Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

magnoliablossom

18 Posts

1193

September 18th, 2006 16:00

Need2Find bar

​ ​
​ My computer is soooo sluggish. I had a lot of files and some software from school and thought maybe that was the problem. I cleaned out everything not is use for this semester. I went through the proper steps for removing programs, updating xp, updating software, scan disc, removing cookies, defrag, ran the anitspyware programs, ran antivirus scan...all the regular maintenance. In this process I find "Need2Find bar". I tried to uninstall this as well but got the error message that the specifed module could not be found (uninstaller not there?). I emailed Need2Find bar and was given a link to download more from their website to get the uninstaller. I didn't do this. I came to this forum and have followed your instructions for removing the malware. These are my results: ​
​ ​
​ Logfile of HijackThis v1.99.1 ​
​Scan saved at 9:55:07 PM, on 9/17/2006 ​
​Platform: Windows XP SP2 (WinNT 5.01.2600) ​
​MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) ​
​ ​
​ Running processes: ​
​C:\WINDOWS\System32\smss.exe ​
​C:\WINDOWS\system32\winlogon.exe ​
​C:\WINDOWS\system32\services.exe ​
​C:\WINDOWS\system32\lsass.exe ​
​C:\WINDOWS\system32\svchost.exe ​
​C:\WINDOWS\System32\svchost.exe ​
​C:\Program Files\Ahead\InCD\InCDsrv.exe ​
​C:\WINDOWS\Explorer.EXE ​
​C:\WINDOWS\system32\spoolsv.exe ​
​C:\WINDOWS\system32\CTsvcCDA.EXE ​
​C:\WINDOWS\system32\drivers\KodakCCS.exe ​
​c:\program files\mcafee.com\agent\mcdetect.exe ​
​c:\PROGRA~1\mcafee.com\vso\mcshield.exe ​
​c:\PROGRA~1\mcafee.com\agent\mctskshd.exe ​
​c:\PROGRA~1\mcafee.com\vso\OasClnt.exe ​
​C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe ​
​C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe ​
​c:\program files\mcafee.com\vso\mcvsshld.exe ​
​c:\progra~1\mcafee.com\vso\mcvsescn.exe ​
​c:\program files\mcafee.com\agent\mcagent.exe ​
​C:\WINDOWS\system32\HPZipm12.exe ​
​C:\WINDOWS\system32\svchost.exe ​
​C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ​
​C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe ​
​C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe ​
​C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe ​
​C:\Program Files\HP\HP Software Update\HPWuSchd2.exe ​
​C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe ​
​C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ​
​C:\Program Files\Dell Support\DSAgnt.exe ​
​C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe ​
​C:\WINDOWS\system32\MsPMSPSv.exe ​
​C:\WINDOWS\system32\svchost.exe ​
​C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe ​
​C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe ​
​C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe ​
​C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe ​
​C:\Program Files\Webroot\Spy Sweeper\SSU.EXE ​
​C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE ​
​C:\Program Files\Microsoft Office\Office10\WINWORD.EXE ​
​C:\Program Files\Microsoft Works\WkDStore.exe ​
​C:\Program Files\Internet Explorer\iexplore.exe ​
​C:\hijackthis\HijackThis.exe ​
​ ​
​ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ​​http://www.dell4me.com/myway​​ ​
​R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ​​http://home.bellsouth.net/​​ ​
​R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ​​http://home.bellsouth.net​​ ​
​R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ​​http://www.dell4me.com/myway​​ ​
​R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ​​http://home.bellsouth.net/​​ ​
​R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bellsouth® Internet Service ​
​R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) ​
​O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll ​
​O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll ​
​O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll ​
​O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe ​
​O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe ​
​O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe ​
​O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask ​
​O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ​
​O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ​
​O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime ​
​O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" ​
​O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe ​
​O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ​
​O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray ​
​O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet ​
​O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup ​
​O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" ​
​O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background ​
​O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe ​
​O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE ​
​O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html ​
​O8 - Extra context menu item: &Search - ​​http://ka.bar.need2find.com/KA/menusearch.html?p=KA​ ​
​O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html ​
​O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html ​
​O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html ​
​O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 ​
​O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html ​
​O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html ​
​O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll ​
​O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll ​
​O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll ​
​O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll ​
​O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe ​
​O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe ​
​O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe ​
​O9 - Extra button: River Belle Poker - {83F8B625-1B04-4c35-8BA1-6DB4D7EDBADF} - C:\Program Files\riverbelleMPP\MPPoker.exe ​
​O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL ​
​O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) ​
​O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) ​
​O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) ​
​O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ​
​O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ​
​O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ​
​O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ​
​O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll ​
​O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll ​
​O14 - IERESET.INF: START_PAGE_URL=http://home.bellsouth.net ​
​O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - ​​http://www1.snapfish.com/SnapfishOutlookImport.cab​​ ​
​O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - ​​http://www.riverbellepoker.com/download_helper/Nyoko.cab​​ ​
​O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - ​​http://www.snapfish.com/SnapfishActivia.cab​​ ​
​O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - ​​http://aolcc.aol.com/computercheckup/qdiagcc.cab​​ ​
​O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - ​​http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab​​ ​
​O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - ​​http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120152283359​​ ​
​O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - ​​http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149351107609​​ ​
​O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - ​​http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB​​ ​
​O16 - DPF: {E08B32D6-E74A-4281-85FB-3B9E700E3199} (WebTrackOCXXC4.WebTrackOCXC4) - ​​http://www.mediatechnics.net/np5cd/files/WebTrackOCXC4.CAB​​ ​
​O17 - HKLM\System\CCS\Services\Tcpip\..\{D2C63A55-E541-4ADB-AC2B-1DE5CDECABA1}: NameServer = 205.152.37.23 205.152.132.23 ​
​O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll ​
​O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll ​
​O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll ​
​O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE ​
​O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe ​
​O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe ​
​O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe ​
​O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe ​
​O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe ​
​O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe ​
​O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe ​
​O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe ​
​O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe ​
​O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe ​
​O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ​
​ ​
​ ​
​ ​
​ Thanks for any help. ​
​ ​

