Tech Support Guy banner
Cancel

Help PLEASE major computer bugs

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 27 Posts
S

· Registered
Joined
·
12 Posts
Discussion Starter · #1 ·
Im on Windows 98 system, getting all kinds of new strange pop ups and zone alarm alerts. I am not so computer savy, was refered to this site and told to post a "hijack this" log, and ask for assistance. I am really frustrated, sure could use some help. Thanks, Steve
Logfile of HijackThis v1.99.0
Scan saved at 9:26:55 AM, on 01/19/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROANTIVIRUS\BIN\TRAY.EXE
C:\WINDOWS\SYSTEM\KALVDHI32.EXE
C:\WINDOWS\N20050308.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO2002\COMPONENTS\QBAGENT\QBDAGENT2002.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OEMJI\TOOLBAR\POPUPBLOCKER\OEMJIPOPUPBLOCKER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by IMC Computer 714-520-3188
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\PROGRAM FILES\OEMJI\TOOLBAR\OEMJISEARCH.DLL
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [errorping] C:\PROGRA~1\WIPEJO~1\fivedentfree.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [MicroAntivirus] C:\Program Files\MicroAntivirus\bin\Tray.exe --logon
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVDHI32.EXE
O4 - HKLM\..\Run: [ntechin] C:\WINDOWS\N20050308.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\Client\HelpExp.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro2002\Components\QBAgent\qbdagent2002.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .mp3: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npwinamp.dll
O12 - Plugin for .wvx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/bounce/install.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.0.25/holdem/holdem-ob-assets.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.com/pub/sr-test/streetnoagent7.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 
D

· Registered
Joined
·
99 Posts
#2 ·
Welcome to TSG! :)

First off, before we go fixing items in your HijackThis log, we want to make sure that you have both AdAware and Spybot Search & Destroy installed on your computer and that you've performed thorough scans with both.

Please download Spybot Search & Destroy 1.3 at the following:
http://www.safer-networking.org/en/download/index.html

Download the file "spybotsd13" to your desktop and double-click it. Follow the setup program's installation instructions. After installation is complete, Spybot S&D will give you the option of creating a registry backup. Doing so is optional, but recommended. After the registry backup is complete, you should then select Search for Updates, and then Download All Available Updates.

To search your computer for spyware, select the Check for Problems button. After Spybot S&D has completed scanning, be sure all found items are selected and click Fix Selected Problems.

Spybot S&D releases updates on an infrequent basis. You will need to manually choose the Update option to search for new updates when you run the program. Spybot S&D should be ran on a frequent basis.

Please download AdAware SE Personal Edition 1.05 at the following:
http://www.lavasoftusa.com/support/download/

Download the file "aawsepersonal" to your desktop and double-click it. Follow the setup program's installation instructions. After installation is complete, Ad-Aware
should prompt you to search for updates. If you have dial-up Internet access, be sure you are connected to the Internet before selecting Connect. Click Ok and then Finish when the download is complete. Updates can also be manually downloaded from Lavasoft's Website.

When Ad-Aware has completed installation, select Scan Now and choose Perform Full System Scan. If the Search for Negligible Risk Entries option is checked, Ad-Aware will do just that: find items of interest that are not necessarily a danger to your computer. You may leave it checked or unchecked as you see fit.

Once Ad-Aware has completed scanning, select Next to see a list of all entries it has found. You must manually select all entries and then click Next. You will be prompted to remove all objects; select OK.

Ad-Aware releases new updates on an almost daily basis. You should update and run Ad-Aware frequently. If you have dial-up Internet access, you will need to be connected to the Internet before updating. To update, select Search for Updates Now from Ad-Aware's Status page. Follow the same steps you took when previously updating Ad-Aware.

After downloading and running these programs, please post a new HijackThis log.
 
D

· Registered
Joined
·
99 Posts
#3 ·
Also, if you haven't already, be sure to go to http://www.windowsupdate.com and install all critical updates, as well as looking through the recommended updates to see if any apply to programs that you use on your computer. Be sure that all updates that deal with fixing security gaps (especially in Internet Explorer) are downloaded.
 
