Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer take over (Resolved)


  • This topic is locked This topic is locked

#46
Luckycharm

Luckycharm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I went into search in Registrar Lite and did as you said: Deleted the entries that came up. Rebooted, did a hijack this log, the no files were still there, so I checked registrar again. More seemed to pop up under those CLSID's. Deleted those extra entries as well. Rebooted again and searched in registrar lite. Empty. Did a hijack this log, but the no files are still there.Here is the most recent hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 11:28:46 AM, on 3/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tiffany Lee\My Documents\Scanner\HijackThis 1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...ystempopup=true
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105677366268
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

Advertisements


#47
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
now lets try to use Hijack this to remove them

run Hijack This again and check them and then, making sure you have No Internet Explorer Windows open, including this one, Press the "Fix Checked" Button with HijackThis.

Reboot If I have specified below, and Post a Fresh HijackThis log.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} -


then post a fresh Hijack this log
  • 0

#48
Luckycharm

Luckycharm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:47:28 PM, on 3/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tiffany Lee\My Documents\Scanner\HijackThis 1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...ystempopup=true
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105677366268
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

#49
OSC

OSC

    Malware Expert

  • Retired Staff
  • 301 posts
Wow, they sure are persistent! :mad:

The good news is niether one of them are causing your computer any harm. They both appear to be left over from Microsoft Money. They're not "connected" to anything so they're just kind of sitting there, lonely, in a dark alley with no where to go and nothing to do.

If you have Microsoft Money, you might want to install it, reboot, then uninstall it and reboot. Then run hijackthis again and see if the entries are gone. Also, be sure that the c:\program files\Microsoft Money folder is gone after you uninstall it.
  • 0

#50
Luckycharm

Luckycharm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok, I will try to find the software for MMoney. I thought this had
something to do with why my computer got taken over, because these (no
file) CLSID's were from before I uninstalled MMoney. I am still
getting reboots in the middle of the night and clicks on the machine
out of nowhere (like internet explorer is changing web pages on its
own). Simultaneously, I will sometimes hear someone with their
microphone on (it sounds like) out of nowhere. (ie: you can hear
someone moving around things, or coughing under there breath... weird
stuff) What is with that?
  • 0

#51
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
Luckycharm why don't you go ahead and please give us a new Hijack this log
  • 0

#52
OSC

OSC

    Malware Expert

  • Retired Staff
  • 301 posts
Hi LuckyCharm,

Also, can you tell us if that computer is setup for wireless connectivity, what type of internet connection you have (dial-up, cable, etc) and if you are using any type of router?
  • 0

#53
Luckycharm

Luckycharm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I have a dell laptop with wireless built in, am using a that connection through a wireless router to a cable modem.

Logfile of HijackThis v1.99.1
Scan saved at 1:35:27 AM, on 3/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tiffany Lee\My Documents\Scanner\HijackThis 1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...ystempopup=true
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105677366268
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

#54
OSC

OSC

    Malware Expert

  • Retired Staff
  • 301 posts
Were you able to find your MS Money CD to reinstall/uninstall it?

On your wireless router, are you using any security modes?? (WEP, WPA Pre Shared Key or RADIUS)

Also, can you confirm if ALL items are unchecked in msconfig?? If they are not, please uncheck them all, reboot and post a new hijackthis log.

The clicks and voices you are hearing could be a result of a voiced pop-under ad. When you hear it again, please run hijackthis and get a log immediately, then post it here.

As for your rebooting problem, right click the My Computer icon and choose Properties. Click the Advanced tab, then click the Settings button. Uncheck the Automatically Restart button. Reboot your computer when prompted. This will prevent your computer from rebooting IF it's blue screening (which is a common reason why computers reboot).

We can also check your event viewer for clues. Right click My Computer, choose Manage. Expand Event Viewer and review the contents of the Application log and System log. If you want, you can export the application and system logs and mail them to me at this address.

