Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help

Started by Gunnie , Aug 18 2004 08:43 PM

  • Please log in to reply

#16
admin
Posted 29 August 2004 - 11:29 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts

O20 - AppInit_DLLs: C:\WINDOWS\System32\KBDPO813n.dll

This entry is the problem. Still nothing new on fixing it with SP2 I'm afraid.
  • 0

Advertisements

#17
Gunnie
Posted 13 September 2004 - 06:26 AM

Gunnie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Have you heard anything? I am still having problems. <_<
  • 0

#18
admin
Posted 13 September 2004 - 03:00 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Let's see a fresh Hijack This log. <_<
  • 0

#19
Gunnie
Posted 13 September 2004 - 08:14 PM

Gunnie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Okay guys, here it is:

Logfile of HijackThis v1.98.2
Scan saved at 10:12:21 PM, on 9/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Office mouse\1.1\moffice.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Office mouse\1.1\MOUSE32A.DAT
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\Kimberly Angel\Start Menu\Programs\Startup\mprocessor.exe
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\Program Files\United Devices\UD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\United Devices\ud_7174683.exe
C:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office mouse\1.1\moffice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [lexlmpm339p.exe] "C:\WINDOWS\System32\lexlmpm339p.exe"
O4 - HKCU\..\Run: [dsprpres954b.exe] "C:\WINDOWS\system32\dsprpres954b.exe"
O4 - Startup: data.dat
O4 - Startup: first.awp
O4 - Startup: initial.cfg
O4 - Startup: main.cfg
O4 - Startup: mprocessor.exe
O4 - Startup: second.awp
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {2D16FCD6-5320-4F0D-941B-F9D02E8D6CD9} - (no file) (HKCU)
O9 - Extra button: (no name) - {3B00D678-1840-41BF-B965-B216941B58C0} - (no file) (HKCU)
O9 - Extra button: (no name) - {4D264F09-53D9-41BE-8DE9-09412209A237} - (no file) (HKCU)
O9 - Extra button: (no name) - {662984D5-39E1-47C2-B833-37185608720C} - (no file) (HKCU)
O9 - Extra button: (no name) - {BB397663-56E1-49B4-80D5-8E6E348BF19A} - (no file) (HKCU)
O9 - Extra button: (no name) - {C467EAE0-DACF-4813-BC4C-2CCBAB82B30B} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ab?ver=1,1,0,32
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.side...00719/sb028.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D0D0DA9-20C8-4B9F-8DAB-010E8F89A158}: NameServer = 204.117.214.10,199.2.252.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D0D0DA9-20C8-4B9F-8DAB-010E8F89A158}: NameServer = 204.117.214.10,199.2.252.10
O20 - AppInit_DLLs: C:\WINDOWS\System32\KBDPO813n.dll
  • 0

#20
admin
Posted 14 September 2004 - 09:25 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
First download the latest Visual Basic Runtime: http://www.microsoft...&displaylang=en

Next, let's try this again... Mosaic1 has created a bat file that should help us, download it from here.
http://www.geekstogo...=download&id=34

A few setup items first we need to do, make sure you can view all hidden files and folders, use this link for help.
http://www.xtra.co.n...1916458,00.html

Next, review this article How to take ownership of a file or folder in Windows XP

Sign Off the Internet and Stay Off Until All Steps Are Finished

Extract the batch file (hiving.bat) and run it. If you have script blocking enabled you will get a warning. Please allow this to run. The script is just producing a message box. Double click on the batch to run it. After a reboot the super hidden nasty file will no longer be loaded and will be visible.

Restart into Safe mode and find this file:
C:\WINDOWS\System32\KBDPO813n.dll

Right click on the file and choose properties.
Use the security tab on .dll and take ownership.
Change the 'everyone special' to
'you> with Admin rights-> FULL control
Then try to delete it, if that fails try to rename
it first to different name+ext.
Example:
ctl.dll>bleh.txt
bleh.txt > badfile.111

Once you have successfully deleted the file restart into Regular Windows mode.