S

· Registered
Joined
·
12 Posts
Discussion Starter · #4 ·
Thanks so much for the reply,. I feel better already just thinking i might get somewhere.
I ran cw shredder, spybot, and adaware in that order, restarting after each run. I did the windows update also, here is my latest hjt log

Logfile of HijackThis v1.99.0
Scan saved at 12:14:51 PM, on 01/19/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROANTIVIRUS\BIN\TRAY.EXE
C:\WINDOWS\SYSTEM\KALVDHI32.EXE
C:\WINDOWS\N20050308.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO2002\COMPONENTS\QBAGENT\QBDAGENT2002.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OEMJI\TOOLBAR\POPUPBLOCKER\OEMJIPOPUPBLOCKER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by IMC Computer 714-520-3188
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\PROGRAM FILES\OEMJI\TOOLBAR\OEMJISEARCH.DLL
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [errorping] C:\PROGRA~1\WIPEJO~1\fivedentfree.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [MicroAntivirus] C:\Program Files\MicroAntivirus\bin\Tray.exe --logon
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVDHI32.EXE
O4 - HKLM\..\Run: [ntechin] C:\WINDOWS\N20050308.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\Client\HelpExp.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro2002\Components\QBAgent\qbdagent2002.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .mp3: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npwinamp.dll
O12 - Plugin for .wvx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/bounce/install.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.0.25/holdem/holdem-ob-assets.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.com/pub/sr-test/streetnoagent7.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 
D

· Registered
Joined
·
99 Posts
#5 ·
Good. There is still obvious adware on your computer, so go ahead and place a check mark in the box next to the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll

O4 - HKLM\..\Run: [errorping] C:\PROGRA~1\WIPEJO~1\fivedentfree.exe

O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

Close all open windows and browsers and then click "Fix Checked."

Now open Windows Explorer and do the following:

Click the Tools tab, then Folder Options.
Scroll down to the "Files and Folders" section.
Select "Display the contents of system folders."

Scroll down to the "Hidden Files and Folders" section.
Select "Show hidden files and folders," and then select Ok.
Uncheck "Hide file extensions for known file types."
Uncheck "Hide protected operating system files." Select Ok, and then click Apply.

Click the "Apply to all Folders" button and then close Windows Explorer.

Re-enter Windows Explorer and delete the following folders on your computer:

C:\WINDOWS\EliteToolBar
C:\PROGRA~1\WIPEJO~1
C:\Program Files\couponsandoffers

Now, in Windows Explorer, go to

C:\Documents and Settings\<Your Profile>\Local Settings\Temp

and delete all the contents of the Temp folder.

Also, delete all the contents of the folder

C:\WINDOWS\Temp.

Open Internet Explorer and click the Tools tab and then Internet Options. Under Temporary Internet Files, click Delete Cookies and then Delete Files (make sure "Delete Offline Content" is checked).

After this is done, reboot your computer.

You may still have some problems with Elite Toolbar. So, go ahead and download and install Elite Toolbar Remover 1.0 from http://www.majorgeeks.com/download4465.html.

Reboot your computer into Safe Mode (hit F8 as the boot-up process is beginning) and run Elite Toolbar Remover in Safe Mode.

After doing so, reboot your computer normally and post another HijackThis log please. :)
 
D

· Registered
Joined
·
99 Posts
#6 ·
Sorry, forgot to mention--please delete the three folders I told you

C:\WINDOWS\EliteToolBar
C:\PROGRA~1\WIPEJO~1
C:\Program Files\couponsandoffers

in Safe Mode. You may have trouble deleting them while Windows is running normally.
If you have already deleted them and they have not reappeared, then ignore this. :)
 
S

· Registered
Joined
·
12 Posts
Discussion Starter · #7 ·
Thanks again DarkLighter, for all your help...Ok so i checked all the boxes and "fixed" with hijack, a few of the 01 "hosts" refuse to be gone. It kicks out hijack with an error message. I went through Win Explorer through folder options and the instruction dont match what you asked me to do. I was able to uncheck"Hide file for known type files" but there is no box to uncheck for "hide protected operating system files" but i went ahead and applied to all folders. I Re-entered Windows explorer to delete the folders you recommended, C\WINDOWS\elitetoolbar was found and deleted, but wipejo and coupon savers I cannot locate at all. I am also unable to get to C\Documents and Settings, cant find it anywhere. I went to Windows\temp file and deleted many files there, about 90 found, but a few refused to be deleted. I deleted cookies and temp internet files along with off line content. I went to major geeks and downloaded the elite toolbar remover and used that program with safe start and it appeared to take. follows the latest hjt log.....

