Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! on HijackThis Log Analysis


  • This topic is locked This topic is locked
7 replies to this topic

#1 brelle

brelle

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 29 July 2004 - 10:27 AM

Had (have?) a real nasty Hijacker on my computer. Ran the About:Buster, which deleted over 600 bits, then did HijackThis. The log follows. Now what???? Thanks! Gene

Logfile of HijackThis v1.98.0
Scan saved at 12:42:24 AM, on 7/29/2004
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ANDREA\AUDIOCOMMANDER\PROGRAM\AUDIOC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.actorsfcu.net/
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {9B49E3CB-0644-7E8D-7874-A5140FECDE14} - C:\WINDOWS\NETKZ.DLL (file missing)
O2 - BHO: Class - {DF6EE72D-6DA9-D49D-AEDC-B86B1D310C21} - C:\WINDOWS\IPNK32.DLL (file missing)
O2 - BHO: (no name) - Data - (no file)
O2 - BHO: Class - {75837D60-214C-18DE-CDCC-5BCE6877CB3E} - C:\WINDOWS\SYSTEM\CRPT.DLL (file missing)
O2 - BHO: Class - {82878982-61A2-6166-EC08-369D9A893FF5} - C:\WINDOWS\NTCV32.DLL (file missing)
O2 - BHO: Class - {BAC97FD6-988F-B852-8955-5E97D09318F5} - C:\WINDOWS\APPHG.DLL (file missing)
O2 - BHO: Class - {D9B868DA-B9FC-D9FA-564C-7374A22C9359} - C:\WINDOWS\NETAB32.DLL (file missing)
O2 - BHO: Class - {DD3F4634-6B0B-933F-3B7C-A0E117930844} - C:\WINDOWS\SYSTEM\IEOQ.DLL (file missing)
O2 - BHO: Class - {672812E1-44AB-BC15-24D7-785E66EE73BE} - C:\WINDOWS\NETPL32.DLL (file missing)
O2 - BHO: Class - {EB8F5697-D04E-7651-EDC8-030B538C42C1} - C:\WINDOWS\APIZT32.DLL (file missing)
O2 - BHO: Class - {A5370DC8-6636-3E59-BA9C-0AE91DC7D939} - C:\WINDOWS\SYSTEM\IEEM32.DLL (file missing)
O2 - BHO: Class - {0535D827-C720-21E5-477C-8138E19B5ADD} - C:\WINDOWS\SYSTEM\NTEO32.DLL (file missing)
O2 - BHO: Class - {CD9B6EC2-881D-8302-911A-0E16A5F4B13F} - C:\WINDOWS\CRGC32.DLL (file missing)
O2 - BHO: Class - {7CFD04ED-47B9-3C5E-2CF3-BF0500851139} - C:\WINDOWS\SYSTEM\APPWF32.DLL (file missing)
O2 - BHO: Class - {5AF4AA16-627A-6C7E-5212-A1970A71F0FB} - C:\WINDOWS\NETIG32.DLL (file missing)
O2 - BHO: Class - {A960FD01-0366-6D16-1396-60F66A7427AF} - C:\WINDOWS\SYSTEM\ATLUW32.DLL (file missing)
O2 - BHO: Class - {779FA16D-4B4C-6B34-1993-61C2FD1EBB35} - C:\WINDOWS\SYSTEM\APIEG32.DLL (file missing)
O2 - BHO: Class - {8A8E597C-0315-C237-A69E-F00DE1830090} - C:\WINDOWS\SYSTEM\SDKQB32.DLL (file missing)
O2 - BHO: Class - {C6A56CD0-7FB1-A8EC-CE4E-853678396598} - C:\WINDOWS\SYSTEM\JAVALY.DLL (file missing)
O2 - BHO: Class - {4AA2405E-1A41-394B-EF54-27B55AC5A957} - C:\WINDOWS\SYSTEM\NTDI32.DLL (file missing)
O2 - BHO: Class - {91EC19B5-6CDF-6761-17FA-77D99E5F4FFA} - C:\WINDOWS\SYSTEM\IEWQ.DLL (file missing)
O2 - BHO: Class - {C871E993-FDEC-292E-86CE-435FEE5CFF75} - C:\WINDOWS\ADDSR32.DLL (file missing)