With all that said, please let us know what you did and didn't do before you post your next log. :tazz: Think we'll get a startup list next and do a few other other scans with some other tools too.
  • 0

#55
Luckycharm

Luckycharm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I'm running a secured connection to the router 128 bit WEP. I did find the M Money program, I still need to install it. The Auto reboot was already unchecked when I went into the advanced tab. I checked the msconfig, some of the startups I unchecked made their way back on the list checked. Arrgh to Microsoft Messaging! evil programmers.. The next time I hear those clicks, I'll run a hijackthis log and send it to you. And once I install Microsoft Money, I'll also do the system log and email it to you as well. Just give me a little time :tazz: Oh, also, when I hear those sounds of a guy mumbling or moving stuff around, it is when I'm in AIM (their newest version).

Here is the Hijack This log. Ran after I unchecked those msconfigs that were not necessary, except for my virus scanner and some other programs located in the system32 folder.


Logfile of HijackThis v1.99.1
Scan saved at 10:31:33 PM, on 3/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Documents and Settings\Tiffany Lee\My Documents\Scanner\HijackThis 1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...ystempopup=true
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105677366268
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

Advertisements


#56
Luckycharm

Luckycharm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Sorry bout this, but I found this text file on my desktop today out of nowhere concerning java. I didn't know if it is of importance to what we're trying to fix. But here is the file:

Name: hs_err_pid3524.txt



An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x675AD19
Function=Java_sun_awt_windows_WToolkit_printWindowsVersion+0x1CB9
Library=C:\Program Files\Java\j2re1.4.2_06\bin\awt.dll