Cham31

7 Posts

September 18th, 2006 20:00

Hi,
you need to download http://www.pctools.com/registry-mechanic/?ref=mg_rm that prog and try to clean out the regitry entry need2find. probably located in HKEY_CURRENT_USER\Software\Microsoft\Windows

zbestwun2001

8.8K Posts

September 18th, 2006 21:00

Hold on....

Stop....first off all Cham31 is not suppose to be in this forum.
Please ignore anything that is told to you by this person.

I will get someone to help you.

ZB1

Message Edited by zbestwun2001 on 09-18-2006 03:37 PM

magnoliablossom

18 Posts

September 18th, 2006 21:00

i downloaded the program.  to fix the need2find they want to me purchase this program. is there a way to get rid of need2find without having to buy something else??
 
thanks

zbestwun2001

8.8K Posts

September 18th, 2006 22:00

I just don't want someone to have you do something to mess up the system more than it already is.


ZB1

magnoliablossom

18 Posts

September 18th, 2006 22:00

ok. i'm not doing anything!
will the real moderator of this forum please stand up???? lol

magnoliablossom

18 Posts

September 18th, 2006 23:00

Thanks for watching out for me, ZB1.  I'm new here, so I appreciate you taking time to make sure I don't do anything to get me into more trouble.  So, I need to watch for a response for someone with the credentials posted like you have on your posts?
Thanks, again!

zbestwun2001

8.8K Posts

September 19th, 2006 00:00

Yep!

Click on my link that says Qualified and you will see the list of people.


Steve

1972vet

3.3K Posts

September 19th, 2006 01:00

Greetings magnoliablossom,

I'm studying your log. Please be patient while I try to determine how best to approach a fix for any issues you may have.
Thanks!