O2 - BHO: Class - {6FA3BCDE-9CB2-3DEF-6909-0B2629F9CE74} - C:\WINDOWS\MSLK32.DLL (file missing)
O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\SYSKB32.DLL (file missing)
O2 - BHO: Class - {D7678742-1EE5-AA6F-3DE1-B66012716EE2} - C:\WINDOWS\SYSTEM\D3SS.DLL (file missing)
O2 - BHO: Class - {0061A6A3-22A7-89C0-EBA9-4070623258CA} - C:\WINDOWS\SYSTEM\ATLPO32.DLL (file missing)
O2 - BHO: Class - {68DEE458-C434-7DFA-9793-DFC94F3C9C3B} - C:\WINDOWS\APPXI32.DLL (file missing)
O2 - BHO: Class - {04374E10-67DF-4CE7-3AC4-3D2A955C50E3} - C:\WINDOWS\NETNX.DLL (file missing)
O2 - BHO: Class - {8F30B32A-F793-7B48-2B17-6EB4E169E8EB} - C:\WINDOWS\SDKHQ32.DLL (file missing)
O2 - BHO: Class - {AEE58A1B-A009-805C-7C54-38D330117711} - C:\WINDOWS\SYSTEM\MSAN32.DLL (file missing)
O2 - BHO: Class - {F8E57CD0-D3F0-4B06-AB7A-BE3C5BABE180} - C:\WINDOWS\SYSTEM\APPMX32.DLL (file missing)
O2 - BHO: Class - {3500DC94-C0FD-7A59-32CD-06861C388D23} - C:\WINDOWS\CRFI.DLL (file missing)
O2 - BHO: Class - {02C904F6-166A-1EE8-F4A4-704FCAC088F5} - C:\WINDOWS\SYSTEM\D3TL32.DLL (file missing)
O2 - BHO: Class - {52FC6CF6-B6EF-E8BC-7A02-C68DF6D6318D} - C:\WINDOWS\SYSTEM\WINLL32.DLL (file missing)
O2 - BHO: Class - {0B910E65-4CD0-713C-7AEC-596165F29413} - C:\WINDOWS\IEKY.DLL (file missing)
O2 - BHO: Class - {D60F8AE6-EE48-9A9D-7E98-BF44A8A19709} - C:\WINDOWS\SYSTEM\JAVAVJ.DLL (file missing)
O2 - BHO: Class - {7FF2353E-A005-88D1-9A8F-F3F164543390} - C:\WINDOWS\SYSTEM\ADDAI32.DLL (file missing)
O2 - BHO: Class - {E0B2881F-BEE8-B54E-5DFC-37FEF2851A76} - C:\WINDOWS\MSRQ32.DLL (file missing)
O2 - BHO: Class - {5E6F0B4C-D07F-936C-E370-EBAD3FFABD30} - C:\WINDOWS\ADDGE.DLL (file missing)
O2 - BHO: Class - {FD93A6CA-5B7B-199D-F228-FCAC0ADAFD02} - C:\WINDOWS\MFCMU32.DLL (file missing)
O2 - BHO: Class - {0591DEAC-0877-0708-40E0-8A6CF49D6A25} - C:\WINDOWS\APIZR.DLL (file missing)
O2 - BHO: Class - {FA4788F1-4822-A986-4D3E-44B435C19A9C} - C:\WINDOWS\WINAQ32.DLL (file missing)
O2 - BHO: Class - {46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD} - C:\WINDOWS\JAVAQY32.DLL (file missing)
O2 - BHO: Class - {B536BEF0-D571-57E6-EAE6-33E630A9AC70} - C:\WINDOWS\SYSTEM\CRWI.DLL (file missing)
O2 - BHO: Class - {D56772D5-4787-FEC2-2F9F-D3396F635202} - C:\WINDOWS\JAVACK32.DLL (file missing)
O2 - BHO: Class - {DE90591F-6A8D-86DE-D1A5-404BF5DCEC40} - C:\WINDOWS\SYSTEM\APIMW32.DLL (file missing)
O2 - BHO: Class - {78794F02-430B-8A38-72A8-5935AC772E23} - C:\WINDOWS\WINJJ32.DLL (file missing)
O2 - BHO: Class - {85F3E634-BC0A-8323-0375-D5743546E873} - C:\WINDOWS\SYSTEM\ATLME.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Class - {F532CB86-9877-DA37-07D8-F1A13A3DBEF2} - C:\WINDOWS\SYSTEM\IESG.DLL (file missing)
O2 - BHO: Class - {88D4DC00-8316-4C96-7C3D-67DE0558A395} - C:\WINDOWS\APICC32.DLL (file missing)