Current Java thread:
at sun.awt.windows.WComponentPeer.nativeHandleEvent(Native Method)
at sun.awt.windows.WComponentPeer.handleEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\iexplore.exe
0x7C900000 - 0x7C9B0000 C:\WINDOWS\system32\ntdll.dll
0x7C800000 - 0x7C8F4000 C:\WINDOWS\system32\kernel32.dll
0x77C10000 - 0x77C68000 C:\WINDOWS\system32\msvcrt.dll
0x77D40000 - 0x77DD0000 C:\WINDOWS\system32\USER32.dll
0x77F10000 - 0x77F56000 C:\WINDOWS\system32\GDI32.dll
0x77F60000 - 0x77FD6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77DD0000 - 0x77E6B000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E70000 - 0x77F01000 C:\WINDOWS\system32\RPCRT4.dll
0x77760000 - 0x778CC000 C:\WINDOWS\system32\SHDOCVW.dll
0x77A80000 - 0x77B14000 C:\WINDOWS\system32\CRYPT32.dll
0x77B20000 - 0x77B32000 C:\WINDOWS\system32\MSASN1.dll
0x754D0000 - 0x75550000 C:\WINDOWS\system32\CRYPTUI.dll
0x76C30000 - 0x76C5E000 C:\WINDOWS\system32\WINTRUST.dll
0x76C90000 - 0x76CB8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x77120000 - 0x771AC000 C:\WINDOWS\system32\OLEAUT32.dll
0x774E0000 - 0x7761D000 C:\WINDOWS\system32\ole32.dll
0x5B860000 - 0x5B8B4000 C:\WINDOWS\system32\NETAPI32.dll
0x771B0000 - 0x77256000 C:\WINDOWS\system32\WININET.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x77C00000 - 0x77C08000 C:\WINDOWS\system32\VERSION.dll
0x773D0000 - 0x774D2000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x7C9C0000 - 0x7D1D4000 C:\WINDOWS\system32\SHELL32.dll
0x5D090000 - 0x5D127000 C:\WINDOWS\system32\comctl32.dll
0x5AD70000 - 0x5ADA8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476B000 C:\WINDOWS\system32\MSCTF.dll
0x63000000 - 0x63014000 C:\WINDOWS\system32\SynTPFcs.dll
0x75F80000 - 0x7607C000 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 - 0x20012000 C:\WINDOWS\system32\browselc.dll
0x77B40000 - 0x77B62000 C:\WINDOWS\system32\appHelp.dll
0x76FD0000 - 0x7704F000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x77260000 - 0x772FE000 C:\WINDOWS\system32\urlmon.dll
0x77FE0000 - 0x77FF1000 C:\WINDOWS\system32\Secur32.dll
0x77A20000 - 0x77A74000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661D000 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77A13000 C:\WINDOWS\system32\SETUPAPI.dll
0x10000000 - 0x100B3000 c:\program files\google\googletoolbar1.dll
0x71AD0000 - 0x71AD9000 C:\WINDOWS\system32\WSOCK32.dll
0x71AB0000 - 0x71AC7000 C:\WINDOWS\system32\WS2_32.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\system32\WS2HELP.dll
0x76B40000 - 0x76B6D000 C:\WINDOWS\system32\WINMM.dll
0x76990000 - 0x769B5000 C:\WINDOWS\system32\ntshrui.dll
0x76B20000 - 0x76B31000 C:\WINDOWS\system32\ATL.DLL
0x769C0000 - 0x76A73000 C:\WINDOWS\system32\USERENV.dll
0x71B20000 - 0x71B32000 C:\WINDOWS\system32\MPR.dll
0x75F60000 - 0x75F67000 C:\WINDOWS\System32\drprov.dll
0x71C10000 - 0x71C1E000 C:\WINDOWS\System32\ntlanman.dll
0x71CD0000 - 0x71CE7000 C:\WINDOWS\System32\NETUI0.dll
0x71C90000 - 0x71CD0000 C:\WINDOWS\System32\NETUI1.dll
0x71C80000 - 0x71C87000 C:\WINDOWS\System32\NETRAP.dll
0x71BF0000 - 0x71C03000 C:\WINDOWS\System32\SAMLIB.dll
0x75F70000 - 0x75F79000 C:\WINDOWS\System32\davclnt.dll
0x73D70000 - 0x73D83000 C:\WINDOWS\system32\shgina.dll
0x75970000 - 0x75A67000 C:\WINDOWS\system32\MSGINA.dll
0x76360000 - 0x76370000 C:\WINDOWS\system32\WINSTA.dll
0x74320000 - 0x7435D000 C:\WINDOWS\system32\ODBC32.dll
0x763B0000 - 0x763F9000 C:\WINDOWS\system32\comdlg32.dll
0x01B40000 - 0x01B57000 C:\WINDOWS\system32\odbcint.dll
0x092D0000 - 0x09349000 C:\WINDOWS\system32\Audiodev.dll
0x086C0000 - 0x08904000 C:\WINDOWS\system32\WMVCore.DLL
0x070D0000 - 0x0710B000 C:\WINDOWS\system32\WMASF.DLL
0x593F0000 - 0x59482000 C:\WINDOWS\system32\wiashext.dll
0x4EC50000 - 0x4EDF3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x01D20000 - 0x01FE5000 C:\WINDOWS\system32\xpsp2res.dll