Logfile of HijackThis v1.99.0
Scan saved at 3:55:35 PM, on 01/19/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROANTIVIRUS\BIN\TRAY.EXE
C:\WINDOWS\N20050308.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO2002\COMPONENTS\QBAGENT\QBDAGENT2002.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by IMC Computer 714-520-3188
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [MicroAntivirus] C:\Program Files\MicroAntivirus\bin\Tray.exe --logon
O4 - HKLM\..\Run: [ntechin] C:\WINDOWS\N20050308.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\Client\HelpExp.exe
O4 - HKCU\..\RunServices: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\HXIUL.EXE
O4 - HKCU\..\RunServices: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\Client\HelpExp.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O4 - HKCU\..\RunServicesOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro2002\Components\QBAgent\qbdagent2002.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .mp3: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npwinamp.dll
O12 - Plugin for .wvx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/bounce/install.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.0.25/holdem/holdem-ob-assets.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.com/pub/sr-test/streetnoagent7.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 
D

· Registered
Joined
·
99 Posts
#8 ·
Sorry about the confusing instructions! I'm using Windows XP, so a few of those didn't relate to Windows 98 SE.

Okay, go ahead and reboot your computer into Safe Mode, run HijackThis, and remove the following:

O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)

If you get another error message, please post it here.

In Safe Mode, you should be able to delete everything in C:\WINDOWS\Temp; do so now.

If you have a folder called C:\Temp, empty that as well.

Empty your recycle bin, reboot, run HijackThis and post a new log. Hopefully this will clear everything up. I'll also ask someone else to take a look at your log to ensure that you're clean.
 
D

· Registered
Joined
·
99 Posts
#9 ·
Sorry, I missed something in your HijackThis log. Please fix this as well:

O4 - HKLM\..\Run: [ntechin] C:\WINDOWS\N20050308.EXE

After doing so, reboot to Safe Mode, navigate to C:\WINDOWS and look for the file N20050308.EXE. If found, delete it.
 
S

· Registered
Joined
·
12 Posts
Discussion Starter · #10 ·
Ok did all i was told, but i dont know how to find the N20050308.EXE file looking in c:\Windows....anyways here is the latest log file...Notice the "01's" keep coming back, even after they show being gone in safe mode.Thanks, Steve
Logfile of HijackThis v1.99.0
Scan saved at 6:42:39 PM, on 01/19/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROANTIVIRUS\BIN\TRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO2002\COMPONENTS\QBAGENT\QBDAGENT2002.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by IMC Computer 714-520-3188
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [MicroAntivirus] C:\Program Files\MicroAntivirus\bin\Tray.exe --logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\Client\HelpExp.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro2002\Components\QBAgent\qbdagent2002.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .mp3: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npwinamp.dll
O12 - Plugin for .wvx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/bounce/install.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.0.25/holdem/holdem-ob-assets.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.com/pub/sr-test/streetnoagent7.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
 
D

· Registered
Joined
·
99 Posts
#11 ·
Go to Start, then Search, and search for N20050308.EXE. If nothing is found, then you should be clean in that area. Other than the 01 entries, your log looks clean as far as I can tell. Are you still having problems with pop-ups and such?

I've asked a moderator to take a look at your log and see what he thinks. Hopefully he'll have the time to do so soon.
 
S

· Registered
Joined
·
12 Posts
Discussion Starter · #12 ·
Yes, N20050308.EXE still showed durring a search and I delelted it again...Three "redirected hosts" still show up on a spybot run, and after deleting, they all come right back. Their sub line ID's are search.netscape.com, auto.search.msn.com, and ieautosearch. I believe all these relate directly to those "01"s that wont "fix" like they should. I have zone alarm blocking these intrusions now and it comes up either rundll32.exe or iexplore.exe trying to launch the pop-ups....Thanks again this is at least giving me HOPE....Steve
 
D

· Registered
Joined
·
99 Posts
#13 ·
Okay, I've done a little more research and it appears that you have a form of a host infection. These kind of infections seem to be new and popping up commonly very recently. Unfortunately, I haven't dealt with them before. I'll see what else I can find, and hopefully someone more experienced than I can help as well.
 
