olebject.exe"
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitedme32.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [33tj39P] olebject.exe
O4 - HKCU\..\Run: [bidispl] C:\WINDOWS\System32\bidispl.exe
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\system\ockgcgog.exe
C:\WINDOWS\System32\bidispl.exe
c:\windows\system32\abcdefgh.exe
C:\WINDOWS\System32\olebject.exe
C:\windows\system32\elitedme32.exe
Search for...
olebject.exe
...using " Start | Search...".
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log, and let me know how everything goes.
Midnight Star
4.8K Posts
0
March 2nd, 2005 02:00
Before you begin, be sure to read this entire solution. There are a few item(s) here that i'm not familar with, and if it's something your familar with, then omit it from the fix.
-
Let's continue on with the fix...
Let's look for, and delete, any program segments( prefetches) that might be present, and are associated with the ' problems' we're trying to remove from this system. To do this, let's:
1) Click " Start | Search", then search for each of these program's base name(s), in all files and folders:
*ockgcgog*
2) Then if any are found in the ' prefetch' folder, delete them.
Look closely, since the ' base' name will have a bunch of random numbers and letters attached to it.
Run HiJackThis then:
1. Click " Config..."
2. Click " Misc Tools"
3. Click " Open Process manager"
-
Next, while holding down the CTRL key, locate ( if present) and click on ( highlight) each of the following:
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\system\ockgcgog.exe
C:\WINDOWS\System32\bidispl.exe
Now double-check and make sure that only those item(s) above are highlighted, then click " Kill process". Now, click " Refresh", check again, and repeat this step if any remain.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
O3 - Toolbar: (no name) - {207AEF46-0596-4966-A7BF-098F247E85BB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [abcdefgh] c:\windows\system32\abcdefgh.exe /install
O4 - HKLM\..\Run: [AutoLoader3w2N1LSjZZLc] "C:\WINDOWS\System32\olebject.exe"
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitedme32.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [33tj39P] olebject.exe
O4 - HKCU\..\Run: [bidispl] C:\WINDOWS\System32\bidispl.exe
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\system\ockgcgog.exe
C:\WINDOWS\System32\bidispl.exe
c:\windows\system32\abcdefgh.exe
C:\WINDOWS\System32\olebject.exe
C:\windows\system32\elitedme32.exe
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log, and let me know how everything goes.
DHAVENS
25 Posts
0
March 2nd, 2005 23:00
ok, I think we're clean now. At least I rebooted five minutes ago and have not had anything strange happen like freeze ups or pop ups. Here is my latest HJT log for your review. Thanks again for your help!
Logfile of HijackThis v1.99.1
Scan saved at 8:20:13 PM, on 3/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108999446264
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Midnight Star
4.8K Posts
0
March 4th, 2005 01:00
That log is looking good to me - great work!
Reboot your computer, and try using different programs and make sure everything is running ok. If your still experiencing problems, post back any concerns or problems you may be having and wait for any advice before continuing with the cleanup.
Download, install and run Cleanup! from Steven Gould, then:
1. Click " Cleanup!"
( wait for the program to finish scanning your system, and selecting files to be removed.)
2. Exit the program and reboot the computer, if necessary.
-
For more information about using Cleanup! see here.
If everything is running ok, let's do the final cleanup...
1. Run " Disk Cleanup" and allow it to remove everything it finds.
2. If you've downloaded MicroWorld AV ( MWAV), run it again - but don't scan, just click " Clear Log" and exit the program.
3. Go to www.trendmicro.com and click " Free Online Scan", then " Scan now, it's free!". When it's downloaded, select all available drives, then check(tick) " Auto clean", then click " Scan".
4. Run AdAware SE Personal and " perform a full system scan", then Spybot S&D, and " Check for Problems". Let them both remove the residual 'problems' left that HiJackThis couldn't fix.
5. Disable, then re-enable system restore; with a reboot in-between. Then immediately create a new system point manually.
If your having any more problems, post back.
-
Happy surfing,
Mike.
DHAVENS
25 Posts
0
March 6th, 2005 22:00
ok, I ran the adaware, spybot and the free scan from trendmicro, all three found a couple things. Deleted/cleaned everything, did the disable and re-enable system restore and then created a new system point and everything seems to be working like it used to. My McAffee keeps popping up telling me that it detected a trojan and cleanes it about every 2-3 minutes, but everything seems back to normal. I can't thank you again for all your help! Bless you.
Debbie
DHAVENS
25 Posts
0
March 6th, 2005 23:00
oops! must have deleted something I shouldn't have while doing the cleanup. All my software is working except for one. I have a software program called Pampered Partner becasue I am a Pampered Chef Consultant and I went to go into it and got the following message:
sub main error 399. component DWSBC36.ocx or one of its dependencies not correctly registered: a file is missing or invalid line:340
I assumed from the above message that I deleted a file that the program needed to run but wasn't worried because I just received my new spring software program to install. When I put the cd in I got this message:
C:Windows\system32\autoexec.nt The system file is not suitable for running ms-dos & microsoft windows applications. Choose close to terminate.
I thought maybe it was the disc they sent me but I tried a couple other program discs I had and when I tried to instal them, I got the same message. How do I get this issue fixed?
Midnight Star
4.8K Posts
0
March 6th, 2005 23:00
See if this helps you:
http://kb.bighammer.com/article.aspx?id=10003
(or)
This article from Microsoft:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324767
Let me know if your still having problems.
-
Mike.
DHAVENS
25 Posts
0
March 12th, 2005 17:00
Thanks Mike! It worked , I think I am all back to normal, you're great! :-)
Debbie
Midnight Star
4.8K Posts
0
March 13th, 2005 18:00
That's good news indeed ... :) - Just let us know if there's anything else we can do to help.
-
Mike.