0x73BA0000 - 0x73BB3000 C:\WINDOWS\system32\sti.dll
0x74AE0000 - 0x74AE7000 C:\WINDOWS\system32\CFGMGR32.dll
0x59A60000 - 0x59B01000 C:\WINDOWS\system32\DBGHELP.DLL
0x76EE0000 - 0x76F1C000 C:\WINDOWS\system32\RASAPI32.DLL
0x76E90000 - 0x76EA2000 C:\WINDOWS\system32\rasman.dll
0x76EB0000 - 0x76EDF000 C:\WINDOWS\system32\TAPI32.dll
0x76E80000 - 0x76E8E000 C:\WINDOWS\system32\rtutils.dll
0x77C70000 - 0x77C93000 C:\WINDOWS\system32\msv1_0.dll
0x76D60000 - 0x76D79000 C:\WINDOWS\system32\iphlpapi.dll
0x722B0000 - 0x722B5000 C:\WINDOWS\system32\sensapi.dll
0x01CA0000 - 0x01CAC000 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x02490000 - 0x0254B000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x5EDD0000 - 0x5EDE7000 C:\WINDOWS\system32\olepro32.dll
0x01CE0000 - 0x01CFF000 C:\WINDOWS\system32\dla\tfswshx.dll
0x01D00000 - 0x01D0F000 C:\WINDOWS\system32\tfswapi.dll
0x02650000 - 0x0268B000 C:\WINDOWS\system32\dla\tfswcres.dll
0x75E90000 - 0x75F40000 C:\WINDOWS\system32\SXS.DLL
0x026F0000 - 0x02778000 C:\WINDOWS\system32\shdoclc.dll
0x75CF0000 - 0x75D81000 C:\WINDOWS\system32\mlang.dll
0x71A50000 - 0x71A8F000 C:\WINDOWS\system32\mswsock.dll
0x662B0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
0x7D1E0000 - 0x7D492000 C:\WINDOWS\system32\msi.dll
0x02780000 - 0x0279C000 c:\progra~1\mcafee.com\vso\McVSSkt.dll
0x605D0000 - 0x605D9000 C:\WINDOWS\system32\mslbui.dll
0x76F20000 - 0x76F47000 C:\WINDOWS\system32\DNSAPI.dll
0x76FC0000 - 0x76FC6000 C:\WINDOWS\system32\rasadhlp.dll
0x7D4A0000 - 0x7D783000 C:\WINDOWS\system32\mshtml.dll
0x746C0000 - 0x746E7000 C:\WINDOWS\system32\msls31.dll
0x746F0000 - 0x7471A000 C:\WINDOWS\system32\msimtf.dll
0x5C2C0000 - 0x5C300000 C:\WINDOWS\ime\sptip.dll
0x74C80000 - 0x74CAC000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 - 0x760E5000 C:\WINDOWS\system32\MSVCP60.dll
0x02450000 - 0x02461000 C:\WINDOWS\IME\SPGRMR.DLL
0x031A0000 - 0x031FB000 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
0x325C0000 - 0x325D2000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x75C50000 - 0x75CBE000 C:\WINDOWS\system32\jscript.dll
0x6D460000 - 0x6D470000 C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
0x6D330000 - 0x6D348000 C:\Program Files\Java\j2re1.4.2_06\bin\jpiexp32.dll
0x76FB0000 - 0x76FB8000 C:\WINDOWS\System32\winrnr.dll
0x6D3A0000 - 0x6D3B8000 C:\Program Files\Java\j2re1.4.2_06\bin\jpishare.dll
0x08000000 - 0x08139000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\client\jvm.dll
0x03A20000 - 0x03A27000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\hpi.dll
0x03A40000 - 0x03A4E000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\verify.dll
0x03A50000 - 0x03A69000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\java.dll
0x03A70000 - 0x03A7D000 C:\PROGRA~1\Java\J2RE14~2.2_0\bin\zip.dll
0x066C0000 - 0x067D2000 C:\Program Files\Java\j2re1.4.2_06\bin\awt.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763AD000 C:\WINDOWS\system32\IMM32.dll
0x06810000 - 0x06861000 C:\Program Files\Java\j2re1.4.2_06\bin\fontmanager.dll
0x73760000 - 0x737A9000 C:\WINDOWS\system32\ddraw.dll
0x73BC0000 - 0x73BC6000 C:\WINDOWS\system32\DCIMAN32.dll
0x73940000 - 0x73A10000 C:\WINDOWS\system32\D3DIM700.DLL
0x6D310000 - 0x6D324000 C:\Program Files\Java\j2re1.4.2_06\bin\jpicom32.dll
0x6D480000 - 0x6D49D000 C:\Program Files\Java\j2re1.4.2_06\bin\RegUtils.dll
0x07020000 - 0x0702F000 C:\Program Files\Java\j2re1.4.2_06\bin\net.dll
0x76200000 - 0x76271000 C:\WINDOWS\system32\mshtmled.dll
0x72D20000 - 0x72D29000 C:\WINDOWS\system32\wdmaud.drv
0x72D10000 - 0x72D18000 C:\WINDOWS\system32\msacm32.drv
0x77BE0000 - 0x77BF5000 C:\WINDOWS\system32\MSACM32.dll
0x77BD0000 - 0x77BD7000 C:\WINDOWS\system32\midimap.dll
0x07270000 - 0x0728E000 C:\Program Files\Java\j2re1.4.2_06\bin\jpeg.dll
0x76BF0000 - 0x76BFB000 C:\WINDOWS\system32\PSAPI.DLL