D

· Registered
Joined
·
99 Posts
#14 ·
Okay, let's see if this works. Download the VX2 Cleaner plugin for AdAware at
http://majorgeeks.com/downloadget.php?id=4283&file=11&evp=34312f31f5a8511bfb7cf839b1eaff0b.

Run AdAware and click on "Add-ons." Choose "VX2 Cleaner" and then "Run Tool." After running the tool, exit out of AdAware.

Run HijackThis and fix the following entries:

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

Restart your computer and see if those entries have returned.
 
Flrman1

· Registered
Joined
·
46,465 Posts
#15 ·
You have been infected by the new variant of VX2. Please download, run and post the logs from all of the following:

Click Here and download the VX2Finder9x.exe tool. Click on the VX2Finder9x.exe and then click on the Click to Find VX2.Betterinternet button. It will display the files, and User Agent string. Now click the Make Log button. It will open the log in notepad. Copy and paste that log here.

Also Click here to download DLLCompare.exe.

Save it to your desktop.

Now run DllCompare and click on the RunLocate.com button. It will scan for the hidden files. When it is finished,you will see in blue Completed the scan, Click Compare to Continue at which time you will click the Compare button.

It will sort through the files it found and determine which should be flagged as "No access" and display them in the lower box.
In a few minutes it will complete then you will see in blue Completed.
Click the Make a Log of what was Found button. It will ask if you want to view the logfile. Click Yes then copy and paste that log in your next reply.

Click here to download FindIt9xME.zip. Unzip it to your desktop.

Doubleclick on the find.bat file and let it run. It may take as long as ten minutes to run. When it is finished it will produce an output.txt file. Copy and paste the contents of output.txt here please.
 
Save Share
S

· Registered
Joined
·
12 Posts
Discussion Starter · #16 ·
Ran vx2, came up clean, the top box showed this...
Files Found---


User Agent String---
{4B268940-63FE-11D9-ABCF-0800460222F0}
DLL compare log is here,,,,
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM\ruathunk.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\ricns4.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\lwfpx70n.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\dbmodemx.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\vqrsion.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\adimiaxx.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\atlnode.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\aui2q9aa.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\pmfmgr.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\susinv.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\unbui.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\mbc30.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\tjp3216s.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\rsathunk.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\wp32dll.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\iosetup.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\inhlpapi.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\myls31.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\mldxmlc.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\mavidctl.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\ssge.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
________________________________________________

974 items found: 974 files (21 H/S), 0 directories.
Total of file sizes: 204,404,509 bytes 194.93 M

--------------------End log---------------------
 
S

· Registered
Joined
·
12 Posts
Discussion Starter · #17 ·
Find here the findit9xme log...
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 0325-0EF2
Directory of C:\WINDOWS\SYSTEM

RUATHUNK DLL 217,088 01-10-05 5:53p RUATHUNK.DLL
RICNS4 DLL 217,088 01-10-05 5:53p RICNS4.DLL
LWFPX70N DLL 217,088 01-10-05 5:53p LWFPX70N.DLL
DBMODEMX DLL 217,088 01-10-05 5:53p DBMODEMX.DLL
VQRSION DLL 217,088 01-10-05 5:53p VQRSION.DLL
ADIMIAXX DLL 217,088 01-10-05 5:53p ADIMIAXX.DLL
ATLNODE DLL 217,088 01-10-05 5:53p AtlNode.DLL
AUI2Q9AA DLL 217,088 01-10-05 5:53p AUI2Q9AA.DLL
PMFMGR DLL 217,088 01-10-05 5:53p PMFMGR.DLL
SUSINV DLL 217,088 01-10-05 5:53p SUSINV.DLL
UNBUI DLL 217,088 01-10-05 5:53p UNBUI.DLL
MBC30 DLL 217,088 01-10-05 5:53p MBC30.DLL
TJP3216S DLL 217,088 01-10-05 5:53p TJP3216S.DLL
RSATHUNK DLL 217,088 01-10-05 5:53p RSATHUNK.DLL
WP32DLL DLL 217,088 01-10-05 5:53p WP32DLL.DLL
IOSETUP DLL 217,088 01-10-05 5:53p IOSETUP.DLL
INHLPAPI DLL 217,088 01-10-05 5:53p INHLPAPI.DLL
MYLS31 DLL 217,088 01-10-05 5:53p MYLS31.DLL
MLDXMLC DLL 217,088 01-10-05 5:53p mldxmlc.dll
MAVIDCTL DLL 217,088 01-10-05 5:53p mavidctl.dll
SSGE DLL 217,088 01-10-05 5:53p sSge.dll
21 file(s) 4,558,848 bytes
0 dir(s) 269.43 MB free

