Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Can't Control My Computer


  • This topic is locked This topic is locked
6 replies to this topic

#1 Guest_James Foster_*

Guest_James Foster_*
  • Guests

Posted 09 December 2003 - 09:46 PM

My computer opens up to different homepages. I have huge amount of pop ups.Can't follow links.My computer is slow. I am not all that computer knowledgeable. I have been helped by some computer smart friends at another forum of an unrelated topic. Still can't fix it. Here is my log:


Logfile of HijackThis v1.97.7
Scan saved at 9:24:01 PM, on 12/9/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\windows\winlogon.exe
C:\Documents and Settings\David Arnold\Local Settings\Temp\Temporary Directory 16 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-search.com/home.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\windows\hp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-search.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-search.com/home.html (obfuscated)
O1 - Hosts: 206.161.200.105 auto.search.msn.com
O1 - Hosts: 206.161.200.105 sitefinder.verisign.com
O1 - Hosts: 206.161.200.105 sitefinder-idn.verisign.com
O1 - Hosts: 206.161.200.105 www.your.com
O1 - Hosts: 206.161.200.105 your.com
O1 - Hosts: 206.161.200.103 www.smutserver.com
O1 - Hosts: 206.161.200.103 www1.smutserver.com
O1 - Hosts: 206.161.200.103 www2.smutserver.com
O1 - Hosts: 206.161.200.103 www3.smutserver.com
O1 - Hosts: 206.161.200.103 www4.smutserver.com
O1 - Hosts: 206.161.200.103 www5.smutserver.com
O1 - Hosts: 206.161.200.103 www6.smutserver.com
O1 - Hosts: 206.161.200.103 www7.smutserver.com
O1 - Hosts: 206.161.200.103 www8.smutserver.com
O1 - Hosts: 206.161.200.103 www9.smutserver.com
O1 - Hosts: 206.161.200.103 www10.smutserver.com
O1 - Hosts: 206.161.200.103 www11.smutserver.com
O1 - Hosts: 206.161.200.103 www12.smutserver.com
O1 - Hosts: 206.161.200.103 www13.smutserver.com
O1 - Hosts: 206.161.200.103 www14.smutserver.com
O1 - Hosts: 206.161.200.103 www15.smutserver.com
O1 - Hosts: 206.161.200.103 www16.smutserver.com
O1 - Hosts: 206.161.200.103 www17.smutserver.com
O1 - Hosts: 206.161.200.103 www18.smutserver.com
O1 - Hosts: 206.161.200.103 www19.smutserver.com
O1 - Hosts: 206.161.200.103 www20.smutserver.com
O1 - Hosts: 206.161.200.103 www21.smutserver.com
O1 - Hosts: 206.161.200.103 www22.smutserver.com
O1 - Hosts: 206.161.200.103 www23.smutserver.com
O1 - Hosts: 206.161.200.103 www24.smutserver.com
O1 - Hosts: 206.161.200.103 www25.smutserver.com
O1 - Hosts: 206.161.200.103 www26.smutserver.com
O1 - Hosts: 206.161.200.103 www27.smutserver.com
O1 - Hosts: 206.161.200.103 www28.smutserver.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SoundManager] "C:\windows\system32\SngMgr.exe"
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set -- by windows setup --
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Search - c:\windows\ex.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O19 - User stylesheet: c:\windows\system.css (file missing)

If I delete them from the top down to www28.smutserver, then run spybot S&D, then ad-aware, also did the one at pandasoftware.com,restart, and run hijack again they are all back. I don't know what to do. I am suspicious of the plugins, since I read that spyware ones will reinstall. But I don't want to delete the wrong thing. Please help, JFoster

Advertisement


#2 Rojas

Rojas

    New Member

  • Authentic Member
  • Pip
  • 1 posts

Posted 09 December 2003 - 10:56 PM

Hello,James Foster & Welcome

Run this little cws removal tool :

CWShredder

Unzip -> doubleclick cwshredder.exe -> next

Reboot after doing so you have these here to fix

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

please have a look at the 01 & delete the ones you don't use
O1 - Hosts

O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe


O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O19 - User stylesheet: c:\windows\system.css (file missing)


Reboot in to start Safe mode
c:\windows\winlogon.exe<---Delete this file


Good luck :wavey:

#3 Guest_James Foster_*

Guest_James Foster_*
  • Guests

Posted 10 December 2003 - 11:38 AM

I did as you said and it all worked ecept when I rebooted into safe mode I searched for the file winlogon.exe and it found 2 files. I deleted one but when I tried to delete the other it said access denied. ?.

