Can anyone please help with this?

[kc]

Logfile of HijackThis v1.97.7
Scan saved at 11:36:01 PM, on 2/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\BellSouth\Connection Tool\IPMon32.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matthew Draughn\Local
Settings\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.bluezipper.com/hphelper.php?
home=http://home.bellsouth.net/&marker=217679420&install_d
ate=unknown&country=unknown&siteid=247_AX1&ip=127.0.0.1&zi
p=unknown&cty=unknown&gender=unknown&month=unknown&date=un
known&year=unknown&income=unknown&city=unknown&state=unkno
wn&firstname=unknown&lastname=unknown
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/
ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/y
msgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,Shellnext = http://www.emachines.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-
BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program
Files\BellSouth\Connection Tool\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program
Files\BellSouth\Connection Tool\IPMon32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [uoltray] C:\Program
Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\MATTHE~1
\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program
Files\McAfee\McAfee Shared Components\Guardian\"
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Si&milar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/ch
at.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://mx253.sb03.com/apps/softsearch/247_ax1.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} -
http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
(Support.com Configuration Class) -
http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yac
scom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) - http://software-
dl.real.com/01025a9b0a628aa02801/netzip/RdxIE601.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.75/webplugin.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} -
http://download.microsoft.com/download/vizact2000/Install/
10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo!
Photos Easy Upload Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydro
pper/ydropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235

 

[D.Currie]

What's the question?

Logfile of HijackThis v1.97.7
Scan saved at 11:36:01 PM, on 2/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\BellSouth\Connection Tool\IPMon32.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matthew Draughn\Local
Settings\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.bluezipper.com/hphelper.php?
home=http://home.bellsouth.net/&marker=217679420&install_d
ate=unknown&country=unknown&siteid=247_AX1&ip=127.0.0.1&zi
p=unknown&cty=unknown&gender=unknown&month=unknown&date=un
known&year=unknown&income=unknown&city=unknown&state=unkno
wn&firstname=unknown&lastname=unknown
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/
ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/y
msgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,Shellnext = http://www.emachines.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-
BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program
Files\BellSouth\Connection Tool\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program
Files\BellSouth\Connection Tool\IPMon32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [uoltray] C:\Program
Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\MATTHE~1
\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program
Files\McAfee\McAfee Shared Components\Guardian\"
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Si&milar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/ch
at.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://mx253.sb03.com/apps/softsearch/247_ax1.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} -
http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
(Support.com Configuration Class) -
http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yac
scom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) - http://software-
dl.real.com/01025a9b0a628aa02801/netzip/RdxIE601.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.75/webplugin.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} -
http://download.microsoft.com/download/vizact2000/Install/
10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo!
Photos Easy Upload Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydro
pper/ydropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235

 

[HSV Guy]

Exactly...Whats going on here?
makes no heads or tails 2 me

What's the question?

Logfile of HijackThis v1.97.7
Scan saved at 11:36:01 PM, on 2/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\BellSouth\Connection Tool\IPMon32.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matthew Draughn\Local
Settings\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.bluezipper.com/hphelper.php?
home=http://home.bellsouth.net/&marker=217679420&install_d
ate=unknown&country=unknown&siteid=247_AX1&ip=127.0.0.1&zi
p=unknown&cty=unknown&gender=unknown&month=unknown&date=un
known&year=unknown&income=unknown&city=unknown&state=unkno
wn&firstname=unknown&lastname=unknown
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/
ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/y
msgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,Shellnext = http://www.emachines.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-
BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program
Files\BellSouth\Connection Tool\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program
Files\BellSouth\Connection Tool\IPMon32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [uoltray] C:\Program
Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\MATTHE~1
\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program
Files\McAfee\McAfee Shared Components\Guardian\"
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Si&milar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/ch
at.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://mx253.sb03.com/apps/softsearch/247_ax1.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} -
http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
(Support.com Configuration Class) -
http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yac
scom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) - http://software-
dl.real.com/01025a9b0a628aa02801/netzip/RdxIE601.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.75/webplugin.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} -
http://download.microsoft.com/download/vizact2000/Install/
10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo!
Photos Easy Upload Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydro
pper/ydropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235

 

[Kelly]

Hijack This could have cleared this for you. For the most part, it doesn't
look all that bad. You have a few things to clean, but without knowing what
your issues are, post your log file here: http://tomcoyote.org/forums/

