[fcpo]

Could someone take a look at this and tell me if there is something there that shouldn't be. Have run all the recommended sooftware but system still does not seem to be working properly. When logged on after a bit any new address I punch into IE address bar come back saying "cannot find server".

Logfile of HijackThis v1.97.7
Scan saved at 1:36:14 PM, on 27/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\BCMSMMSG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ns.sympatico.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ns.sympatico.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ns.sympatico.ca/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Canada Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Administrator"
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Administrator"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Canada Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC782A97-2FD9-44E1-868E-6A8C10D09285}: NameServer = 142.177.129.11 142.177.1.2

Thanks as always.

FCPO

 

[fcpo]

Does the lack of a response mean it's ok.

Thanks

FCPO

 

[Byteman]

Hi, I don't see anything wrong in the log. You have a good number of apps guarding things....

If you have anything turned off using msconfig or similar task program, we might not be seeing everything, though.

 

[fcpo]

Byteman,

Thank you appreciate the time. No have nothing turned off. Is there some place I can start to understand some of the things you people look for when you see a HiJack program, or is it just a matter of reading everything as it gets posted here i.e. experience.

Again thanks for the time.

FCPO

 

[$teve]

We use you guys as guinee pigs
Just takes time and experience and learning/knowing what to use and advise.......after a while you find you are doing HijackThis logs in your sleep
Just spend time in the security forum and see how things work.

 

[fcpo]

Steve,

Thanks. Hate doing something without knowing why. Will start monitoring.

Again thanks

FCPO

 

[raybro]

Hi fcpo... If you are interested in learning about interpretation of HJT logs, here are a couple of good places to start.

HJT Tutorial

HJT Tutorial 2

This site has what they call "Boot Camp" where they post sample logs for you to analyze and then experts give you feedback on how you do. You must register to participate.

Be aware this is no simple process. Aside from the fact the threat is constantly evolving, HJT log encompasses just about everything that can go wrong on a computers OS. Virus, spyware, hijack, trojans... you name it and HJT will generally indicate it. Some can be real subtle and difficult to pick out. There is even some intuitive aspects to interpretation. Mainly, it's just experience.

The links above do nothing more than provide the basics. Learning the ins and outs is a matter of desire and skill. This is something akin to being a medical doctor... You are in school forever.

 

[$teve]

You will also become very sad and withdrawn in your home and social life......you will atempt to converse with people who have no idea or interest in what your talking about and at parties or family gatherings...as you explain the fascination of yet another new CWS variant at the dinner table..... you will be as welcome as aunt maude and uncle walters prayer and tamborine evenings.
But your friends here will think your cool

 

[fcpo]

raybro,

Thanks. As is aid hate doing things without understanding why and like anything else in life, "if it's worth doing it's worth spending the time to do it right.

Will start reading. As for "boot camp" spent 36 yrs in the Canadian Navy, so "boot camp" is not new.

Again appreciate all the advice.

FCPO

 

[raybro]

$teve... TRUE STORY.

HJT is indeed a whole different world all it's own. The average user simply has NO idea what I'm talking about. I've quit talking about it in social gatherings because people were starting to think I was obsessing (maybe I was/am ).

The good news is when one of my friends or relatives has some kind of really weird thing happen on their computer, I'm the one they call for advice/help (that IS good, isn't it? ).

I really do get a great amount of satisfaction from helping others understand what is going on with their PC's and get them up and running again. To date I have 6 friends and relatives "Customers" (non paying, of course) that I keep their systems tweaked and tuned. My daughter calls me her "Computer Wizard". Nice to hear even if it's not true. Everything is truly relative.

 

[Flrman1]

On a side note Ray:

 

[raybro]

Thanks, Mark. 'preciate the thought. Mixed feelings about this one.

On the one hand, I'm glad to have made it to 65 and still have a reasonably healthy mind and body...

On the other hand... DAMN, I'm 65 !!!!

I'm a little amazed at the whole idea.

Reality has me losing my old HMO medical insurance and going on Medicare.

 

[Flrman1]

Well here's to at least 20 more healthy happy years Ray!

Cheers! :up:

 

[raybro]

Lets see 65 plus 20... That's ummm... uhhhh... YEAH 106!!! Now that I know when I'm going I can plan on going out with 5¢ in cash and all my credit cards maxed out. Sounds like a plan...