Run CWShredder immediately. Press the 'Fix' button to clean.

Run Ad-aware
Restart.

Report back if you're successful or not.
  • 0

#21
Gunnie
Posted 16 September 2004 - 12:42 PM

Gunnie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Okay, I think I was successful. I did everything according to your instructions (I think) and here is a fresh hijackthis log:

Logfile of HijackThis v1.98.2
Scan saved at 2:37:29 PM, on 9/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Office mouse\1.1\moffice.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Office mouse\1.1\MOUSE32A.DAT
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\Program Files\United Devices\UD.EXE
C:\Program Files\United Devices\ud_7174683.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uchase.co...php?ask=&a=1367
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office mouse\1.1\moffice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [lexlmpm339p.exe] "C:\WINDOWS\System32\lexlmpm339p.exe"
O4 - HKCU\..\Run: [dsprpres954b.exe] "C:\WINDOWS\system32\dsprpres954b.exe"
O4 - Startup: data.dat
O4 - Startup: first.awp
O4 - Startup: initial.cfg
O4 - Startup: main.cfg
O4 - Startup: mprocessor.exe
O4 - Startup: replacer.exe
O4 - Startup: second.awp
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {2D16FCD6-5320-4F0D-941B-F9D02E8D6CD9} - (no file) (HKCU)
O9 - Extra button: (no name) - {3B00D678-1840-41BF-B965-B216941B58C0} - (no file) (HKCU)
O9 - Extra button: (no name) - {4D264F09-53D9-41BE-8DE9-09412209A237} - (no file) (HKCU)
O9 - Extra button: (no name) - {662984D5-39E1-47C2-B833-37185608720C} - (no file) (HKCU)
O9 - Extra button: (no name) - {7CA97BBE-FD18-4B8D-8469-AFC727749B50} - (no file) (HKCU)
O9 - Extra button: (no name) - {A38C9E3C-C1D2-4E20-8C80-79546D2F6681} - (no file) (HKCU)
O9 - Extra button: (no name) - {B6B0437E-FDAD-49FF-80DC-11AC73EFA136} - (no file) (HKCU)
O9 - Extra button: (no name) - {BB397663-56E1-49B4-80D5-8E6E348BF19A} - (no file) (HKCU)
O9 - Extra button: (no name) - {C467EAE0-DACF-4813-BC4C-2CCBAB82B30B} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ab?ver=1,1,0,32
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.side...00719/sb028.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D0D0DA9-20C8-4B9F-8DAB-010E8F89A158}: NameServer = 204.117.214.10,199.2.252.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D0D0DA9-20C8-4B9F-8DAB-010E8F89A158}: NameServer = 204.117.214.10,199.2.252.10
O20 - AppInit_DLLs: C:\WINDOWS\system32\igfxres597u.dll

When I was taking ownership of the KBDPO813N.DLL, there were other users that also looked like they had access. I don't know if that makes any difference but wanted you to know that. Also, my pc shows 3 administrators, and one of them mysteriously showed up about the time all this **** started happening called special experiment. Can you walk me through deleting this stuff or should I start a new thread? Thanks for all your help so far. You guys are the best!
  • 0

#22
Gunnie
Posted 16 September 2004 - 12:46 PM

Gunnie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Also, all the files in the log at 04 startup show up at start up as not accessible.
  • 0

#23
admin
Posted 16 September 2004 - 01:19 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
The file name changed, so let's try this again. <_<

Mosaic1 has created a bat file that should help us, download it from here.
http://www.geekstogo...=download&id=34

A few setup items first we need to do, make sure you can view all hidden files and folders, use this link for help.
http://www.xtra.co.n...1916458,00.html

Next, review this article How to take ownership of a file or folder in Windows XP

Sign Off the Internet and Stay Off Until All Steps Are Finished

Extract the batch file (hiving.bat) and run it. If you have script blocking enabled you will get a warning. Please allow this to run. The script is just producing a message box. Double click on the batch to run it. After a reboot the super hidden nasty file will no longer be loaded and will be visible.