1972vet

3.3K Posts

September 19th, 2006 01:00

Your Java application is out of date.
Please follow these steps to remove older version Java components

1. Close any open programs you may have running, especially your web
browser.

2. Click Start-->Control Panel-->Add or Remove Programs.
For those just reading this thread:
Depending on your OS, you may have to click Start-->Settings-->Control Panel-->Add or Remove Programs.

3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.
Not every version of Java will begin with "Java" so be sure to read each entry in the list.
Repeat step 3 as many times as necessary to remove all versions of Java.
**If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

4. Navigate to and delete:
  • C:\Program Files\ Java =this folder if found
5. Then go to this page.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"and click the "Download" button to the right.

6. Check the box that says: "Accept License Agreement" the page will refresh and click on the link to download Windows Offline Installation with or without Multi-language. Save it to your desktop.
Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.


I can't tell you to remove the Poker software as being malicious, but many users have reported countless problems relating to the poker sites. I myself trust none of them and if it were my computer, they'd go.

I will help you remove the stray Registry entry and the reference to the Need2find right click menu search option.
Please run HijackThis again and check the following:
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

Now close all windows except for the HijackThis window, then click Fix Checked.

You should reboot to properly record the changes made to the disk.
When the system comes up, update your on board WebRoot SpySweeper and run a full system scan.

When finished, please perform this online scan: F-Secure Online Scanner Next Generation Beta
1. Click on the link " F-Secure Online Scanner Next Generation Beta".
2. You may receive an alert on the address bar at this point to install the ActiveX control.
3. Click on that alert and then Click Insall ActiveX component.
4. Read the license agreement and click " Accept".
5.Click " Custom Scan" and be sure the following are checked:
  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Scan inside archives
  • Use advanced heuristics
6. When the scan completes, click the " I want to decide item by item" button.
7. For each item found, Select " Disinfect" and click " Next".
8. When done, click the " Show Report" button, then copy and paste the entire report into your next reply along with a new HijackThis log. Please advise how the computer is running now. Thanks!

magnoliablossom

18 Posts

September 19th, 2006 09:00

1972vet,
 
 I will follow your advice later today as  I have been up all night doing an assignment in my outdated Java application.(hehe)...I would rather wait to try to sort this out when I'm thinking a bit more clearly.
 
Thank you so much.  I appreciate your time and your knowledge and will get back with you when I've completed the steps. 
 
mag

magnoliablossom

18 Posts

September 20th, 2006 19:00

I had some problems with running this.  It kept disappearing and I would start it over.  When I went back to check on the scan, it had already finished and I had missed the opportunity to disinfect.  I'll redo the scan, but wanted to get this back to you.   Scanning Report Tuesday, September 19, 2006 23:29:07 - 02:11:36

Computer name: JANETTE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ F:\ G:\

Result: 0 malware found
Statistics

Scanned:

  • Files: 378216
  • System: 10531
  • Not scanned: 213

Actions:

  • Disinfected: 0
  • Renamed: 0
  • Deleted: 0
  • None: 0
  • Submitted: 0

Files not scanned:

