dunerider5

Just bought this laptop, I could not believe how much crap was on it.

Logfile of HijackThis v1.99.1
Scan saved at 4:12:11 AM, on 8/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\cisvc.exe
C:\WINNT\IA\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WinServices.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\WinServices.exe
C:\WINNT\System32\WinServices.exe
D:\JR\HIJACK~7\HIJACK~2.EXE
C:\WINNT\System32\WinServices.exe

F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinServices] C:\WINNT\System32\WinServices.exe
O4 - HKLM\..\RunServices: [WinServices] C:\WINNT\System32\WinServices.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25EE7E11-8595-4090-8E08-0D682B9D9961}: NameServer = 85.255.113.132,85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DE28D0B-44B9-4829-9B17-CF72DE7574E9}: NameServer = 85.255.113.132,85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{7670673E-14CD-472D-9A78-5166D48B0AF6}: NameServer = 85.255.113.132,85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{827FD83E-EE6D-4FC8-95BD-27F84B6C4F19}: NameServer = 85.255.113.132,85.255.112.84
O20 - Winlogon Notify: NetCache - C:\WINNT\system32\lppng90n.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\IA\command.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSER~1.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)

cell4me

Yep you have a few nastys...download ewido here http://www.softpedia.com/get/Antivir...ty-Suite.shtml After you download it update the definitions and reboot into safemode by holding down the f8 key at startup. Now run ewido and fix what it finds and save report in a file you will remember and copy and paste that report in this thread along with a new hijackthis log.