O2 - BHO: Class - {EE743367-DD25-7646-8789-0FEEC66B36C0} - C:\WINDOWS\IPVD.DLL (file missing)
O2 - BHO: Class - {787633EB-8F9E-66A4-0026-A3987933DF9F} - C:\WINDOWS\D3LI.DLL (file missing)
O2 - BHO: Class - {A2160648-21EE-FA39-478B-909F5E5964DA} - C:\WINDOWS\SYSTEM\SYSBS.DLL (file missing)
O2 - BHO: Class - {D9E403FE-9154-878A-7820-16B2AF6C9AEE} - C:\WINDOWS\IPQJ.DLL (file missing)
O2 - BHO: Class - {3930AD0E-407E-0742-7BAA-CE5F22867714} - C:\WINDOWS\SYSTEM\ADDKG32.DLL (file missing)
O2 - BHO: Class - {881BB225-84CF-BE39-E313-C5E95E934915} - C:\WINDOWS\CRBQ.DLL (file missing)
O2 - BHO: Class - {45BE5D9D-A13A-9FA6-68C3-7E04D9D89E5B} - C:\WINDOWS\NTUS32.DLL (file missing)
O2 - BHO: Class - {02FE9119-27B9-A930-4A86-6345404338A2} - C:\WINDOWS\SYSTEM\WINEU32.DLL (file missing)
O2 - BHO: Class - {E3C5B762-0DC9-646F-ECDC-E74618D26264} - C:\WINDOWS\SYSTEM\MSRC32.DLL (file missing)
O2 - BHO: Class - {0AA18C7E-ED9D-7C42-742E-B55F1BCF4868} - C:\WINDOWS\SYSTEM\CRQB.DLL (file missing)
O2 - BHO: Class - {A3A23120-7EE4-B1BE-8BCD-755877155DD7} - C:\WINDOWS\APPXA32.DLL (file missing)
O2 - BHO: Class - {847AFA97-3661-C89D-4131-9055BB86B29F} - C:\WINDOWS\SYSTEM\ATLVE32.DLL (file missing)
O2 - BHO: Class - {35B9CD02-3A45-5C14-BE35-2D79309FA460} - C:\WINDOWS\SYSTEM\SYSOB32.DLL (file missing)
O2 - BHO: Class - {7E7E564B-AB87-9CE8-1B6D-B588C2C0D77D} - C:\WINDOWS\SYSTEM\JAVALZ.DLL (file missing)
O2 - BHO: Class - {65987126-98A1-4B3E-486F-57E4F99A69FD} - C:\WINDOWS\SYSHF.DLL (file missing)
O2 - BHO: Class - {B8479EF9-B1E8-8A74-4CBC-D8346C874FEC} - C:\WINDOWS\SYSTEM\NETSE.DLL (file missing)
O2 - BHO: Class - {341ECD9C-5875-0964-B27A-CC58741232B2} - C:\WINDOWS\SYSTEM\APIYP.DLL (file missing)
O2 - BHO: Class - {5169D876-4C97-5087-3456-0DCBB0716BC9} - C:\WINDOWS\IEYA32.DLL (file missing)
O2 - BHO: Class - {E8F9F03A-BE22-03A0-0932-A5CF0D6CA011} - C:\WINDOWS\JAVAHD.DLL (file missing)
O2 - BHO: Class - {E368E7FC-CE74-4D23-5DB2-FA9C07C0A707} - C:\WINDOWS\SYSTEM\ADDVK32.DLL (file missing)
O2 - BHO: Class - {623681C6-D10D-ABBD-8FA7-3A3E60CC0B9B} - C:\WINDOWS\SYSTEM\NETOG.DLL (file missing)
O2 - BHO: Class - {3804F78A-088D-A205-618F-0B63DFE0A978} - C:\WINDOWS\IELQ.DLL (file missing)
O2 - BHO: Class - {2C18F803-BD24-9967-E949-DCEA19881D1A} - C:\WINDOWS\SYSTEM\NTJI.DLL (file missing)
O2 - BHO: Class - {66D4E389-181B-8B2A-A745-30CF47940533} - C:\WINDOWS\ATLZE.DLL (file missing)
O2 - BHO: Class - {DA5FC41F-0DCA-EDB4-61EC-B4FBA3963E4D} - C:\WINDOWS\SYSTEM\JAVARQ.DLL (file missing)
O2 - BHO: Class - {18EC5DC5-B985-C0FF-DB09-97D6A2005DD1} - C:\WINDOWS\SYSTEM\NETSC.DLL (file missing)
O2 - BHO: Class - {FC1E5A00-A475-6F23-C75B-AF391DF9A652} - C:\WINDOWS\SYSTEM\NETMP32.DLL (file missing)
O2 - BHO: Class - {FA7654F6-15DD-5653-07F3-85077C22D520} - C:\WINDOWS\SYSTEM\APPYZ.DLL (file missing)