Logfile of HijackThis v1.97.7
Scan saved at 11:36:01 PM, on 2/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\BellSouth\Connection Tool\IPMon32.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matthew Draughn\Local
Settings\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.bluezipper.com/hphelper.php?
home=http://home.bellsouth.net/&marker=217679420&install_d
ate=unknown&country=unknown&siteid=247_AX1&ip=127.0.0.1&zi
p=unknown&cty=unknown&gender=unknown&month=unknown&date=un
known&year=unknown&income=unknown&city=unknown&state=unkno
wn&firstname=unknown&lastname=unknown
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/
ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/y
msgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,Shellnext = http://www.emachines.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-
BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program
Files\BellSouth\Connection Tool\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program
Files\BellSouth\Connection Tool\IPMon32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [uoltray] C:\Program
Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\MATTHE~1
\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program
Files\McAfee\McAfee Shared Components\Guardian\"
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Si&milar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/ch
at.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://mx253.sb03.com/apps/softsearch/247_ax1.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} -
http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
(Support.com Configuration Class) -
http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yac
scom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) - http://software-
dl.real.com/01025a9b0a628aa02801/netzip/RdxIE601.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.75/webplugin.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} -
http://download.microsoft.com/download/vizact2000/Install/
10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo!
Photos Easy Upload Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydro
pper/ydropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235

 

[Guest]

I dont really see what you want us to help you with
All i can see from this is what looks like a program on your computer compiled data about the running processes on your computer
There seems to be nothing out of the ordinary with them.(Although there are alot of them)
I see no problems there,But i can tell you about what type of printer you have and what company you use to connect to the internet and so on
If you are worried about computer processes there are plenty of websites that have most of these processes and what they do
google for them
If you have another question which i have not awnsered post back with a question.

 

[Guest]

-----Original Message-----
Hijack This could have cleared this for you. For the most part, it doesn't
look all that bad. You have a few things to clean, but without knowing what
your issues are, post your log file here: http://tomcoyote.org/forums/

--
All the Best,
Kelly

MS-MVP Win98/XP
[AE-Windows® XP]

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

Utilities for Windows XP
http://www.kellys-korner-xp.com/xp_u.htm#xp_util

Logfile of HijackThis v1.97.7
Scan saved at 11:36:01 PM, on 2/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\BellSouth\Connection Tool\IPMon32.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matthew Draughn\Local
Settings\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.bluezipper.com/hphelper.php?
home=http://home.bellsouth.net/&marker=217679420&install_d
ate=unknown&country=unknown&siteid=247_AX1&ip=127.0.0.1&zi
p=unknown&cty=unknown&gender=unknown&month=unknown&date=un
known&year=unknown&income=unknown&city=unknown&state=unkno
wn&firstname=unknown&lastname=unknown
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/
ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/y
msgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,Shellnext = http://www.emachines.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-
BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4- B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program
Files\BellSouth\Connection Tool\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program
Files\BellSouth\Connection Tool\IPMon32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [uoltray] C:\Program
Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1 \MATTHE~1
\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program
Files\McAfee\McAfee Shared Components\Guardian\"
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Si&milar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/ch
at.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://mx253.sb03.com/apps/softsearch/247_ax1.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} -
http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
(Support.com Configuration Class) -
http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yac
scom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) - http://software-
dl.real.com/01025a9b0a628aa02801/netzip/RdxIE601.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.75/webplugin.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} -
http://download.microsoft.com/download/vizact2000/Install/
10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo!
Photos Easy Upload Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydro
pper/ydropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235

Thank you. I was having problems with my homepage trying

to go to a place called www.bluezipper.com. I have posted
it there and they seemed to help me out. Thanks.

 

[Kelly]

Most welcome and hope you get it solved.

-----Original Message-----
Hijack This could have cleared this for you. For the most part, it doesn't
look all that bad. You have a few things to clean, but without knowing what
your issues are, post your log file here: http://tomcoyote.org/forums/

Logfile of HijackThis v1.97.7
Scan saved at 11:36:01 PM, on 2/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\BellSouth\Connection Tool\IPMon32.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\BellSouth\Connection Tool\IPClient.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matthew Draughn\Local
Settings\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.bluezipper.com/hphelper.php?
home=http://home.bellsouth.net/&marker=217679420&install_d
ate=unknown&country=unknown&siteid=247_AX1&ip=127.0.0.1&zi
p=unknown&cty=unknown&gender=unknown&month=unknown&date=un
known&year=unknown&income=unknown&city=unknown&state=unkno
wn&firstname=unknown&lastname=unknown
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/
ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/y
msgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,Shellnext = http://www.emachines.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-
BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4- B683-
905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1
\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1
\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1
\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program
Files\BellSouth\Connection Tool\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program
Files\BellSouth\Connection Tool\IPMon32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32
\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [uoltray] C:\Program
Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1 \MATTHE~1
\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program
Files\McAfee\McAfee Shared Components\Guardian\"
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP -
C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Si&milar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/ch
at.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://mx253.sb03.com/apps/softsearch/247_ax1.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} -
http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
(Support.com Configuration Class) -
http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo!
Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yac
scom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) - http://software-
dl.real.com/01025a9b0a628aa02801/netzip/RdxIE601.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.75/webplugin.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} -
http://download.microsoft.com/download/vizact2000/Install/
10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo!
Photos Easy Upload Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydro
pper/ydropper1_1us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B42143E-CB24-
4022-93D2-6F7102360B6F}: NameServer = 205.152.132.23
205.152.132.235

Thank you. I was having problems with my homepage trying

to go to a place called www.bluezipper.com. I have posted
it there and they seemed to help me out. Thanks.