|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
05-17-2005, 12:46 PM
|
#1 |
|
Member (1 bit)
Join Date: May 2005
Posts: 1
|
Pleeeeease Help Me!!!!!!!!!!
Can someone please help me???
I cannot even connect to the internet with my sons computer because if I do...within 1 minute I will have 90-100 pop-ups open. I also notice that when I start up, there are 2 mysterious programs running..."Bman" an "Bman1". Here is a Hijack This log. Thanks in advance to anyone willing to help me! Logfile of HijackThis v1.98.2 Scan saved at 1:38:14 PM, on 5/17/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\RUNDLL32.exe C:\windows\system32\xncusbht.exe C:\WINDOWS\System32\exp.exe C:\WINDOWS\System32\wintask.exe C:\WINDOWS\SysCheckBop32.exe C:\WINDOWS\sys02878994366-1.exe C:\Program Files\AutoUpdate\AutoUpdate.exe C:\windows\system32\calc.exe C:\WINDOWS\System32\pacis.exe C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\Media Access\MediaAccess.exe C:\WINDOWS\System32\orevc\kkoxf.exe C:\WINDOWS\System32\akyi\kwrsqsp.exe C:\PROGRA~1\Toolbar\TBPS.exe C:\WINDOWS\System32\flxahgju\ujmmgqo.exe C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe C:\WINDOWS\System32\rnrtcuiu.exe C:\WINDOWS\System32\Kbyrhb.exe C:\WINDOWS\system\ogcwoocs.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\Toolbar\PIB.exe C:\WINDOWS\System32\remptui.exe C:\Program Files\MBKWBar\TManager.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\CxtPls\CxtPls.exe C:\Program Files\Common Files\WinTools\WSup.exe c:\PROGRA~1\Toolbar\radio.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsb76.dll O2 - BHO: (no name) - {D00BE136-258C-2B24-8B9A-7BA2D9A66FED} - C:\WINDOWS\System32\itbkiuhe.dll O2 - BHO: (no name) - {D00BE144-25F9-2F50-8BEA-72A2ACD56F9B} - C:\WINDOWS\System32\itbkiuhe.dll O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O3 - Toolbar: Microbuddy - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16 O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKLM\..\Run: [xncusbht] c:\windows\system32\xncusbht.exe O4 - HKLM\..\Run: [qqb8ppyv] C:\Program Files\qqb8ppyv\qqb8ppyv.exe O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitenbw32.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32 O4 - HKLM\..\Run: [sys02878994366-1] C:\WINDOWS\sys02878994366-1.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [kkoxf] C:\WINDOWS\System32\orevc\kkoxf.exe O4 - HKLM\..\Run: [ovexlubp] C:\WINDOWS\System32\icohq\ovexlubp.exe O4 - HKLM\..\Run: [cielt] C:\WINDOWS\System32\ucyypck\cielt.exe O4 - HKLM\..\Run: [kwrsqsp] C:\WINDOWS\System32\akyi\kwrsqsp.exe O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe O4 - HKLM\..\Run: [ujmmgqo] C:\WINDOWS\System32\flxahgju\ujmmgqo.exe O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [w76X3nU] rnrtcuiu.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Zbprus.exe O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Kbyrhb.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [riof] C:\PROGRA~1\COMMON~1\riof\riofm.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [hwp7RhY3U] remptui.exe O4 - HKCU\..\Run: [MBKWBarManager] C:\Program Files\MBKWBar\TManager.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenu...AutoLaunch.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093358748952 O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {FD5A684E-B2FE-4039-9068-48CF8B740E14} (LOSInterface.LOSIface) - http://www.novastaris.com/export/LOSInterface.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = novastarhomemortgage.local O17 - HKLM\Software\..\Telephony: DomainName = novastarhomemortgage.local O17 - HKLM\System\CCS\Services\Tcpip\..\{799B93CF-87C9-4CD6-9CA8-6D6723B1ABC2}: NameServer = 10.172.20.7 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = novastarhomemortgage.local O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll |
|
|
|
05-17-2005, 01:10 PM
|
#2 |
|
Member (11 bit)
Join Date: Dec 2001
Location: Shakopee MN
Posts: 1,293
|
Welcome to PC MEch,
I'd start by following the advice here: http://forum.pcmech.com/showthread.php?t=103171 Quite frankly you have two options here 1) back up any documents and as they say "nuke and pave" the hard drive - meaning that you wipe all files and reinstall the operating system and programs that you do want, install a firewall and anti virus program then hook up to the internet, or 2) try to fix everything with the knowledge that there is a chance that you will end up at #1anyway. I would at least try the suggestions in the first link and then repost a new HJ this log to see how far we have come. Random google'ing of items at the end of the lines yielded the items below. farmmext.exe = http://www.liutilities.com/products/...rary/farmmext/ BMan1.exe = http://www.bleepingcomputer.com/star....exe-8069.html VirtualBouncer.exe = http://sarc.com/avcenter/venc/data/a...albouncer.html
__________________
Never Argue With An Idiot. They'll Drag You Down To Their Level And Then Beat You With Experience. |
|
|
|
|
05-17-2005, 02:25 PM
|
#3 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,186
|
Please do not post HijackThis logs without reading the above referenced thread in its entirety, that is why it's a "sticky" in this forum. All forums that analyze HJT logs have similar requirements.
- Moderator - |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
