Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - rudy33

Pages: [1]

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

« on: May 13, 2005, 06:05:40 AM »

It seem to run great now. No more J?vaw.exe trying to access the internet and no message when windows start "no disk found" I have also deleted alot of the applets for pogo games and yahoo - as yahoo is no longer on my computer.

Thank you sooooo much..........

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

« on: May 12, 2005, 08:20:59 PM »

I think I found it - apparently it was hidden.

export.bat results

Volume in drive C is LOCAL DISC
Volume Serial Number is F843-4E75

Directory of C:\WINDOWS\System32

05/17/02 06:04 PM 20,555 javaw.exe
1 File(s) 20,555 bytes

Directory of C:\Documents and Settings\Ruth McGrath\Desktop

Results of hijack this

Logfile of HijackThis v1.99.1
Scan saved at 9:14:32 PM, on 05/12/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLServiceHost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Documents and Settings\Ruth McGrath\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102125364\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.37/aces...s-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.27/cana...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.1.27/chec...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.41/chec...g-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/soli...2-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.27/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.27/harv...t-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.28/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.27/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.0.30/lott...o-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.34/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.30/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.2.25/popf...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.0.30/popp...2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.1.29/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.1.27/turb...1-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/worl...s-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - http://eformrs.com/FormOpen/RSFormsTV.cab
O16 - DPF: {0306F7BC-8EFB-4280-8512-461037071EBA} - http://undergroundlair.net/ph/pup.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - http://eformrs.com/FormOpen/Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {2EC07293-4DF5-11D5-992B-0001020FC1FC} (RSCompConvClient Class) - http://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - http://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://gosystemrs.fasttax.com/OCX/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - http://gosystemrs.fasttax.com/OCX/WebAttachments.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - http://gosystemrs.fasttax.com/OCX/webnotifier.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - http://gosystemrs.fasttax.com/OCX/Downloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://gosystemrs.fasttax.com/OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - http://gosystemrs.fasttax.com/OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - http://gosystemrs.fasttax.com/OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - http://eformrs.com/FormOpen/RSFormsDP.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://gosystemrs.fasttax.com/OCX/GRSClient2003/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) - http://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://gosystemrs.fasttax.com/OCX/vsflex7.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.Email Removed/onlinegames/bejewele...aploader_v7.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EEF6D730-3A44-11D4-B510-0050DA74F688} - http://eformrs.com/RSFConvert.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...453/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

« on: May 12, 2005, 05:22:28 AM »

I have looked through my system 32 folder for any file that is approx in size or date and can not find anything. I am still getting the firewall flag for J?vaw.exe so I know it has to be there somewhere but I can't locate anything that is an .exe file with 400 - 480kb with a date remotely close to 3/17/02. I am very frustrated.

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

« on: May 10, 2005, 04:56:54 AM »

Good morning..
\
I've restarted in safemode and looked for the j?vaw.exe file and could not find - I even looked for an exe file with a date of 3/17/05 - then an .exe with 408kb that started with a "j". Could not locate the "bad guy". Is there another way

?

I feel like sherlock - although your the brains...

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

« on: May 09, 2005, 06:42:02 PM »

oK - done what you asked and here is the export.bat

Volume in drive C is LOCAL DISC
Volume Serial Number is F843-4E75

Directory of C:\WINDOWS\System32

05/17/02 06:04 PM 20,555 javaw.exe
03/17/05 10:08 AM 417,792 j?vaw.exe
2 File(s) 438,347 bytes