Heap at VM Abort:
Heap
def new generation total 896K, used 34K [0x100c0000, 0x101b0000, 0x10820000)
eden space 832K, 4% used [0x100c0000, 0x100c8908, 0x10190000)
from space 64K, 0% used [0x10190000, 0x10190000, 0x101a0000)
to space 64K, 0% used [0x101a0000, 0x101a0000, 0x101b0000)
tenured generation total 10732K, used 6437K [0x10820000, 0x1129b000, 0x160c0000)
the space 10732K, 59% used [0x10820000, 0x10e69498, 0x10e69600, 0x1129b000)
compacting perm gen total 5120K, used 4896K [0x160c0000, 0x165c0000, 0x1a0c0000)
the space 5120K, 95% used [0x160c0000, 0x16588138, 0x16588200, 0x165c0000)

Local Time = Tue Mar 15 22:55:36 2005
Elapsed Time = 118
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot™ Client VM (1.4.2_06-b03 mixed mode)
#
  • 0

#57
OSC

OSC

    Malware Expert

  • Retired Staff
  • 301 posts
Hi LuckyCharm,

The next time I hear those clicks, I'll run a hijackthis log and send it to you......  Oh, also, when I hear those sounds of a guy mumbling or moving stuff around, it is when I'm in AIM (their newest version).

That sometimes happens when you move your cursor over the advertisement in the AOL buddy list box. When it happens, try to remember if your cursor was near the AOL buddy box when you hear the sounds.

Run hijackthis again and fix this entry:

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} -

As for that file on your desktop, it looks like it's a file that is created when your computer crashes. You can safely delete it. :tazz:

Also, right click anywhere on your desktop thats not an icon and choose Properties. Click the Settings tab. Under Colors, can you tell me what that setting says? Should be 16 bit, 24 bit or 32 bit. This could be a clue as to why your computer reboots randomly.
  • 0

#58
Luckycharm

Luckycharm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OSC , Efwis, and any other staff who has helped me:

As of today, Dell has granted me a full refund with my laptop. It has been a long, grueling battle with customer service. You would not believe some of the things Dell's customer service has said and done to try to get us to give up. Thank you for all that you have done to help me with this problem on my computer. However, this hasn't been the only problem I've been having. Everything seems to be practically falling apart with this computer they'd sent me. The customer service was way below expectation, and after six months ( and after already recieving two replacements ) we finally reach someone within corporate. And only because having a friend with a business account is really handy. With one call from corporate we have a full refund. If you are looking at buying a Dell, I would recommend checking out the better business bureau's report, and also asking someone who has a Dell ( without a business account ) before purchasing.

Again thank you for all the help you have given me. And thank you OSC for your recent help. You have truly been great. I'm really glad this site is around to help people out like myself.

Luckycharm
  • 0

#59
OSC

OSC

    Malware Expert

  • Retired Staff
  • 301 posts
Hi Luckycharm,

Glad to hear Dell finally gave you what you want. Dell's customer service is terrible. I have also been there - done that.

For your new computer, I'll give you some tips for prevention. :tazz:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Thanks to PGPhantom for this canned speech.
  • 0

#60
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
Since your problem has been resolved I will be closing this tab.

Thank you
The Geeks To Go Team
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP