# homepage problems....t.rack.cc/hp.php



## KellyCL (Jan 13, 2004)

we had problems, we ran CWShredder it seemed to have worked and now it is back, we ran hijack this. below is the log that we got any help that you can give is greatly appreciated.....thank you
Cathy

Logfile of HijackThis v1.97.7
Scan saved at 9:21:53 AM, on 1/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\Program Files\Bargain Buddy\bin2\bargains.exe
C:\WINDOWS\apqhgdsb.exe
C:\WINDOWS\msbb.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\WINDOWS\WindowsUpd4.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
C:\WINDOWS\cawkfydq.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\WINDOWS\System32\rpctbpso.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\Documents and Settings\Megan Kelly\Application Data\DownloadPlus.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Megan Kelly\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O2 - BHO: (no name) - {7EC506C2-4AEE-77B9-FCAE-DDAE7D043CAF} - C:\WINDOWS\system32\ouxssoci.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin2\apuc.dll
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\System32\ssurf022.dll
O2 - BHO: (no name) - {FDACE07C-1BCA-C3E6-BCE6-CA8C9ECDBA6D} - C:\WINDOWS\system32\ktfrkfgf.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [rgffagyw] C:\WINDOWS\apqhgdsb.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\msbb.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\System32\SSUpdate.exe
O4 - HKLM\..\Run: [CIPSYFMS] C:\WINDOWS\CIPSYFMS.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [WindowsUpd] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [PLV] C:\WINDOWS\PLV.exe
O4 - HKLM\..\Run: [FPK] C:\WINDOWS\FPK.exe
O4 - HKLM\..\Run: [DKQXAHNUB] C:\WINDOWS\DKQXAHNUB.exe
O4 - HKLM\..\Run: [zthxcfme] C:\WINDOWS\cawkfydq.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\rpctbpso.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Megan Kelly\Application Data\DownloadPlus.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O11 - Options group: [CommonName] CommonName
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6180ADE2-084F-B0E8-8C0F-150845BF1B73} (DownloadUL Class) - http://public.searchbarcash.com/cab/014/wkzgcnny.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF7E05D5-6DDF-45D0-86AB-56428B9F136C}: NameServer = 209.204.64.2 209.204.64.3


----------



## Flrman1 (Jul 26, 2002)

Hi KellyCL

Welcome to TSG! 

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread". It get's too confusing trying to address two different people's problem in the same thread.

Go here http://www.lavasoftusa.com/support/download/ and download
Adaware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right corner and click on "Check for updates now" and download the latest referencefiles.

Make sure the following settings are made and on -------"ON=GREEN"

From main window :Click "Start" then " Activate in-depth scan (recommended)"

Click "Use custom scanning options" then click "Customize" and have these options selected: Under "Drives and Folders" put a check by "Scan within archives" and below that under "Memory and Registry" put a check by all the options there.

Now click on the "Tweak" button in that same window. Under "Scanning engine" select "Unload recognized processes during scanning" and under "Cleaning Engine" select "Let windows remove files in use at next reboot"

Click "proceed" to save your settings.

Now to scan just click the "Next" button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose "select all" from the drop down menu and click "Next")

Restart your computer.

Then go here http://spybot.eon.net.au/index.php?lang=en&page=download and download Spybot Search & Destroy.

Install the program and launch it.

Before scanning press "Online" and "Search for Updates" .

Put a check mark at and install all updates.

Click "Check for Problems" and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer.

Come back here and post another Hijack This log and we'll get rid of what's left.


----------



## KellyCL (Jan 13, 2004)

I am sorry for not starting a new thread... I understood but am at work instructing my daughter before she leaves for classes. and I am not sure if replying to this is on the other thread or the old one... I am so green to all this. and I am not sure I know how to start a new thread... so sorry... I am sure you just love people like us that know just enough to get into trouble. 

if I am on the old thread please let me know how to get to the right one. I am very grateful for any and all help. I have tried to help myself but as you can figure it didn't work. 

I will have to try your instructions when we get home tonight. it sounds complicated to me... but am assuming if I go one step at a time it will make sense. 

I wish I understood what they think they will accomplish with this mess... at this point when we get on, the pop-up windows over whelms my computer and they are all blank... you can't close them as fast as they open... and we have to shut down... so I can't see the stupid advertisements in the first place and If I could I wouldn't patronize them for the nuisance they cause.... 

sorry venting... not sure if I got rid of T.rack... but they were even changing my favorites to porn sites... got to love that one #$%&##@! sorry again... venting... 

Most of all thank you for your quick reply.... I will get on it as soon as I can, I am afraid it is to much to ask her before she leaves for class... and thinking maybe two heads are better than one.

thank you again!


----------



## Flrman1 (Jul 26, 2002)

We're still in the wrong thread!  That's not your fault though, I must have forgot to split it. I'll do that now. See we all need a little help now and then. 

It's not all that complicated. Just take your time. We''ll have you back to normal in no time. 

Don't forget to post another Hijack This log when you're finished with those steps.

I'll be sure to split the thread this time. When you recieve the email notifiction of this reply, the link in the email will take you to the new location of your thread.

Good luck! :up:


----------



## KellyCL (Jan 13, 2004)

hi thanks... 

I still can find how to start a new thread... tried to find the new post button but haven't. But for now I don't need that. 

I'll have to figure that out later.

had an attack last night gave up and tried this morning.

went to lavasoft.... and added adware6 build 181 and I have a file on my computer that says reflist.ref, REF file 759KB

but I can't open it. says it needs to know the program that started it.

not sure what to do there and don't want to make a mistake and not be able to get into it again... nuff trouble if you know what I mean. I will be at work till tonight.... so I won't be able to do more till then.

thanks Catherine


----------



## dvk01 (Dec 14, 2002)

You have just downloaded the latest update & not the whole program

onn that page

below where you downloaded the update is this 
Full install
Ad-aware 6 from Majorgeeks.com | 1.7 mb 
Ad-aware 6 from FileForum | 1.7 mb 
Ad-aware 6 from PcWorld | 1.7 mb 
Ad-aware 6 from Tucows | 1.7 mb 
Ad-aware 6 from Download.com | 1.7 mb 
Ad-aware 6 from Wyvernworks | 1.7 mb 
Ad-aware 6 from NetworkingFiles | 1.7 mb 
Ad-aware 6 from Viareggiochile | 1.7 mb 
Ad-aware 6 from Cybertech Help | 1.7 mb 
Ad-aware 6 from Techconnect | 1.7 mb

just click on any one of them from this page and you will download the full program

http://www.lavasoftusa.com/support/download/


----------



## KellyCL (Jan 13, 2004)

Firman1

I've downloaded Adaware... but hit scan before I read about checking the buttons and saving any settings... help Iam looking at scan results can you tell me if I am okay or did i mess up and/or can I back up?

Thanks for any help... Catherine


----------



## Flrman1 (Jul 26, 2002)

Go ahead and fix whatever it found then run it again according to the settings I gave you.


----------



## KellyCL (Jan 13, 2004)

did that now downloading search and distroy.... 
Hi Flrman,

you all must have angle wings... and to top it off you put up with people like me... 

it is going easier than I thought ... sounded so confusing... after this loads I'll run hijack unless I need help finding it on my computer... 

by the way... we have partitions on our computer do I have to repeat this process for each partition?

thank you so much...


----------



## Flrman1 (Jul 26, 2002)

Just make sure you scan all drives with Adaware and Spybot.