Restart into Safe mode and find this file:
C:\WINDOWS\System32\igfxres597u.dll

Right click on the file and choose properties.
Use the security tab on .dll and take ownership.
Change the 'everyone special' to
'you> with Admin rights-> FULL control
Then try to delete it, if that fails try to rename
it first to different name+ext.
Example:
ctl.dll>bleh.txt
bleh.txt > badfile.111

Once you have successfully deleted the file restart into Regular Windows mode.

Run CWShredder immediately. Press the 'Fix' button to clean.

Run Ad-aware
Restart.

Report back if you're successful or not.
  • 0

#24
Gunnie
Posted 16 September 2004 - 01:42 PM

Gunnie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Before I proceed, when I go to take ownership, these 3 names all show ownership, Administrators, Kimberly Angel, and System. Should all 3 have ownership?
  • 0

#25
admin
Posted 16 September 2004 - 01:47 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Just take ownership for the login that you're currently signed in with.
  • 0

Advertisements

#26
Gunnie
Posted 19 September 2004 - 11:52 AM

Gunnie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Okay, when I went into safe mode and took ownership for the administrator since that is what I logged in as, and denied the others since they all had full control. I deleted the file, ran CWShredder & Ad-aware, then restarted. Here is my new HiJackThis log:

Logfile of HijackThis v1.98.2
Scan saved at 1:49:05 PM, on 9/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Office mouse\1.1\moffice.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Office mouse\1.1\MOUSE32A.DAT
C:\Program Files\United Devices\UD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\Program Files\United Devices\ud_7174683.exe
C:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uchase.co...php?ask=&a=1367
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office mouse\1.1\moffice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [lexlmpm339p.exe] "C:\WINDOWS\System32\lexlmpm339p.exe"
O4 - HKCU\..\Run: [dsprpres954b.exe] "C:\WINDOWS\system32\dsprpres954b.exe"
O4 - Startup: data.dat
O4 - Startup: first.awp
O4 - Startup: initial.cfg
O4 - Startup: main.cfg
O4 - Startup: mprocessor.exe
O4 - Startup: replacer.exe
O4 - Startup: second.awp
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {2D16FCD6-5320-4F0D-941B-F9D02E8D6CD9} - (no file) (HKCU)
O9 - Extra button: (no name) - {3B00D678-1840-41BF-B965-B216941B58C0} - (no file) (HKCU)
O9 - Extra button: (no name) - {4D264F09-53D9-41BE-8DE9-09412209A237} - (no file) (HKCU)
O9 - Extra button: (no name) - {662984D5-39E1-47C2-B833-37185608720C} - (no file) (HKCU)
O9 - Extra button: (no name) - {7CA97BBE-FD18-4B8D-8469-AFC727749B50} - (no file) (HKCU)
O9 - Extra button: (no name) - {A38C9E3C-C1D2-4E20-8C80-79546D2F6681} - (no file) (HKCU)
O9 - Extra button: (no name) - {B6B0437E-FDAD-49FF-80DC-11AC73EFA136} - (no file) (HKCU)
O9 - Extra button: (no name) - {BB397663-56E1-49B4-80D5-8E6E348BF19A} - (no file) (HKCU)
O9 - Extra button: (no name) - {C467EAE0-DACF-4813-BC4C-2CCBAB82B30B} - (no file) (HKCU)
O9 - Extra button: (no name) - {CFEF1098-0874-48C9-819C-D53F13359377} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ab?ver=1,1,0,32
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.side...00719/sb028.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D0D0DA9-20C8-4B9F-8DAB-010E8F89A158}: NameServer = 204.117.214.10,199.2.252.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D0D0DA9-20C8-4B9F-8DAB-010E8F89A158}: NameServer = 204.117.214.10,199.2.252.10
O20 - AppInit_DLLs: C:\WINDOWS\system32\msconf979t.dll
  • 0

#27
admin
Posted 20 September 2004 - 07:31 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Something seems to be interfering. Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP