Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Log, Please Search


  • This topic is locked This topic is locked
4 replies to this topic

#1 dcanoli

dcanoli

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:37 PM

Posted 17 July 2004 - 12:21 AM

We're giving my Mother one of our old PCs, and I've run HJT. Here's the log. Please let me know if you see anything that can be deleted. I may not be able to get back on for a few days, but I will try! Thanks!

Logfile of HijackThis v1.98.0
Scan saved at 12:08:10 AM, on 07/17/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\IBMAV95\TRYICN95.EXE
C:\IBMAV95\IAVTIM95.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\LOTUS\WORDPRO\LTSSTART.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\4TYJYZ0T\CWSHREDDER[1].EXE
C:\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\ICD1.TMP\JINSTALL.EXE
C:\WINDOWS\TEMP\JINSTALLER142_05.EXE
C:\WINDOWS\TEMP\JAV106.TMP.EXE
C:\WINDOWS\SYSTEM\MSIEXEC.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\7STLDEXY\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.terafinder.com/?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.terafinder.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soapcentral.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.samsclub.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.terafinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.terafinder.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.terafinder.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.terafinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.terafinder.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
F1 - win.ini: run=C:\IBMAV95\TRYICN95.EXE C:\IBMAV95\IAVTIM95.EXE
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Excite PAL] c:\Program Files\Excite PAL\pal.exe
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
O4 - HKCU\..\Run: [McAfee Instant Update Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "c:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Startup: Crystal 3D Audio Control.LNK = C:\WINDOWS\CWB3DSND.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\nsched32.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O12 - Plugin for .ppz: C:\PROGRA~1\NETSCAPE\NAVIGA~1\PROGRAM\PLUGINS\npsurge.dll
O12 - Plugin for .avi: C:\INTERN~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.samsclub.att.net
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://w1.country.com:6680/chat/data/html/...sie/msichat.ocx
O16 - DPF: {92F8B107-5F41-11D0-9E09-0000F64159CF} (PIDLoadCtl Class) - http://enroll-isp.prodigy.net/isp/client_c...b88/pidload.dll
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {873237C3-C440-11CF-B4B6-00A02429C7EF} (MbedControl Object) - http://www.etonline.com/ETContent/mbedctrl.cab
O16 - DPF: {C990A33E-18EE-11D1-A2CA-00C04FB953BB} (Microsoft PIDFetch Control) - http://activex.microsoft.com/controls/mscom/PidFetch.cab
O16 - DPF: {E463D5F0-1297-11D1-9134-00A024423190} (Intuit Internet Data Control) - http://classic.quicken.com/iechannel/ocx/qcomtool.ocx
O16 - DPF: {2F09FE00-B790-11D1-8157-00A0C90DD90C} (MSNBC News Browser Control 2.3) - http://www.msnbc.com/tools/newsbrowser/nb0330.cab
O16 - DPF: {7AEB674E-4089-11D1-93F0-00A0241763CD} (CouponDown Class) - http://www2.coolsavings.com/download/CouponX.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/activex/contr...eb/ikcntrls.cab
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.microsoft.com/activex/contr...si/mcsimenu.cab
O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.msnbc.com/download/nm0713.cab
O16 - DPF: {BD1F006E-174F-11D2-95C0-00C04F9A8CFA} (SurveyCtl Class) - http://activex.microsoft.com/controls/mtswizards/Survey.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installfromtheweb.com/install/iftwclix.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://www.expressit.com/Plugin/3DGreetings/PlayerX.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi....4.2.block2.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://dcu.egain.net/wcsapp/weblib/Javascr...g/ie/SecMgr.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:37 PM

Posted 17 July 2004 - 10:41 AM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.terafinder.com/?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.terafinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.terafinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.terafinder.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.terafinder.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.terafinder.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.terafinder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.terafinder.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=C:\IBMAV95\TRYICN95.EXE C:\IBMAV95\IAVTIM95.EXE
O4 - HKCU\..\Run: [Excite PAL] c:\Program Files\Excite PAL\pal.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O13 - WWW. Prefix: http://


Reboot your computer to go back to normal mode and then do the following:


Please download VXFInder9x from :

http://www.downloads.subratam.org/VX2Finder9x.exe

This is for Windows 98*Grinler Only.