@ Π[1]\Ad-Aware SE default.ask\Ad-Aware SE Default.skn

  • C:\Program Files\Intuit\QuickBooks 2005\Components\PConfig\Data1.cab\arrow.gif1
  • C:\PROGRAM FILES\INTUIT\QUICKBOOKS 2005\COMPONENTS\NAVIGATOR\IMAGES\CST\ARROW1.GIF
  • C:\PROGRAM FILES\AHEAD\INCD\DMA.BIN
  • C:\PROGRAM FILES\AHEAD\INCD\GAA.BIN
  • C:\PROGRAM FILES\AHEAD\INCD\LGC.BIN
  • C:\Program Files\Absolute Poker\image\.gzi\
  • C:\Program Files\Absolute Poker\image\19 KILO.gzi\19 KILO
  • C:\Program Files\Absolute Poker\image\AJACKAL.gzi\AJACKAL
  • C:\Program Files\Absolute Poker\image\ALEXUS38.gzi\ALEXUS38
  • C:\Program Files\Absolute Poker\image\ALLENB25.gzi\ALLENB25
  • C:\Program Files\Absolute Poker\image\ANNABELL3.gzi\ANNABELL3
  • C:\Program Files\Absolute Poker\image\B WRAY.gzi\B WRAY
  • C:\Program Files\Absolute Poker\image\ KEV.gzi\ KEV
  • C:\Program Files\Absolute Poker\image\BIGLOGGER.gzi\BIGLOGGER
  • C:\Program Files\Absolute Poker\image\CASHHFLOW.gzi\CASHHFLOW
  • C:\Program Files\Absolute Poker\image\CATCH22ALLIN.gzi\CATCH22ALLIN
  • C:\Program Files\Absolute Poker\image\DLDAN.gzi\DLDAN
  • C:\Program Files\Absolute Poker\image\EARL HICKEY.gzi\EARL HICKEY
  • C:\Program Files\Absolute Poker\image\ECLIPSA.gzi\ECLIPSA
  • C:\Program Files\Absolute Poker\image\FOGG24.gzi\FOGG24
  • C:\Program Files\Absolute Poker\image\G1ADIATOR.gzi\G1ADIATOR
  • C:\Program Files\Absolute Poker\image\GEE1010.gzi\GEE1010
  • C:\Program Files\Absolute Poker\image\GRAVITYRULES.gzi\GRAVITYRULES
  • C:\Program Files\Absolute Poker\image\HOYTSHOW.gzi\HOYTSHOW
  • C:\Program Files\Absolute Poker\image\JAC1322.gzi\JAC1322
  • C:\Program Files\Absolute Poker\image\JACKAL_7877.gzi\JACKAL_7877
  • C:\Program Files\Absolute Poker\image\JANE8.gzi\JANE8
  • C:\Program Files\Absolute Poker\image\JCASH44.gzi\JCASH44
  • C:\Program Files\Absolute Poker\image\JEFF MILLER.gzi\JEFF MILLER
  • C:\Program Files\Absolute Poker\image\JLP9243.gzi\JLP9243
  • C:\Program Files\Absolute Poker\image\JOKO78.gzi\JOKO78
  • C:\Program Files\Absolute Poker\image\JYNX468.gzi\JYNX468
  • C:\Program Files\Absolute Poker\image\KAL_ACE.gzi\KAL_ACE
  • C:\Program Files\Absolute Poker\image\KELLYANDFRED.gzi\KELLYANDFRED
  • C:\Program Files\Absolute Poker\image\KJARSKI.gzi\KJARSKI
  • C:\Program Files\Absolute Poker\image\KOWALA.gzi\KOWALA
  • C:\Program Files\Absolute Poker\image\KRUSTYCLOWN.gzi\KRUSTYCLOWN
  • C:\Program Files\Absolute Poker\image\MAKANI5.gzi\MAKANI5
  • C:\Program Files\Absolute Poker\image\MIDNTDEW.gzi\MIDNTDEW
  • C:\Program Files\Absolute Poker\image\MRLUCKYPANTS.gzi\MRLUCKYPANTS
  • C:\Program Files\Absolute Poker\image\MT_FETTI.gzi\MT_FETTI
  • C:\Program Files\Absolute Poker\image\NETWORTHGSUP.gzi\NETWORTHGSUP
  • C:\Program Files\Absolute Poker\image\OHP202.gzi\OHP202
  • C:\Program Files\Absolute Poker\image\PURPLEPUNAS.gzi\PURPLEPUNAS
  • C:\Program Files\Absolute Poker\image\SCARYONE.gzi\SCARYONE
  • C:\Program Files\Absolute Poker\image\SHUFFLEPIG.gzi\SHUFFLEPIG
  • C:\Program Files\Absolute Poker\image\STIR.gzi\STIR
  • C:\Program Files\Absolute Poker\image\TATERNUTS05.gzi\TATERNUTS05
  • C:\Program Files\Absolute Poker\image\TEABERRY.gzi\TEABERRY
  • C:\Program Files\Absolute Poker\image\THE STONE DR.gzi\THE STONE DR
  • C:\Program Files\Absolute Poker\image\THEBONGER.gzi\THEBONGER
  • C:\Program Files\Absolute Poker\image\THEKID19.gzi\THEKID19
  • C:\Program Files\Absolute Poker\image\TONJES96.gzi\TONJES96
  • C:\Program Files\Absolute Poker\image\TONYRDEL.gzi\TONYRDEL
  • C:\Program Files\Absolute Poker\image\VMAX2.gzi\VMAX2
  • C:\Program Files\Absolute Poker\image\YSS1983.gzi\YSS1983
  • C:\I386\BIOS1.ROM
  • C:\I386\TFSMRMSG.ISO
  • C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
  • C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
  • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
  • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
  • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\WEBROOT\SPY SWEEPER\TEMP\SSCS0521958A-569D-4CD4-8BB3-93E1F895AE93.TMP
  • C:\è
    [1]MN
Options

