Hijack Log

[SahDu]

Hey guys. My girlfriend's computer has been running super slow (its a family computer) and she cant even open her user without it "freaking out" as she put it http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />. Here is her Hijack log. Thanks for all the help in advance!

Jeff

___________________________________

Logfile of HijackThis v1.99.1
Scan saved at 11:03:55 PM, on 4/9/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\enhupdt.exe
C:\windows\system32\ryaplen.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\windows\system32\packager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sierra\Planner\Plnrnote.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\AOL\1102870910\ee\AOLHostManager.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\AOL\1102870910\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Documents and Settings\Jill\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50212
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.c...3029754&id=1.00
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50212
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.c...3029754&id=1.00
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.c...3029754&id=1.00
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50212
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ryaplen] c:\windows\system32\ryaplen.exe
O4 - HKCU\..\RunServices: [Windows Generic Proc] procmsg.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email Removed/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab\' target=\'_blank\' rel=\'nofollow\'>http://download.av.Email Removed/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50212/QDow_AS2.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email Removed/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab\' target=\'_blank\' rel=\'nofollow\'>http://download.av.Email Removed/molbin/shared/m...,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{704F07CE-4164-4384-B0DF-EDF1E6A174F0}: NameServer = 192.168.1.1
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - WebSearch - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

[guestolo]

Hi again SahDu, we have to stop meeting like this  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

Can you do me a favor please
Open Hijackthis>>Open Misc tools section>>Open "Uninstall Manager"
Click the SAVE LIST button
Save this list too your desktop then copy and paste back here the whole contents please

[SahDu]

Hey there quest. As always, I much appreciate your help; you do a wonderful job in helping me fix my computer and I appreciate your complete willingness to do so. I apologize for the late reply, I havent been able to be on this computer for a while. Here is the Uninstall Manager log. Thanks!

Jeff

-------------------------------
Ad-aware 6 Personal
Adobe Acrobat Reader 3.01
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.5
AIM Toolbar
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Connectivity Services
AOL Deskbar
AOL Explorer
AOL Instant Messenger
AOL Toolbar 2.0
AOL You've Got Pictures Screensaver
ATI Display Driver
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CCHelp
CCScore
Classic PhoneTools
CodeStuff Starter
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Dell Digital Jukebox Driver
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Digital Line Detect
Easy CD Creator 5 Basic
Ebates Moe Money Maker
EPSON Copy Utility
EPSON Online Reference Guide
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN FB
Event Planner
Favorite Places
Hallmark Card Studio 2005
HijackThis 1.99.1
IE Help
IEC system
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
iPod Updater 2004-11-15
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 5
Kazaa Media Desktop 2.0.2
KSU
Learn2 Player (Uninstall Only)
LimeWire 4.9.37
Little Shop of Horrors  Screen Saver
LiveJournal 1.4.7-BETA2 (remove only)
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
MBKWBar - Toolbar
McAfee Personal Firewall Express
McAfee SecurityCenter
McAfee VirusScan
MediaLoads
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Greetings
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
Modem Helper
Music Visualizer Library 1.4.00
Musicmatch® Jukebox
My Sam's Club Digital Photo Center
Net MD Simple Burner
Network Play System (Patching)
OpenMG Limited Patch 3.1-02-10-22-01
OpenMG Limited Patch 3.1-02-10-22-02
OpenMG Limited Patch 3.1-02-12-04-01
OpenMG Secure Module 3.1
Outlook Express Q823353
Paint Shop Pro 7
PowerDVD
QuickTime
Radio@Netscape
Reading Blaster 3rd Grade
RealPlayer Basic
Recommended Hotfix - 421701D
Rtl8180
Savings Bond Wizard
ScanToWeb
SE Help
Search Basket
Search Function
Shockwave
Snood for Windows version 3.01-W
SonicStage 1.5.06
SoulSeek Client 156c
Spybot - Search & Destroy 1.4
The American Girls Dress Designer (tm)
The ClueFinders' 4th Grade Adventures
USB MassStorage CardReader
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebSearch Toolbar
Webshots Desktop
WildTangent Web Driver
Winad Client
Windows SR 2.0
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP2) [See Q329115 for more information]
Win-Tools Easy Installer (by WebSearch)
Yahoo! Toolbar

[guestolo]

Can you try the following please, let's see if we can stop this computer from freaking out  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

Download and Install
Ad-Aware SE Personal 1.06
When installing, allow it too remove your old version

Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer in SAFE MODE without networking
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

In safe mode
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- WebSeach Toolbar support NT service

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Do the same for the next one too
Win-Tools Easy Installer (by WebSearch)

Remain in safe mode
Access your add/remove programs via Control panel and remove all of the following that you can
Don't reboot even if prompted
Ebates Moe Money Maker
IE Help
IEC system
MBKWBar - Toolbar
MediaLoads
SE Help
Search Basket
Search Function
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebSearch Toolbar
WildTangent Web Driver
Winad Client
Windows SR 2.0
Win-Tools Easy Installer (by WebSearch)

Stay in safe mode
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Find and delete the following files or folders if found
FILES
c:\windows\system32\ryaplen.exe
C:\WINDOWS\enhupdt.exe

FOLDERS
C:\Program Files\MBKWBar
C:\Program Files\Toolbar
C:\Program Files\Common Files\WinTools

If you are controlling Startup entries with msconfig or with CodeStuff's Starter
Please enable everything to run on startup, I want to see everything in your Hijackthis log
Don't reboot the computer after they are enabled yet

Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Reboot back to Normal mode

Back in Windows
Can you post back a fresh hijackthis log please
We'll still have more to do, but that will be a great start