Here is a new log in which most everything is back:


Logfile of HijackThis v1.97.7
Scan saved at 11:37:02 AM, on 12/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\David Arnold\Local Settings\Temp\Temporary Directory 24 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-search.com/home.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-space.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-search.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-search.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-space.com/
O1 - Hosts: 206.161.200.105 auto.search.msn.com
O1 - Hosts: 206.161.200.105 sitefinder.verisign.com
O1 - Hosts: 206.161.200.105 sitefinder-idn.verisign.com
O1 - Hosts: 206.161.200.105 www.your.com
O1 - Hosts: 206.161.200.105 your.com
O1 - Hosts: 206.161.200.103 www.smutserver.com
O1 - Hosts: 206.161.200.103 www1.smutserver.com
O1 - Hosts: 206.161.200.103 www2.smutserver.com
O1 - Hosts: 206.161.200.103 www3.smutserver.com
O1 - Hosts: 206.161.200.103 www4.smutserver.com
O1 - Hosts: 206.161.200.103 www5.smutserver.com
O1 - Hosts: 206.161.200.103 www6.smutserver.com
O1 - Hosts: 206.161.200.103 www7.smutserver.com
O1 - Hosts: 206.161.200.103 www8.smutserver.com
O1 - Hosts: 206.161.200.103 www9.smutserver.com
O1 - Hosts: 206.161.200.103 www10.smutserver.com
O1 - Hosts: 206.161.200.103 www11.smutserver.com
O1 - Hosts: 206.161.200.103 www12.smutserver.com
O1 - Hosts: 206.161.200.103 www13.smutserver.com
O1 - Hosts: 206.161.200.103 www14.smutserver.com
O1 - Hosts: 206.161.200.103 www15.smutserver.com
O1 - Hosts: 206.161.200.103 www16.smutserver.com
O1 - Hosts: 206.161.200.103 www17.smutserver.com
O1 - Hosts: 206.161.200.103 www18.smutserver.com
O1 - Hosts: 206.161.200.103 www19.smutserver.com
O1 - Hosts: 206.161.200.103 www20.smutserver.com
O1 - Hosts: 206.161.200.103 www21.smutserver.com
O1 - Hosts: 206.161.200.103 www22.smutserver.com
O1 - Hosts: 206.161.200.103 www23.smutserver.com
O1 - Hosts: 206.161.200.103 www24.smutserver.com
O1 - Hosts: 206.161.200.103 www25.smutserver.com
O1 - Hosts: 206.161.200.103 www26.smutserver.com
O1 - Hosts: 206.161.200.103 www27.smutserver.com
O1 - Hosts: 206.161.200.103 www28.smutserver.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SoundManager] "C:\windows\system32\SngMgr.exe"
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set -- by windows setup --
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - HKCU\..\Run: [QuickTime Task] c:\windows\qttasks.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Search - c:\windows\ex.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3222F01A-8CE5-400D-BFBB-A36DA69FA0BA}: NameServer = 205.171.3.65 205.171.9.251
O19 - User stylesheet: c:\windows\system.css (file missing)

What should I do? Should I do it again? Is there a way to delet both winlogon files? Thanks for the help, JFoster

#4 dave38

dave38

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 10 December 2003 - 01:21 PM

The Winlogon hijacker can be a bit of a pain to remove.
Mosaic1 has written a script that wil l do it for you, with no risk of accidentally deleting the wrong one. You can download it from HERE
download , unzip and run it, then reboot, and run CWShredder again.

If the copy of CWShredder you have is more than a week or so old, then download a new copy.


Having done that, please post a fresh hijck this log.

#5 Guest_Guest_*

Guest_Guest_*
  • Guests

Posted 10 December 2003 - 07:54 PM

Thank you Dave38, I did as you said and here is the log:


Logfile of HijackThis v1.97.7
Scan saved at 7:48:14 PM, on 12/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\David Arnold\Local Settings\Temp\Temporary Directory 25 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SoundManager] "C:\windows\system32\SngMgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Search - c:\windows\ex.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -



If this is clean will I need to run cwshredder everytime I start up in order to stay clean? Thanks again for the help. I will be waiting for further instructions, JFoster

#6 Guest_James Foster_*

Guest_James Foster_*
  • Guests

Posted 11 December 2003 - 01:20 PM

Here is my most recent log

Logfile of HijackThis v1.97.7
Scan saved at 1:11:06 PM, on 12/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\David Arnold\Local Settings\Temp\Temporary Directory 26 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SoundManager] "C:\windows\system32\SngMgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Search - c:\windows\ex.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -

How does it look? The computer seems to be doing much better, for which I am grateful. I can follow links again and it opens to the homepage I selected. Is there anything on this log I should fix? My computer has McCaffey, but that let this happen so is there a good freeware I should down load to prevent this in the future?Thanks, James

#7 cnm

cnm

    -

  • Visiting Fellow
  • PipPipPipPip
  • 654 posts

Posted 22 December 2003 - 10:13 AM

Closing this, since you have opened a new thread http://forums.tomcoy...?showtopic=2071

Glad we could help. :)

If you need this topic reopened, please request this by sending
Email to Zero or
Email to cnm or
Email to Coyote
Choose only one of the above
Include your post user name and detail why you need it reopened with a valid link to your post, any bad links or emails that are not from the original poster will be deleted without response.

Others please start a New Topic.

Advertisement





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users