Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Member BriarcliffeAngel's Avatar
    Join Date
    Jul 2005
    Posts
    14
    Points
    0

    Default Please Help I dont know what to do :( It wont leave.

    Hi

    The other night I was on a site and it had an unsafe script error come up, I hit no to run it. Then mcaffee came up with :

    http://us.mcafee.com/virusInfo/defau...virus_k=100643

    It said it deleted a file called command.exe

    I then scanned again with mcaffee and it came up clean.
    Then I scanned with ewido and it found a dll and it had a similar explanation for what the mcafee scanner found.

    After it cleaned it I rescanned with Mcaffee, Ewido, Housecall, Adaware, and Spybot.

    They all found nothing but cookies expect spybot. It found some dso exploits, everytime I tried to have them fixed Spybot would crash.

    It seemed like everything was okay though. I noticed last night a popup looking like an error message came up and said something about WinScanner or something like that saying I may have registry errors, I just kept hitting the X on the top of the windows that appeared several times. I then restarted the computer and it left. Throught the night I got a few pop ups, which I usually dont get with pop up blocker.

    Tonight when I was in the other room without internet explorer open I found a popup open that said:

    Attention! Windows Security Center has detected spyware on your PC sending private information and documents to remote computer. One of processes (Win32res.exe) has just sent this information:

    Then it had a area in the middle that said:

    IP address: 68.237.66.206
    Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
    Computer OS: Windows XP
    Full PC control: Gained
    Sent Information: approximately 17 Megabytes

    and it wanted me to go get this scanner.

    I didnt click anything and closed it, it wouldnt let me right cick on it to see the source, and it didnt have the address bar on top. I closed it and went to:

    http://www.microsoft.com/security/malwareremove/def ault.mspx

    It found nothing.

    Then this same popup came up again. This time the address bar on it was visible and said it came from:

    http://202.67.220.230/security/?aid=vm_fm_scwaskw _1&ax=1&ex=1&lid=hijack

    I'm not a computer expert but I believe this is from someones PC. I closed the pop up again and then turned the pc off for a few hours.

    I came on later and so far nothing has happened. I scanned once again with Adaware, and it only found cookies.

    I then scanned with HijackThis and this is the log:

    I am running Win XP pro by the way.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:41:34 AM, on 10/6/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    D:\WINDOWS\System32\drivers\CDAC11BA.EXE
    D:\Program Files\ewido\security suite\ewidoctrl.exe
    D:\WINDOWS\system32\drivers\KodakCCS.exe
    d:\program files\mcafee.com\agent\mcdetect.exe
    d:\PROGRA~1\mcafee.com\vso\mcshield.exe
    d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\wanmpsvc.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\ntvdm.exe
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\PROGRA~1\mcafee.com\agent\mcagent.exe
    D:\Program Files\McAfee.com\VSO\mcvsshld.exe
    D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    d:\progra~1\mcafee.com\vso\mcvsescn.exe
    D:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
    D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
    D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\WINDOWS\system32\hphmon06.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\McAfee.com\VSO\oasclnt.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\AIM\aim.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\WINDOWS\System32\HPZipm12.exe
    D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    d:\progra~1\mcafee.com\vso\mcvsftsn.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\HijakThis2\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    F3 - REG:win.ini: load= sromtsr.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - D:\WINDOWS\System32\ljjgf.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] d:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "D:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] D:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [SetupWizard] F:\SetupWizard.exe reboot
    O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "D:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] D:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [OASClnt] D:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Getting Started with MacDrive 5.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Windows Desktop Search.lnk = D:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://D:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwe...s/vzWebIns.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: ljjgf - D:\WINDOWS\System32\ljjgf.dll
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Eodaset - Unknown owner - (no file)
    O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - D:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver - HP - D:\WINDOWS\System32\HPHipm09.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe




    Please help me, I dont know what to do



    Last time I posted everyone was asking about :
    F3 - REG:win.ini: load= sromtsr.exe
    It's for my slide scanner and its never been a problem.

    Thanks

  2. #2
    Member lucent's Avatar
    Join Date
    Sep 2005
    Location
    Australia
    Posts
    141
    Points
    29

    Default

    Hey there Briar, it looks like you have been hit with a Vundo/virtumonde variant. The problem lies here:

    O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - D:\WINDOWS\System32\ljjgf.dll

    As i like to go through the proper channels i have let steam know, so either I or someone else will help you out shortly.
    Cheers, Lucent.

  3. #3
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Read and follow all the directions here:

    http://www.help2go.com/postt13858.html

    It is really a waste of time repairing a log and the PC, unless you are going to run/install SP1a(Service pack) for XP/IE. Don't try to install SP2 until you get this PC cleaned up.

    XP SP1a is available here:

    http://www.microsoft.com/windowsxp/d...1/default.mspx

    This can take hours if you are on dial up, but it must be done if you want further help.

    BG

  4. #4
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,975
    Points
    248

    Default

    Zip for SP1a attached. Download and install then post a new log.

    OJ
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  5. #5
    Member BriarcliffeAngel's Avatar
    Join Date
    Jul 2005
    Posts
    14
    Points
    0

    Default

    I guess I will just have to live with it then

    I hope its not to bad.

    Thanks

    Chrissy

  6. #6
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Is there something that you do not understand ? This problem is not really that hard to fix, but there are a lot of things that have to be done to fix it.

    We will try to help if you tell us what problem you are having with the directions.

    BG

  7. #7
    Member lucent's Avatar
    Join Date
    Sep 2005
    Location
    Australia
    Posts
    141
    Points
    29

    Default

    Briar, It seems you have already gone to a bit of trouble to clean up your system so far, so a couple more sessions of hair pulling and keyboard bashing would make it worth your while. The techs here are more than willing to help no matter how good you are on a computer, that is why we are here. Don't feel silly if you don't understand something, remember there are no stupid questions, but there are on the other hand stupid answers, yup i'd say i have been guilty on that charge on the odd occasion. Besides if your machine is secure, wouldn't you feel more confident in going about your regular internet use?

    Oh, by the way i forgot to paste the other bad entry, here ya go:
    O20 - Winlogon Notify: ljjgf - D:\WINDOWS\System32\ljjgf.dll

    Please don't leave here with an infected OS. We will be patient if you are.
    Cheers, Lucent.

  8. #8
    Member BriarcliffeAngel's Avatar
    Join Date
    Jul 2005
    Posts
    14
    Points
    0

    Default

    Hi


    I went to geekstogo.com as well since I didnt know who would respond first and I was freaking out and they said to use that vundo killer, but gave a little bit different instructions:

    At this point press enter one time.

    Next you will see:

    QUOTE
    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.


    At this point please type the following file path (make sure to enter it exactly as below!):


    D:\WINDOWS\System32\ljjgf.dll




    Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

    Next you will see:

    QUOTE
    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.
    At this point please type the following file path (make sure to enter it exactly as below!):


    D:\WINDOWS\System32\jgjjl.*


    Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

    2. The fix will run then HijackThis will open.
    In HiJackThis, please place a check next to the following items and click FIX CHECKED:


    O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - D:\WINDOWS\System32\ljjgf.dll
    O20 - Winlogon Notify: ljjgf - D:\WINDOWS\System32\ljjgf.dll


    After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
    Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
    Once your machine reboots please continue with the instructions below.

    The problem seemed to be solved but when I did the last thing they said which was go to Active Scan it found:

    Incident Status Location

    Adware:Adware/CWS No disinfected
    C:\WINDOWS\Temporary Internet Files\Content.IE5\4PMVSDU3\menus1].js
    I looked that up and found:


    I dont know how to get rid of this one.

    On my C drive I have Win 98.

    The hijack this log on that drive is:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:36:58 AM, on 10/6/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
    C:\WINDOWS\SYSTEM\NVSVC.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SROMTSR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
    C:\PROGRAM FILES\COMMON FILES\MEDIAFOUR\MACVNTFY.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
    C:\WINDOWS\SYSTEM\HPZTSB11.EXE
    C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
    C:\WINDOWS\SYSTEM\HPHMON06.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
    C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
    C:\PROGRAM FILES\AIM\AIM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\HPZIPM12.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
    C:\PROGRAM FILES\HIJACKTHIS2\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    F1 - win.ini: load=sromtsr.exe
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\SYSTEM\HPHMON06.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
    O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Startup: Getting Started with MacDrive 5.lnk = C:\Program Files\Mediafour\MacDrive5\1033\MDGSTART.EXE
    O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab



    Also now when I go to Win 98 on the C Drive, the C drive icon shows up as a wordpad document instead of the harddrive icon. I dont know if that matters, it's just weird.



    I really don't know what to do
    I do want to clean out my system and would like not to format it.

    Thanks

    Chrissy

  9. #9
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Really confusing the heck of me. The first log is XP, with no service packs, which you also went to Geeks to go to fix. Asking 2 different forums the same question at the same time. This is never advised since we all work differently. Not to mention the time spent by 2 forums on the same person when one forum could be helping others You need to learn patience or spend money. Free help is not always fast help

    Now this log is a Win 98 log. It appears clean to me.

    Not going to bother to look at Geekstogo log, since you decided on their fixes and they said you are clean. Install the required services packs for XP.

    BG


  10. #10
    Member BriarcliffeAngel's Avatar
    Join Date
    Jul 2005
    Posts
    14
    Points
    0

    Default

    Hi

    I'm sorry I posted to 2 forums but I didnt know what to do, different people were telling me differnt things, one said you guys the other said geeks to go.

    I had just done payment type things online and the popup it was bringing up was saying it sent out all my info so I was freaking out. I would love to take the comp somewhere but right now I have no money, hard getting a job that pays well, and still in school. I am going to donate to both sites once I have a little cash but right now I am cleaned out.

    The reason I didnt have the Service packs is because of in the past some of those viruses that went out and got into all systems got in through them, and since I was okay I didnt want to chance anything, and people were telling me to just leave it. Since I dont know much about it I dont know who to believe.

    Sorry again I didnt mean to offend, but since I do stuff for the school online and with identity theft when that message came up I didnt know what to do

Page 1 of 2 12 LastLast