----------



## KellyCL (Jan 13, 2004)

Okay I did it 

here is my currant hijack log

Logfile of HijackThis v1.97.7
Scan saved at 11:13:28 PM, on 1/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\WINDOWS\apqhgdsb.exe
C:\WINDOWS\cawkfydq.exe
C:\Program Files\Online Services\aim.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wsxrhucy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Catherine Kelly\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7EC506C2-4AEE-77B9-FCAE-DDAE7D043CAF} - C:\WINDOWS\system32\ouxssoci.dll
O2 - BHO: (no name) - {DDBE63F9-DEBD-5CEE-60C9-52E7CABD68AF} - C:\WINDOWS\system32\yufzbgsv.dll
O2 - BHO: (no name) - {FBCB2EF3-9242-B798-9ADF-D47BC0A32308} - C:\WINDOWS\system32\bywgrjbq.dll
O2 - BHO: (no name) - {FDACE07C-1BCA-C3E6-BCE6-CA8C9ECDBA6D} - C:\WINDOWS\system32\ktfrkfgf.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [rgffagyw] C:\WINDOWS\apqhgdsb.exe
O4 - HKLM\..\Run: [zthxcfme] C:\WINDOWS\cawkfydq.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\wsxrhucy.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\Online Services\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF7E05D5-6DDF-45D0-86AB-56428B9F136C}: NameServer = 209.204.64.2 209.204.64.3


----------



## Flrman1 (Jul 26, 2002)

Some of the files we are going to delete may be hidden files so click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
Click "Apply" then "OK"

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

*O2 - BHO: (no name) - {7EC506C2-4AEE-77B9-FCAE-DDAE7D043CAF} - C:\WINDOWS\system32\ouxssoci.dll

O2 - BHO: (no name) - {DDBE63F9-DEBD-5CEE-60C9-52E7CABD68AF} - C:\WINDOWS\system32\yufzbgsv.dll

O2 - BHO: (no name) - {FBCB2EF3-9242-B798-9ADF-D47BC0A32308} - C:\WINDOWS\system32\bywgrjbq.dll

O2 - BHO: (no name) - {FDACE07C-1BCA-C3E6-BCE6-CA8C9ECDBA6D} - C:\WINDOWS\system32\ktfrkfgf.dll

O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [rgffagyw] C:\WINDOWS\apqhgdsb.exe

O4 - HKLM\..\Run: [zthxcfme] C:\WINDOWS\cawkfydq.exe

O4 - HKLM\..\Run: [] c:\WINDOWS\System32\

O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\wsxrhucy.exe

O4 - HKCU\..\Run: [] c:\WINDOWS\System32\*

Restart to safe mode and delete:

The C:\WINDOWS\System32\*wsxrhucy.exe* file
The C:\WINDOWS\*cawkfydq.exe* file
The C:\WINDOWS\*apqhgdsb.exe* file
The C:\WINDOWS\System32\*P2P Networking* folder

How to start your computer in safe mode.


----------



## KellyCL (Jan 13, 2004)

Okay I did it all ....... I am concerned that the exe files didn't have the exe extention... they are still in my recycle bin if I need to put them back. 

Please let me know... after this I am tired and am going to bed.... just am afraid the files are wrong.... 

and I want to thank you... you really must have angle wings and you have stayed with me through this whole thing... 

Bless you.


----------



## Flrman1 (Jul 26, 2002)

The reason they are not showing the file extension is that you have "Hide extensions for known file types" checked in Folder Options. Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Hide extensions for known file types" is not checked. If it is uncheck it and you will see the .exe extension.


----------



## KellyCL (Jan 13, 2004)

Good morning... it is snowing here and cold... hope it is warmer where you are.

I am at work now... but I think I did that, but will double check when I get home. Would have tried to get into it this morning but my son went to the bus stop and came home so I spent that time finding out if his school was opening on time or late..... 

Again thanks for your help.... those files are still in my recycle bin until I am sure. any way will get back into it when I get home.... 

about the partitions... you might think I am nuts asking this but before I found you guys and was doing the best that I could on my own... I discovered that I could find things in the 4 partitions and had to remove them too... figured they were migrating between the partitions. 

now you know just how little I know.


----------