Please run this program and click on the button Click to find VX2.Betterinternet.

If any items are listed, select all the files and delete them all by clicking on the Delete these files

Then click on the User Agent$ button.

If you have the Quicklaunch toolbar, you can click on the Import Reg button.

#3 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:37 PM

Posted 23 July 2004 - 06:41 PM

Here's the new log. Let me know what you think should be taken out. Thanks! Debbie
********
Logfile of HijackThis v1.98.0
Scan saved at 1:47:15 PM, on 07/23/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\SYMNETDRV\SNDWARN.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soapcentral.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.samsclub.att.net
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWARN.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] c:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .ppz: C:\PROGRA~1\NETSCAPE\NAVIGA~1\PROGRAM\PLUGINS\npsurge.dll
O12 - Plugin for .avi: C:\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.samsclub.att.net
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://w1.country.com:6680/chat/data/html/...sie/msichat.ocx
O16 - DPF: {92F8B107-5F41-11D0-9E09-0000F64159CF} (PIDLoadCtl Class) - http://enroll-isp.prodigy.net/isp/client_c...b88/pidload.dll
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {873237C3-C440-11CF-B4B6-00A02429C7EF} (MbedControl Object) - http://www.etonline.com/ETContent/mbedctrl.cab
O16 - DPF: {C990A33E-18EE-11D1-A2CA-00C04FB953BB} (Microsoft PIDFetch Control) - http://activex.microsoft.com/controls/mscom/PidFetch.cab
O16 - DPF: {E463D5F0-1297-11D1-9134-00A024423190} (Intuit Internet Data Control) - http://classic.quicken.com/iechannel/ocx/qcomtool.ocx
O16 - DPF: {2F09FE00-B790-11D1-8157-00A0C90DD90C} (MSNBC News Browser Control 2.3) - http://www.msnbc.com/tools/newsbrowser/nb0330.cab
O16 - DPF: {7AEB674E-4089-11D1-93F0-00A0241763CD} (CouponDown Class) - http://www2.coolsavings.com/download/CouponX.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/activex/contr...eb/ikcntrls.cab
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.microsoft.com/activex/contr...si/mcsimenu.cab
O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.msnbc.com/download/nm0713.cab
O16 - DPF: {BD1F006E-174F-11D2-95C0-00C04F9A8CFA} (SurveyCtl Class) - http://activex.microsoft.com/controls/mtswizards/Survey.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installfromtheweb.com/install/iftwclix.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://www.expressit.com/Plugin/3DGreetings/PlayerX.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi....4.2.block2.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://dcu.egain.net/wcsapp/weblib/Javascr...g/ie/SecMgr.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:37 PM

Posted 24 July 2004 - 12:16 AM

Well the machine is clean now which is great. I will reccomend some items to remove that will free up some resources.

Fix these:

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)


Now that you are clean, please follow this simple step and use the following programs:

Visit http://www.windowsupdate.com regularly. This will ensure that you have the latest patches for your operating system installed. If there are new updates to install, install all the critical updates, reboot and revisit the site until there are no more critical updates.

I would strongly advise you download and install SpywareBlaster and Spybot (With TeaTimer)

Tutorials and download locations for each programs can be found below. They will help to prevent a lot of future reinfections.

Using SpywareBlaster to protect your web browser

Using Spybot - Search & Destroy to remove Spyware from Your Computer

Glad i was able to help.

#5 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:37 PM

Posted 25 July 2004 - 08:00 PM

GREAT! Thanks! I had already done Windows Update (talk about long on a P2/Dial-Up), Spybot, and Ad-Aware, along with HJT.

Now, I'm hoping that your suggestions for speeding this machine up will make a NOTICEABLE difference! :thumbsup:

Thanks again!

Debbie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users