Directory of C:\Documents and Settings\Ruth McGrath\Desktop

Here is new Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 7:29:49 PM, on 05/09/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLHOS~1.EXE
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Documents and Settings\Ruth McGrath\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102125364\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.37/aces...s-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.27/cana...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.1.27/chec...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.41/chec...g-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/soli...2-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.27/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.27/harv...t-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.28/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.27/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.0.30/lott...o-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.34/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.30/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.2.25/popf...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.0.30/popp...2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.1.29/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.1.27/turb...1-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/worl...s-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - http://eformrs.com/FormOpen/RSFormsTV.cab
O16 - DPF: {0306F7BC-8EFB-4280-8512-461037071EBA} - http://undergroundlair.net/ph/pup.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - http://eformrs.com/FormOpen/Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {2EC07293-4DF5-11D5-992B-0001020FC1FC} (RSCompConvClient Class) - http://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - http://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://gosystemrs.fasttax.com/OCX/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - http://gosystemrs.fasttax.com/OCX/WebAttachments.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - http://gosystemrs.fasttax.com/OCX/webnotifier.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - http://gosystemrs.fasttax.com/OCX/Downloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://gosystemrs.fasttax.com/OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - http://gosystemrs.fasttax.com/OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - http://gosystemrs.fasttax.com/OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - http://eformrs.com/FormOpen/RSFormsDP.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://gosystemrs.fasttax.com/OCX/GRSClient2003/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) - http://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://gosystemrs.fasttax.com/OCX/vsflex7.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.Email Removed/onlinegames/bejewele...aploader_v7.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EEF6D730-3A44-11D4-B510-0050DA74F688} - http://eformrs.com/RSFConvert.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...453/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

« on: May 07, 2005, 09:02:29 PM »

Here is the 2nd log file after deleting and scanning as you instructed me to do. I apologize for not seeing your request for Export.bat. I am not sure what or where the CODE section that you want me to paste from.

Could not uninstall MIDADDLE - Unable to locate installation log file.

Still getting the errors when windows first opens "no disk found" about three or four -I just click continue and they eventually go awy.

Thank you so much for your help.

Logfile of HijackThis v1.99.1
Scan saved at 9:52:12 PM, on 05/07/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Ruth McGrath\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [C40yJ.exe] C:\documents and settings\olivia and becky\local settings\temp\C40yJ.exe
O4 - HKLM\..\Run: [4JATK3@4#AJHRM] C:\WINDOWS\system32\Voqv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102125364\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.37/aces...s-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.27/cana...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.1.27/chec...s-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/soli...2-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.27/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.27/harv...t-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.28/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.27/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.0.30/lott...o-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.34/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.30/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.2.25/popf...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.0.30/popp...2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.1.29/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.1.27/turb...1-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/worl...s-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - http://eformrs.com/FormOpen/RSFormsTV.cab
O16 - DPF: {0306F7BC-8EFB-4280-8512-461037071EBA} - http://undergroundlair.net/ph/pup.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - http://eformrs.com/FormOpen/Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {2EC07293-4DF5-11D5-992B-0001020FC1FC} (RSCompConvClient Class) - http://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - http://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://gosystemrs.fasttax.com/OCX/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/212fe581768d03...ip/RdxIE601.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - http://gosystemrs.fasttax.com/OCX/WebAttachments.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - http://gosystemrs.fasttax.com/OCX/webnotifier.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - http://gosystemrs.fasttax.com/OCX/Downloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://gosystemrs.fasttax.com/OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - http://gosystemrs.fasttax.com/OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - http://gosystemrs.fasttax.com/OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - http://eformrs.com/FormOpen/RSFormsDP.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://gosystemrs.fasttax.com/OCX/GRSClient2003/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) - http://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://gosystemrs.fasttax.com/OCX/vsflex7.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.Email Removed/onlinegames/bejewele...aploader_v7.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EEF6D730-3A44-11D4-B510-0050DA74F688} - http://eformrs.com/RSFConvert.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...453/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

« on: May 07, 2005, 02:19:08 PM »

Here is the list from uninstall file you requested..