------- System Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 0325-0EF2
Directory of C:\WINDOWS\SYSTEM

RUATHUNK DLL 217,088 01-10-05 5:53p RUATHUNK.DLL
RICNS4 DLL 217,088 01-10-05 5:53p RICNS4.DLL
LWFPX70N DLL 217,088 01-10-05 5:53p LWFPX70N.DLL
DBMODEMX DLL 217,088 01-10-05 5:53p DBMODEMX.DLL
VQRSION DLL 217,088 01-10-05 5:53p VQRSION.DLL
ADIMIAXX DLL 217,088 01-10-05 5:53p ADIMIAXX.DLL
ATLNODE DLL 217,088 01-10-05 5:53p AtlNode.DLL
AUI2Q9AA DLL 217,088 01-10-05 5:53p AUI2Q9AA.DLL
PMFMGR DLL 217,088 01-10-05 5:53p PMFMGR.DLL
SUSINV DLL 217,088 01-10-05 5:53p SUSINV.DLL
UNBUI DLL 217,088 01-10-05 5:53p UNBUI.DLL
MBC30 DLL 217,088 01-10-05 5:53p MBC30.DLL
TJP3216S DLL 217,088 01-10-05 5:53p TJP3216S.DLL
RSATHUNK DLL 217,088 01-10-05 5:53p RSATHUNK.DLL
WP32DLL DLL 217,088 01-10-05 5:53p WP32DLL.DLL
IOSETUP DLL 217,088 01-10-05 5:53p IOSETUP.DLL
INHLPAPI DLL 217,088 01-10-05 5:53p INHLPAPI.DLL
MYLS31 DLL 217,088 01-10-05 5:53p MYLS31.DLL
MLDXMLC DLL 217,088 01-10-05 5:53p mldxmlc.dll
MAVIDCTL DLL 217,088 01-10-05 5:53p mavidctl.dll
SSGE DLL 217,088 01-10-05 5:53p sSge.dll
21 file(s) 4,558,848 bytes
0 dir(s) 135.25 MB free

------- System Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 0325-0EF2
Directory of C:\WINDOWS\SYSTEM

RUATHUNK DLL 217,088 01-10-05 5:53p RUATHUNK.DLL
RICNS4 DLL 217,088 01-10-05 5:53p RICNS4.DLL
LWFPX70N DLL 217,088 01-10-05 5:53p LWFPX70N.DLL
DBMODEMX DLL 217,088 01-10-05 5:53p DBMODEMX.DLL
VQRSION DLL 217,088 01-10-05 5:53p VQRSION.DLL
ADIMIAXX DLL 217,088 01-10-05 5:53p ADIMIAXX.DLL
ATLNODE DLL 217,088 01-10-05 5:53p AtlNode.DLL
AUI2Q9AA DLL 217,088 01-10-05 5:53p AUI2Q9AA.DLL
PMFMGR DLL 217,088 01-10-05 5:53p PMFMGR.DLL
SUSINV DLL 217,088 01-10-05 5:53p SUSINV.DLL
UNBUI DLL 217,088 01-10-05 5:53p UNBUI.DLL
MBC30 DLL 217,088 01-10-05 5:53p MBC30.DLL
TJP3216S DLL 217,088 01-10-05 5:53p TJP3216S.DLL
RSATHUNK DLL 217,088 01-10-05 5:53p RSATHUNK.DLL
WP32DLL DLL 217,088 01-10-05 5:53p WP32DLL.DLL
IOSETUP DLL 217,088 01-10-05 5:53p IOSETUP.DLL
INHLPAPI DLL 217,088 01-10-05 5:53p INHLPAPI.DLL
MYLS31 DLL 217,088 01-10-05 5:53p MYLS31.DLL
MLDXMLC DLL 217,088 01-10-05 5:53p mldxmlc.dll
MAVIDCTL DLL 217,088 01-10-05 5:53p mavidctl.dll
SSGE DLL 217,088 01-10-05 5:53p sSge.dll
21 file(s) 4,558,848 bytes
0 dir(s) 271.15 MB free

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 0325-0EF2
Directory of C:\WINDOWS\SYSTEM

VSCONFIG XML 1,061 01-20-05 6:18a vsconfig.xml
ZLLICTBL DAT 4,212 12-27-04 3:15p zllictbl.dat
EPIUIE6E GID 10,841 11-02-04 8:03a EPIUIE6E.GID
ATMENUXX GID 10,845 01-12-00 12:47p ATMenuxx.GID
FOLDER HTT 13,122 12-22-99 9:15a folder.htt
DESKTOP INI 266 12-22-99 9:15a desktop.ini
6 file(s) 40,347 bytes
0 dir(s) 269.42 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 0325-0EF2
Directory of C:\WINDOWS\SYSTEM

VSCONFIG XML 1,061 01-20-05 6:18a vsconfig.xml
ZLLICTBL DAT 4,212 12-27-04 3:15p zllictbl.dat
EPIUIE6E GID 10,841 11-02-04 8:03a EPIUIE6E.GID
ATMENUXX GID 10,845 01-12-00 12:47p ATMenuxx.GID
FOLDER HTT 13,122 12-22-99 9:15a folder.htt
DESKTOP INI 266 12-22-99 9:15a desktop.ini
6 file(s) 40,347 bytes
0 dir(s) 135.25 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 0325-0EF2
Directory of C:\WINDOWS\SYSTEM

VSCONFIG XML 1,061 01-20-05 6:18a vsconfig.xml
ZLLICTBL DAT 4,212 12-27-04 3:15p zllictbl.dat
EPIUIE6E GID 10,841 11-02-04 8:03a EPIUIE6E.GID
ATMENUXX GID 10,845 01-12-00 12:47p ATMenuxx.GID
FOLDER HTT 13,122 12-22-99 9:15a folder.htt
DESKTOP INI 266 12-22-99 9:15a desktop.ini
6 file(s) 40,347 bytes
0 dir(s) 271.15 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{4B268940-63FE-11D9-ABCF-0800460222F0}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ruathunk.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
vsconfig.xml Thu Jan 20 2005 6:18:06a A..H. 1,061 1.04 K
zllictbl.dat Mon Dec 27 2004 3:15:14p ...H. 4,212 4.11 K
ricns4.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
lwfpx70n.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
epiuie6e.gid Tue Nov 2 2004 8:03:18a A..H. 10,841 10.59 K
dbmodemx.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
vqrsion.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
adimiaxx.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
atlnode.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
aui2q9aa.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
pmfmgr.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
susinv.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
unbui.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
mbc30.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
tjp3216s.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
rsathunk.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
wp32dll.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
iosetup.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
inhlpapi.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
myls31.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
mldxmlc.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
mavidctl.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
ssge.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K

24 items found: 24 files, 0 directories.
Total of file sizes: 4,574,962 bytes 4.36 M

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ruathunk.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
vsconfig.xml Thu Jan 20 2005 6:18:06a A..H. 1,061 1.04 K
zllictbl.dat Mon Dec 27 2004 3:15:14p ...H. 4,212 4.11 K
ricns4.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
lwfpx70n.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
epiuie6e.gid Tue Nov 2 2004 8:03:18a A..H. 10,841 10.59 K
dbmodemx.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
vqrsion.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
adimiaxx.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
atlnode.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
aui2q9aa.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
pmfmgr.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
susinv.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
unbui.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
mbc30.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
tjp3216s.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
rsathunk.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
wp32dll.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
iosetup.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
inhlpapi.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
myls31.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
mldxmlc.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
mavidctl.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
ssge.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K

24 items found: 24 files, 0 directories.
Total of file sizes: 4,574,962 bytes 4.36 M