O2 - BHO: Class - {90B46B07-282D-8DDE-D296-452CDBB0603B} - C:\WINDOWS\APIMP32.DLL (file missing)
O2 - BHO: Class - {F601318D-D7AF-5E93-FC5B-02C0A95719F0} - C:\WINDOWS\APICT32.DLL (file missing)
O2 - BHO: Class - {4CBB035F-C737-C9AB-F3E4-D29F66B1BA99} - C:\WINDOWS\SYSTEM\WINZA.DLL (file missing)
O2 - BHO: Class - {A9899399-7308-4C1A-F3B7-762295ABD727} - C:\WINDOWS\SYSTEM\ADDGE32.DLL (file missing)
O2 - BHO: Class - {82EF11BA-AF0F-7E93-124D-291F18B9DCDC} - C:\WINDOWS\SYSTEM\NTSA.DLL (file missing)
O2 - BHO: Class - {D9F33EB6-A962-32E6-2818-F02CD338BC89} - C:\WINDOWS\SYSTEM\APIIP.DLL (file missing)
O2 - BHO: Class - {BCC69D76-BB4D-7342-740E-CA30F194CC52} - C:\WINDOWS\SYSTEM\WINZF.DLL (file missing)
O2 - BHO: Class - {4D455E2B-4453-A699-9944-94CABA9AA175} - C:\WINDOWS\SYSTEM\SYSDU.DLL (file missing)
O2 - BHO: Class - {8BF82F75-FF52-9F73-FA54-A6C7D6EE2A70} - C:\WINDOWS\SYSTEM\JAVAJX.DLL (file missing)
O2 - BHO: Class - {0DB1BB03-61F5-1A6A-6BFF-D00AEDED7403} - C:\WINDOWS\SYSTEM\JAVAKR32.DLL (file missing)
O2 - BHO: Class - {89E43E4E-2848-B42A-0ADB-B572F0397C37} - C:\WINDOWS\SYSTEM\MSPA.DLL (file missing)
O2 - BHO: Class - {9A0060D9-18DF-FA66-FC7D-02C871E9935F} - C:\WINDOWS\SYSTEM\SYSKS32.DLL (file missing)
O2 - BHO: Class - {3EC51367-FA39-1261-3090-522B4BFA5214} - C:\WINDOWS\MFCNT32.DLL (file missing)
O2 - BHO: Class - {E44B2869-3C3C-2E0D-FE6F-F5D9CE7E35FE} - C:\WINDOWS\APIPA.DLL (file missing)
O2 - BHO: Class - {2E060147-D980-CDD2-64D5-AD18C7E395DE} - C:\WINDOWS\MFCHJ32.DLL (file missing)
O2 - BHO: Class - {89DCAFEA-12F9-FCBF-A3A5-8521F3A0D84A} - C:\WINDOWS\SYSTEM\APIOK32.DLL (file missing)
O2 - BHO: Class - {AD979EF0-4E2D-0151-5E87-CC0ABDB1DFA2} - C:\WINDOWS\SDKIO32.DLL (file missing)
O2 - BHO: Class - {A120958D-F84C-264B-6825-A0E9618F69B2} - C:\WINDOWS\SYSTEM\ATLTP.DLL (file missing)
O2 - BHO: Class - {A263007C-D0C9-5EB7-16EE-A0E13C5D8C42} - C:\WINDOWS\SYSOA.DLL (file missing)
O2 - BHO: Class - {9B7FF2FB-F800-5594-D274-1F27F041B9D6} - C:\WINDOWS\D3WE32.DLL (file missing)
O2 - BHO: Class - {D1925125-6350-05C5-9A71-85A9722D9F11} - C:\WINDOWS\SYSTEM\ADDOX32.DLL (file missing)
O2 - BHO: Class - {D06461BA-7139-C7D8-21C4-CDA52D19B793} - C:\WINDOWS\JAVACC.DLL (file missing)
O2 - BHO: Class - {4CC7119A-4ABC-8D35-FD7C-F27B7C371F4F} - C:\WINDOWS\IPNK32.DLL (file missing)
O2 - BHO: Class - {31BD4CC0-8A43-4C5C-742B-7C3EC153BB65} - C:\WINDOWS\MSIQ32.DLL (file missing)
O2 - BHO: Class - {EE36A520-0FBE-2BF8-A992-B2A97DB560E2} - C:\WINDOWS\SYSTEM\NTND32.DLL (file missing)
O2 - BHO: Class - {AF1A50FE-E680-CFBC-B008-D199646EBAC8} - C:\WINDOWS\SYSTEM\IEOW32.DLL (file missing)
O2 - BHO: Class - {E5B2258B-C2E2-484B-3C3D-6EF01DA47958} - C:\WINDOWS\SYSTEM\D3GJ32.DLL (file missing)
O2 - BHO: Class - {6F450786-4787-A44D-CDD4-0CE738C6A513} - C:\WINDOWS\SYSTEM\ADDZN32.DLL (file missing)
O2 - BHO: Class - {DF83D71D-7E3C-905C-49E6-8B0B8142868F} - C:\WINDOWS\NTQW32.DLL (file missing)