Scanning engines:

  • F-Secure AVP: 6.0.171, 2006-09-19
  • F-Secure Libra: 2.4.1, 2006-09-16
  • F-Secure Orion: 1.2.37, 2006-09-19
  • F-Secure Blacklight: 1.0.31, 0000-00-00
  • F-Secure Draco: 1.0.35, 2006-09-19
  • F-Secure Pegasus: 1.19.0, 2006-08-14

Scanning options:

  • Scan all files
  • Scan inside archives
  • Use Advanced heuristics

magnoliablossom

18 Posts

September 20th, 2006 19:00

Here is the hijack report.
Thanks,
mag
 

Logfile of HijackThis v1.99.1

Scan saved at 3:24:08 PM, on 9/20/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

c:\program files\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\RUNDLL32.exe

C:\WINDOWS\system32\RUNDLL32.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Microsoft Works\WkDStore.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bellsouth.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bellsouth® Internet Service

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"

O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe

O9 - Extra button: River Belle Poker - {83F8B625-1B04-4c35-8BA1-6DB4D7EDBADF} - C:\Program Files\riverbelleMPP\MPPoker.exe

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O14 - IERESET.INF: START_PAGE_URL=http://home.bellsouth.net

O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab

O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.riverbellepoker.com/download_helper/Nyoko.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120152283359

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149351107609

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab

O16 - DPF: {E08B32D6-E74A-4281-85FB-3B9E700E3199} (WebTrackOCXXC4.WebTrackOCXC4) - http://www.mediatechnics.net/np5cd/files/WebTrackOCXC4.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2C63A55-E541-4ADB-AC2B-1DE5CDECABA1}: NameServer = 205.152.37.23 205.152.132.23

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

 

1972vet

3.3K Posts

September 21st, 2006 03:00

Your log looks clean. How's it running now? Still slow? If so, try removing the poker software to see if you notice any improvement.

1972vet

3.3K Posts

September 21st, 2006 17:00

Don't worry, we can troubleshoot these issues with you. I need to ask a couple questions first though:
1.) What is your regular maintenance schedule and what utilities do you run to facilitate your maintenance
2.) Do you have your original Windows XP CD handy? I'm not going to suggest that we reinstall windows, but there is a useful utility that comes with Windows XP that would allow us to investigate whether or not your operating system is suffering from some corrupt or missing windows core files.

magnoliablossom

18 Posts

September 21st, 2006 17:00

It is still verrryyy slow.  I looked in the add/remove programs and the Need2Find and Doyle's Room (poker) are still on there.  Did I do this correctly?  Also, I tried to burn a dvd this morning and it was going to take like 90 hours...you read that correctly...90 HOURS! lol  There is something very wrong here. I'm truly at your mercy with this, if you have time to think of anything else I could possibly do.
I still have the Absolute Poker and the RiverBelle software on there.  Those are the two I play mostly.  I have had Absolute for about 4 or 5 years and RiverBelle for about a year or so.  They haven't given me problems in the past.  Do you really think they are the culprits?
 
Thanks for sharing your time and thoughts with me.
mag

View More

View All

No Events found!

Top