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ruathunk.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
vsconfig.xml Thu Jan 20 2005 6:18:06a A..H. 1,061 1.04 K
zllictbl.dat Mon Dec 27 2004 3:15:14p ...H. 4,212 4.11 K
ricns4.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
lwfpx70n.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
epiuie6e.gid Tue Nov 2 2004 8:03:18a A..H. 10,841 10.59 K
dbmodemx.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
vqrsion.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
adimiaxx.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
atlnode.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
aui2q9aa.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
pmfmgr.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
susinv.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
unbui.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
mbc30.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
tjp3216s.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
rsathunk.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
wp32dll.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
iosetup.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
inhlpapi.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
myls31.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
mldxmlc.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
mavidctl.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K
ssge.dll Mon Jan 10 2005 5:53:00p ..S.R 217,088 212.00 K

24 items found: 24 files, 0 directories.
Total of file sizes: 4,574,962 bytes 4.36 M

------------ Strings.exe Qoologic Results ------------

-------------- Strings.exe Aspack Results -------------

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\RUATHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\RICNS4.DLL: UMonitor
C:\WINDOWS\SYSTEM\WWNETMGR.DLL: UMonitor
C:\WINDOWS\SYSTEM\LWFPX70N.DLL: UMonitor
C:\WINDOWS\SYSTEM\DBMODEMX.DLL: UMonitor
C:\WINDOWS\SYSTEM\VQRSION.DLL: UMonitor
C:\WINDOWS\SYSTEM\ADIMIAXX.DLL: UMonitor
C:\WINDOWS\SYSTEM\AtlNode.DLL: UMonitor
C:\WINDOWS\SYSTEM\AUI2Q9AA.DLL: UMonitor
C:\WINDOWS\SYSTEM\PMFMGR.DLL: UMonitor
C:\WINDOWS\SYSTEM\SUSINV.DLL: UMonitor
C:\WINDOWS\SYSTEM\UNBUI.DLL: UMonitor
C:\WINDOWS\SYSTEM\MBC30.DLL: UMonitor
C:\WINDOWS\SYSTEM\TJP3216S.DLL: UMonitor
C:\WINDOWS\SYSTEM\RSATHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\WP32DLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IOSETUP.DLL: UMonitor
C:\WINDOWS\SYSTEM\INHLPAPI.DLL: UMonitor
C:\WINDOWS\SYSTEM\MYLS31.DLL: UMonitor
C:\WINDOWS\SYSTEM\mldxmlc.dll: UMonitor
C:\WINDOWS\SYSTEM\mavidctl.dll: UMonitor
C:\WINDOWS\SYSTEM\sSge.dll: UMonitor
-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\RUATHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\RICNS4.DLL: UMonitor
C:\WINDOWS\SYSTEM\WWNETMGR.DLL: UMonitor
C:\WINDOWS\SYSTEM\LWFPX70N.DLL: UMonitor
C:\WINDOWS\SYSTEM\DBMODEMX.DLL: UMonitor
C:\WINDOWS\SYSTEM\VQRSION.DLL: UMonitor
C:\WINDOWS\SYSTEM\ADIMIAXX.DLL: UMonitor
C:\WINDOWS\SYSTEM\AtlNode.DLL: UMonitor
C:\WINDOWS\SYSTEM\AUI2Q9AA.DLL: UMonitor
C:\WINDOWS\SYSTEM\PMFMGR.DLL: UMonitor
C:\WINDOWS\SYSTEM\SUSINV.DLL: UMonitor
C:\WINDOWS\SYSTEM\UNBUI.DLL: UMonitor
C:\WINDOWS\SYSTEM\MBC30.DLL: UMonitor
C:\WINDOWS\SYSTEM\TJP3216S.DLL: UMonitor
C:\WINDOWS\SYSTEM\RSATHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\WP32DLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IOSETUP.DLL: UMonitor
C:\WINDOWS\SYSTEM\INHLPAPI.DLL: UMonitor
C:\WINDOWS\SYSTEM\MYLS31.DLL: UMonitor
C:\WINDOWS\SYSTEM\mldxmlc.dll: UMonitor
C:\WINDOWS\SYSTEM\mavidctl.dll: UMonitor
C:\WINDOWS\SYSTEM\sSge.dll: UMonitor