O2 - BHO: Class - {FEAF00B8-398A-9E71-81CD-EE13C80FA3DF} - C:\WINDOWS\SYSTEM\NETND.DLL (file missing)
O2 - BHO: Class - {EAFF0E33-ECC0-B81A-F317-64A41D7A8BCF} - C:\WINDOWS\SYSTEM\CRIB.DLL (file missing)
O2 - BHO: Class - {96238F7D-6165-13E6-0307-788481765169} - C:\WINDOWS\ATLJF.DLL (file missing)
O2 - BHO: Class - {3C6CC679-D791-5088-7B82-255DDF6E905A} - C:\WINDOWS\MSLU.DLL (file missing)
O2 - BHO: Class - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - C:\WINDOWS\SDKGC32.DLL (file missing)
O2 - BHO: Class - {9A9877C0-6D02-0C15-9A68-C4339C3C410C} - C:\WINDOWS\SYSTEM\JAVAPE.DLL (file missing)
O2 - BHO: Class - {2658BE12-2F6C-70F3-C8EB-4B30D734547B} - C:\WINDOWS\SYSTEM\APIWF32.DLL (file missing)
O2 - BHO: Class - {8C8B817E-6EC4-6536-FC41-321F4B4E6728} - C:\WINDOWS\SYSTEM\ATLDI32.DLL (file missing)
O2 - BHO: Class - {9D569FE3-EAE9-EB55-43F3-35152C62254F} - C:\WINDOWS\SYSTEM\NTMW32.DLL (file missing)
O2 - BHO: Class - {76551A46-3CFF-6B1B-D3B8-FBF43EA1977B} - C:\WINDOWS\SYSLC.DLL (file missing)
O2 - BHO: Class - {46BCC53C-16A6-B232-32BE-A6A734001028} - C:\WINDOWS\SYSTEM\SDKOG.DLL (file missing)
O2 - BHO: Class - {66B2F006-8D10-B63E-B2AB-28BE00E949E9} - C:\WINDOWS\JAVAST32.DLL (file missing)
O2 - BHO: Class - {3DCC181A-7DEF-24B0-6C35-70B9122CAEAB} - C:\WINDOWS\SYSEV32.DLL (file missing)
O2 - BHO: Class - {7E2DCDE2-55C3-D916-E669-679D4796347A} - C:\WINDOWS\SYSTEM\APPYO.DLL (file missing)
O2 - BHO: Class - {2AB80E5C-C6A3-016D-788D-E1F289A65E42} - C:\WINDOWS\WINAG32.DLL (file missing)
O2 - BHO: Class - {DA0C5E43-A4CE-924A-F49C-0F19883F2264} - C:\WINDOWS\SYSTEM\MSIR.DLL (file missing)
O2 - BHO: Class - {6EDA4012-21DE-9B32-1681-78BB1C9B5523} - C:\WINDOWS\SYSTEM\SYSEN32.DLL (file missing)
O2 - BHO: Class - {D8F31A52-4A98-397B-48A7-1CA3B87C457E} - C:\WINDOWS\SDKAN32.DLL (file missing)
O2 - BHO: Class - {C0557ABE-4F97-5EAD-D823-C94B13E646DE} - C:\WINDOWS\D3KT32.DLL (file missing)
O2 - BHO: Class - {D4CEAE5B-2A69-4AA5-CFC7-D52036D3AEC2} - C:\WINDOWS\APIAE.DLL (file missing)
O2 - BHO: Class - {124F8315-D477-68C3-1520-1C94CDC7169A} - C:\WINDOWS\SYSTEM\JAVAEP.DLL (file missing)
O2 - BHO: (no name) - {95AF3B47-9A97-1448-FCD1-36810433BB33} - (no file)
O2 - BHO: Class - {EB4C24C6-8760-33E9-55DD-EF05BB597CB7} - C:\WINDOWS\SYSTEM\CREQ32.DLL (file missing)
O2 - BHO: Class - {306F43F2-AC75-DC0C-F9B5-7FEDDF51F24D} - C:\WINDOWS\SYSTEM\CRMP32.DLL (file missing)
O2 - BHO: Class - {04E2C1A6-0092-4EE5-6B01-9093803A232F} - C:\WINDOWS\JAVAFG32.DLL (file missing)
O2 - BHO: Class - {0B350836-DC95-7F57-B655-743E5D01E33B} - C:\WINDOWS\SYSTEM\SYSEN32.DLL (file missing)
O2 - BHO: Class - {22819E8A-21AF-816A-EA17-D5991C3AE32D} - C:\WINDOWS\SYSTEM\MFCQL.DLL (file missing)
O2 - BHO: Class - {55BB1C72-35FF-4882-7685-FF7BB31538C8} - C:\WINDOWS\NETYB32.DLL (file missing)