Adobe Acrobat 5.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
ArcSoft Panorama Maker 3
ArcSoft PhotoImpression
Butterfly Oasis Screensaver
CardRd81
CCHelp
CCScore
CR2
DivX Codec
DivX Player
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
eSyndicate
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
hp instant support
hp officejet d series
HP Photo Printing Software
HP Share-to-Web
Information about your PC
Java 2 Runtime Environment Standard Edition v1.3.1_04
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.0 (Symantec Corporation)
Lords of the Realm III
Macromedia Shockwave Player
McAfee Personal Firewall Express
McAfee SecurityCenter
McAfee VirusScan
Medion Flash XL
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office 97, Professional Edition
Microsoft Picture It! Photo 7.0
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works Suite Add-in for Microsoft Word
midADdle
Mozilla Firefox (1.0.2)
MUSICMATCH Jukebox
NavHelper
Nero - Burning Rom
Network Play System (Patching)
Notifier
NVIDIA Display Driver
NVIDIA Drivers
OTtBP
OTtBPSDK
PCDLNCH
pdfFactory
Power Cinema
PowerDVD
PowerProducer
QuickTime
RealPlayer
Realtek AC'97 Audio
RIA PDF Output Driver
RIA-Speedlink
RS 2002 Client
RS 2003 Client
Secure Delivery
SEP
SFR
SFR2
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
Spybot - Search & Destroy 1.3
Super nude patch 5
TaxCut 2003
TaxCut 2004
The Sims Hot Date Object Organizer 1.0
The Sims Menu Editor
The Sims Unleashed
The super nude patch 4.0
VCAMCEN
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
VPRINTOL
WildArcade
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB885932
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Messenger Explorer Ba

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

« on: May 07, 2005, 11:46:42 AM »

I have a firewall that alerts me anytime a program is trying to access the internet. J?VAW.EXE will not stop so I probably should delet the program that its associated with. Can you please help me. I also have issues when starting window "disk not found" but do not know what disk - not sure if its associated with sound not working all the time. So I probably have many issues. I am running windows xp on Medion P4 with 2.4 mhz.

any guidance will be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:16:17 PM, on 05/07/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\110212~1\EE\AOLServiceHost.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\DOCUMENTS AND SETTINGS\RUTH MCGRATH\DESKTOP\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {EBE851B3-E029-C985-7231-C0A9499E5BE6} - C:\WINDOWS\system32\tckzl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [C40yJ.exe] C:\documents and settings\olivia and becky\local settings\temp\C40yJ.exe
O4 - HKLM\..\Run: [4JATK3@4#AJHRM] C:\WINDOWS\system32\Voqv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102125364\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.4.37/aces...s-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.5.21/blac...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.1.27/cana...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.1.27/chec...s-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/soli...2-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.27/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.27/harv...t-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.5.28/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.27/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.0.30/lott...o-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.34/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.0.30/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.2.25/popf...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.0.30/popp...2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.1.29/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/hold...m-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.1.27/turb...1-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.0.37/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/worl...s-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - http://eformrs.com/FormOpen/RSFormsTV.cab
O16 - DPF: {0306F7BC-8EFB-4280-8512-461037071EBA} - http://undergroundlair.net/ph/pup.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - http://eformrs.com/FormOpen/Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {2EC07293-4DF5-11D5-992B-0001020FC1FC} (RSCompConvClient Class) - http://gosystemrs.fasttax.com/OCX/comconv.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - http://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://gosystemrs.fasttax.com/OCX/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/212fe581768d03...ip/RdxIE601.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - http://gosystemrs.fasttax.com/OCX/WebAttachments.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - http://gosystemrs.fasttax.com/OCX/webnotifier.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - http://gosystemrs.fasttax.com/OCX/Downloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://gosystemrs.fasttax.com/OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - http://gosystemrs.fasttax.com/OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - http://gosystemrs.fasttax.com/OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - http://eformrs.com/FormOpen/RSFormsDP.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://gosystemrs.fasttax.com/OCX/GRSClient2003/setup.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) - http://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://gosystemrs.fasttax.com/OCX/vsflex7.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.Email Removed/onlinegames/bejewele...aploader_v7.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EEF6D730-3A44-11D4-B510-0050DA74F688} - http://eformrs.com/RSFConvert.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...453/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - rudy33

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED

Tech Clinic / POPUP J?VAW.EXE - HJT LOG ATTACHED