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec Core LC"="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe start"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"RunDLL"="rundll32.exe \"C:\\WINDOWS\\DOWNLOADED PROGRAM FILES\\BRIDGE.DLL\",Load"
"AutoUpdater"="\"c:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"EM_EXEC"="C:\\MOUSE\\SYSTEM\\EM_EXEC.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"IE Menu Extension toolbar"="rundll32.exe \"C:\\PROGRA~1\\IEMENU~1\\tbextn.dll\" DllShowTB"
"VBundleOuterDL"="C:\\Program Files\\VBouncer\\BundleOuter.EXE"
"MicroAntivirus"="C:\\Program Files\\MicroAntivirus\\bin\\Tray.exe --logon"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGEMC.EXE"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"


 
Flrman1

· Registered
Joined
·
46,465 Posts
#18 ·
Download the Hoster from here . UnZip the file to your desktop.

Also click Here and download the VX2Finder9x.exe tool.

Next click Here and download the the new version of Killbox and save it to your desktop.

Double-click on Killbox.exe to run it. Now put a tick by Delete on Reboot. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file on next reboot. Click Yes. It will then ask if you want to reboot now. Click No. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM\ruathunk.dll

C:\WINDOWS\SYSTEM\ricns4.dll

C:\WINDOWS\SYSTEM\lwfpx70n.dll

C:\WINDOWS\SYSTEM\dbmodemx.dll

C:\WINDOWS\SYSTEM\vqrsion.dll

C:\WINDOWS\SYSTEM\adimiaxx.dll

C:\WINDOWS\SYSTEM\atlnode.dll

C:\WINDOWS\SYSTEM\aui2q9aa.dll

C:\WINDOWS\SYSTEM\pmfmgr.dll

C:\WINDOWS\SYSTEM\susinv.dll

C:\WINDOWS\SYSTEM\unbui.dll

C:\WINDOWS\SYSTEM\mbc30.dll

C:\WINDOWS\SYSTEM\tjp3216s.dll

C:\WINDOWS\SYSTEM\rsathunk.dll

C:\WINDOWS\SYSTEM\wp32dll.dll

C:\WINDOWS\SYSTEM\iosetup.dll

C:\WINDOWS\SYSTEM\inhlpapi.dll

C:\WINDOWS\SYSTEM\myls31.dll

C:\WINDOWS\SYSTEM\mldxmlc.dll

C:\WINDOWS\SYSTEM\mavidctl.dll

C:\WINDOWS\SYSTEM\ssge.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Run the Hoster and click "Restore Original Hosts" and press "OK" then Exit the Hoster.

Next run VX2Finder and then click on the "Click to Find VX2.Betterinternet" button. Click the "User Agent " Button.

Now restart your computer.

After you restart, Run find.bat and Dllcompare again and post the new logs from them both.
 
Save Share
S

· Registered
Joined
·
12 Posts
Discussion Starter · #19 ·
Thanks for all the help. this place is wonderful. I think that the problem is now fixed. I hate to admit this but I was running ad-aware 6.0 not SE. Upon running SE, it found over 200 bugs that 6.0 did not pick up. Zone alarm is quit now and there are no more pop-ups....here is my latest hjt log...
Logfile of HijackThis v1.99.0
Scan saved at 7:07:04 AM, on 01/21/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROANTIVIRUS\BIN\TRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO2002\COMPONENTS\QBAGENT\QBDAGENT2002.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO2002\QBW32.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO2002\AXLBRIDGE.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by IMC Computer 714-520-3188
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MicroAntivirus] C:\Program Files\MicroAntivirus\bin\Tray.exe --logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Valued Sony Customer\Client\HelpExp.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O4 - HKCU\..\RunServicesOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro2002\Components\QBAgent\qbdagent2002.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .mp3: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npwinamp.dll
O12 - Plugin for .wvx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/bounce/install.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.0.25/holdem/holdem-ob-assets.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.com/pub/sr-test/streetnoagent7.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 
Flrman1

· Registered
Joined
·
46,465 Posts
#20 ·
I need to see another find.bat log please. We need to be sure all the files are gone. Run find.bat again and post a new log from it.
 
Save Share
1 - 20 of 27 Posts
Status
Not open for further replies.
About this Discussion
26 Replies
3 Participants
Last post:
Flrman1
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top