O2 - BHO: Class - {D757C266-5087-B9EF-B128-EDF9DA763B6F} - C:\WINDOWS\ATLRC.DLL (file missing)
O2 - BHO: Class - {70BB8727-300B-1A42-4786-61E94EB4FBA5} - C:\WINDOWS\NETSC32.DLL (file missing)
O2 - BHO: Class - {D2326569-8E56-AEAC-EAEE-4BFFB28324BC} - C:\WINDOWS\SYSTEM\MSXB32.DLL (file missing)
O2 - BHO: Class - {3DD347CE-4F98-7E6A-4265-910F29341EB6} - C:\WINDOWS\SYSTEM\NETNZ32.DLL (file missing)
O2 - BHO: Class - {1895564A-E7B0-8B1E-2F35-16CB6EB249F0} - C:\WINDOWS\NTTL.DLL (file missing)
O2 - BHO: Class - {98393DA7-2D9D-DE16-5448-1757B1A0791F} - C:\WINDOWS\SYSTEM\SYSJO32.DLL (file missing)
O2 - BHO: Class - {713BB4D3-0B7C-1D3D-8240-26C661FA80FC} - C:\WINDOWS\IPOP32.DLL (file missing)
O2 - BHO: Class - {337E3897-DE2F-0288-F235-DF9E68486F78} - C:\WINDOWS\SYSTEM\IEHZ32.DLL (file missing)
O2 - BHO: Class - {74623DA5-2ABA-23E1-C89A-3C398499CF48} - C:\WINDOWS\SYSTEM\NTGV32.DLL (file missing)
O2 - BHO: Class - {2CC16CBF-57CB-425A-907D-ABE18223FE62} - C:\WINDOWS\MFCUB32.DLL (file missing)
O2 - BHO: Class - {FBC7D80C-C17A-896F-1A0F-9292CE6726F7} - C:\WINDOWS\D3HQ32.DLL (file missing)
O2 - BHO: (no name) - {08736D47-A3C8-226F-519D-E7C2EDCAB7AF} - (no file)
O2 - BHO: Class - {4258D559-087A-EE36-D79D-AE4B09661C77} - C:\WINDOWS\WINNU.DLL (file missing)
O2 - BHO: Class - {DDAA2D52-24BF-4F9A-DE0A-A77E2CC8EDA1} - C:\WINDOWS\SYSJW.DLL (file missing)
O2 - BHO: Class - {3F18E16D-F794-AD29-32FD-2AA0E587716B} - C:\WINDOWS\JAVAJJ32.DLL (file missing)
O2 - BHO: Class - {3DFCA49D-F1A6-3B88-4195-EF291DD3D11A} - C:\WINDOWS\SYSTEM\ADDCW.DLL (file missing)
O2 - BHO: Class - {F52ECDA2-BC00-81CA-C988-7D827C4883F6} - C:\WINDOWS\SYSTEM\ADDEO32.DLL (file missing)
O2 - BHO: Class - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - C:\WINDOWS\SDKMQ32.DLL (file missing)
O2 - BHO: Class - {4EF0D9F9-63B6-2367-B60D-ED50906569B1} - C:\WINDOWS\ATLVN32.DLL (file missing)
O2 - BHO: (no name) - {C06E9293-E087-04C9-F3FF-87898452B262} - (no file)
O2 - BHO: Class - {0F8C2FF8-B84B-1234-32EF-FBA2FFCC592C} - C:\WINDOWS\APIID.DLL (file missing)
O2 - BHO: Class - {FE572F72-6A9B-CF6C-D339-E410066102D6} - C:\WINDOWS\SYSTEM\MFCEQ32.DLL (file missing)
O2 - BHO: Class - {A0169602-27A9-A41C-9A71-BA75927C0C93} - C:\WINDOWS\SYSTEM\JAVAJA.DLL (file missing)
O2 - BHO: Class - {5242783B-C899-0837-6B33-301241F22BF9} - C:\WINDOWS\SYSTEM\NETFI32.DLL (file missing)
O2 - BHO: Class - {D17D6025-42DC-4907-FF78-B309FD1C14B2} - C:\WINDOWS\SYSTEM\IPMM.DLL (file missing)
O2 - BHO: Class - {2AC970B7-9D60-15AA-747F-18EE664D61F5} - C:\WINDOWS\SYSTEM\NTMC32.DLL (file missing)
O2 - BHO: Class - {5CFB80B4-0B29-6536-3F47-E58A7631A756} - C:\WINDOWS\SYSTEM\MFCBI.DLL (file missing)
O2 - BHO: Class - {03447597-2072-30AA-1960-A7E155CE5AC6} - C:\WINDOWS\NETAG.DLL (file missing)
O2 - BHO: Class - {60EE3993-541E-55E9-33E9-BB7AB0AC2EF3} - C:\WINDOWS\SYSTEM\APPLW.DLL (file missing)
O2 - BHO: Class - {652D794B-763F-83DD-FAFE-5ACFEB85DA45} - C:\WINDOWS\SYSTEM\SYSWE32.DLL (file missing)
O2 - BHO: Class - {1D369A00-A199-608E-341F-9B61BFC8C5AF} - C:\WINDOWS\SYSTEM\SYSSG32.DLL (file missing)
O2 - BHO: Class - {2DC1CC8E-DA42-4D83-4911-CAF35207C15A} - C:\WINDOWS\IPCR32.DLL (file missing)
O2 - BHO: Class - {2DB2B4D5-50F2-B854-35AD-B1004EF4A759} - C:\WINDOWS\MFCNE32.DLL (file missing)
O2 - BHO: Class - {4B1F3EA0-0E74-2147-A710-4BF8DD007B95} - C:\WINDOWS\SYSTEM\MFCSO.DLL (file missing)
O2 - BHO: Class - {7D74E142-84B2-4B86-BFEE-029366CABB58} - C:\WINDOWS\SYSTEM\SDKTJ.DLL (file missing)
O2 - BHO: Class - {1F2866A1-B3DE-97B8-4F2D-4A3C69C0ADD2} - C:\WINDOWS\ATLWG32.DLL (file missing)
O2 - BHO: Class - {4C97FF57-707D-49B6-2CBA-7996791E6202} - C:\WINDOWS\NETDT32.DLL (file missing)
O2 - BHO: Class - {96350BAB-2119-CC17-5DD2-AB7866BC89E7} - C:\WINDOWS\SYSTEM\CRZD.DLL (file missing)
O2 - BHO: Class - {5AC69FF5-1DF8-FCEA-F8E7-A23084881BB1} - C:\WINDOWS\D3XJ.DLL (file missing)
O2 - BHO: Class - {52D8DFA5-67AF-B1FB-ED83-C37F97F0E2CB} - C:\WINDOWS\SYSTEM\JAVALD.DLL (file missing)
O2 - BHO: Class - {2284453A-6D78-BE4F-6C59-8D255DBFA2FB} - C:\WINDOWS\SYSTEM\CRST.DLL (file missing)
O2 - BHO: Class - {6529E313-464B-2869-AB7A-C0AE8A16A394} - C:\WINDOWS\SYSTEM\IPMY.DLL (file missing)
O2 - BHO: Class - {6325A30D-FCBA-32D6-035E-CF46D58D2254} - C:\WINDOWS\SYSTEM\MFCAS32.DLL (file missing)
O2 - BHO: Class - {B0565FD1-8F59-3366-9F07-18E96603464E} - C:\WINDOWS\APIHU32.DLL (file missing)
O2 - BHO: Class - {F0D5238F-0367-117E-1547-A66D3516C727} - C:\WINDOWS\SYSTEM\JAVATP32.DLL (file missing)
O2 - BHO: Class - {FB1FF3C6-0115-2FD6-315D-8C97AEC3A3E5} - C:\WINDOWS\APPRY.DLL (file missing)
O2 - BHO: (no name) - {557F0FF3-77D9-75B6-58BE-2541EA3F2F8F} - (no file)
O2 - BHO: Class - {38BFA183-9FD7-E29A-2FB0-12ECF5430C69} - C:\WINDOWS\D3NU.DLL (file missing)
O2 - BHO: Class - {73D5A469-1C3D-FC66-B498-A7EE07DA81B0} - C:\WINDOWS\SYSTEM\MSLZ.DLL (file missing)
O2 - BHO: Class - {D57FDEDB-A0FE-C94E-E5AF-7B88E58BEFED} - C:\WINDOWS\SYSTEM\CRJL.DLL (file missing)
O2 - BHO: Class - {EAF1C668-38A7-44A6-F1D3-314823745712} - C:\WINDOWS\SYSTEM\NTVE.DLL (file missing)
O2 - BHO: Class - {6557D814-89DB-DA16-9B4C-C38A0E1F23F2} - C:\WINDOWS\SYSTEM\MFCOQ32.DLL (file missing)
O2 - BHO: Class - {DD6986A6-F6F5-B1A1-66D4-27153C5F2717} - C:\WINDOWS\SYSTEM\IPQB.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AudioCOMMANDER] C:\PROGRAM FILES\ANDREA\AUDIOCOMMANDER\PROGRAM\AUDIOC.EXE /tray
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~2\CommCtr.exe -auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .DImg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab
O16 - DPF: {D47B9AB4-83C1-4534-ABDC-ACBFFE8F2B86} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:37 PM

Posted 29 July 2004 - 12:20 PM

Gene fix with hijackthis all the O2's that say (file missing) and then post a new log

#3 brelle

brelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 29 July 2004 - 03:53 PM

Thanks. Did that and here is my new log. Now what?? :thumbsup:

Logfile of HijackThis v1.98.0
Scan saved at 4:51:44 PM, on 7/29/2004
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ANDREA\AUDIOCOMMANDER\PROGRAM\AUDIOC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.actorsfcu.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.actorsfcu.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.actorsfcu.net/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - Data - (no file)
O2 - BHO: (no name) - {95AF3B47-9A97-1448-FCD1-36810433BB33} - (no file)
O2 - BHO: (no name) - {08736D47-A3C8-226F-519D-E7C2EDCAB7AF} - (no file)
O2 - BHO: (no name) - {C06E9293-E087-04C9-F3FF-87898452B262} - (no file)
O2 - BHO: (no name) - {557F0FF3-77D9-75B6-58BE-2541EA3F2F8F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AudioCOMMANDER] C:\PROGRAM FILES\ANDREA\AUDIOCOMMANDER\PROGRAM\AUDIOC.EXE /tray
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~2\CommCtr.exe -auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .DImg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab
O16 - DPF: {D47B9AB4-83C1-4534-ABDC-ACBFFE8F2B86} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:37 PM

Posted 29 July 2004 - 04:07 PM

Fix these:

O2 - BHO: (no name) - Data - (no file)
O2 - BHO: (no name) - {95AF3B47-9A97-1448-FCD1-36810433BB33} - (no file)
O2 - BHO: (no name) - {08736D47-A3C8-226F-519D-E7C2EDCAB7AF} - (no file)
O2 - BHO: (no name) - {C06E9293-E087-04C9-F3FF-87898452B262} - (no file)
O2 - BHO: (no name) - {557F0FF3-77D9-75B6-58BE-2541EA3F2F8F} - (no file)

Reboot and post a last log

#5 brelle

brelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 29 July 2004 - 04:14 PM

thanks again. will do another 'fix'. in the meantime, I had read somewhere else that you should show Hidden Files when running these logs. I did so after running the previous one and this is what I came up with. I will now do that last fix you suggested and post it pronto. thanks again!!

Logfile of HijackThis v1.98.0
Scan saved at 5:04:47 PM, on 7/29/2004
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ANDREA\AUDIOCOMMANDER\PROGRAM\AUDIOC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.actorsfcu.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.actorsfcu.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.actorsfcu.net/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - Data - (no file)
O2 - BHO: (no name) - {95AF3B47-9A97-1448-FCD1-36810433BB33} - (no file)
O2 - BHO: (no name) - {08736D47-A3C8-226F-519D-E7C2EDCAB7AF} - (no file)
O2 - BHO: (no name) - {C06E9293-E087-04C9-F3FF-87898452B262} - (no file)
O2 - BHO: (no name) - {557F0FF3-77D9-75B6-58BE-2541EA3F2F8F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AudioCOMMANDER] C:\PROGRAM FILES\ANDREA\AUDIOCOMMANDER\PROGRAM\AUDIOC.EXE /tray
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~2\CommCtr.exe -auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .DImg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab
O16 - DPF: {D47B9AB4-83C1-4534-ABDC-ACBFFE8F2B86} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

#6 brelle

brelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 29 July 2004 - 04:21 PM

ok, the last log you suggested (with hidden files):

Logfile of HijackThis v1.98.0
Scan saved at 5:18:02 PM, on 7/29/2004
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ANDREA\AUDIOCOMMANDER\PROGRAM\AUDIOC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.actorsfcu.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.actorsfcu.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.actorsfcu.net/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AudioCOMMANDER] C:\PROGRAM FILES\ANDREA\AUDIOCOMMANDER\PROGRAM\AUDIOC.EXE /tray
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~2\CommCtr.exe -auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .DImg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab
O16 - DPF: {D47B9AB4-83C1-4534-ABDC-ACBFFE8F2B86} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:37 PM

Posted 29 July 2004 - 04:53 PM

Clean as can be...great job!!!

Now that you are clean, please follow this simple step and use the following programs:

Visit http://www.windowsupdate.com regularly. This will ensure that you have the latest patches for your operating system installed. If there are new updates to install, install all the critical updates, reboot and revisit the site until there are no more critical updates.

I would strongly advise you download and install SpywareBlaster and Spybot (With TeaTimer)

Tutorials and download locations for each programs can be found below. They will help to prevent a lot of future reinfections.

Using SpywareBlaster to protect your web browser

Using Spybot - Search & Destroy to remove Spyware from Your Computer

Glad i was able to help.

#8 brelle

brelle
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 29 July 2004 - 06:46 PM

:thumbsup: :flowers: :trumpet: you are BRILLIANT!!!!! I can't thank you enough, except to say I'll vote for you when you run for president.......

Gene




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users