missing shortcut?

Hi omghelp

These files:

WGEWNA63
T2D3G05V
E79L74LK
MORZE5
OVEDKM3Z

They're from the Adtomi parasite. I have removal instructions for it, but first let's see your Hijack This log.

Please do this. Click here to download Hijack This. Click on the Hijackthis.exe.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.

*Note: When you download Hijack This Do Not download it to a temp folder or to the desktop. Create a permanent folder somewhere like in My Documents and name it Hijack This and put it in that folder.

Once we see your Hijack This log I'll post the removal instructions.

ok here it is

Logfile of HijackThis v1.97.7
Scan saved at 11:01:51 PM, on 4/4/04
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\R_SERVER.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WINLOGIN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDREGA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\CALSDR.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN2\APUC.DLL
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH13218.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
O4 - HKLM\..\Run: [Windows Logon] WINLOGIN.EXE
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\SYSTEM\MSBB.EXE
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [duz] C:\WINDOWS\duz.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [eanth_critical_update_alert] "C:\PROGRAM FILES\ACCELERATION SOFTWARE\SYSTEMPATCHER\SYS_ALERT.EXE" /Startup
O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAM FILES\SCBAR\V2\SCBAR.EXE" /U
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [DDREGA] C:\WINDOWS\SYSTEM\DDREGA.exe
O4 - HKLM\..\Run: [E43K2I69.EXE] C:\WINDOWS\E43K2I69.EXE /dk
O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [E43K2I69.EXE] C:\WINDOWS\E43K2I69.EXE /dk
O4 - HKCU\..\RunOnce: [Windows Logon] WINLOGIN.EXE
O4 - Startup: YT3EUQLI.lnk = C:\WINDOWS\yt3euqli.exe
O4 - Startup: ONOMX60U.lnk = C:\WINDOWS\onomx60u.exe
O4 - Startup: M5WJHPMF.lnk = C:\WINDOWS\m5wjhpmf.exe
O4 - Startup: T0AAL52H.lnk = C:\WINDOWS\t0aal52h.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: 02XBIU4W.lnk = C:\WINDOWS\02xbiu4w.exe
O4 - Startup: FIHVXDPT.lnk = C:\WINDOWS\fihvxdpt.exe
O4 - Startup: 66U3H0QW.lnk = C:\WINDOWS\66u3h0qw.exe
O4 - Startup: QAQIFQCF.lnk = C:\WINDOWS\qaqifqcf.exe
O4 - Startup: DB3P63BX.lnk = C:\WINDOWS\db3p63bx.exe
O4 - Startup: E43K2I69.lnk = C:\WINDOWS\e43k2i69.exe
O4 - Global Startup: T0AAL52H.lnk = C:\WINDOWS\t0aal52h.exe
O4 - Global Startup: YT3EUQLI.lnk = C:\WINDOWS\yt3euqli.exe
O4 - Global Startup: ONOMX60U.lnk = C:\WINDOWS\onomx60u.exe
O4 - Global Startup: M5WJHPMF.lnk = C:\WINDOWS\m5wjhpmf.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: 02XBIU4W.lnk = C:\WINDOWS\02xbiu4w.exe
O4 - Global Startup: FIHVXDPT.lnk = C:\WINDOWS\fihvxdpt.exe
O4 - Global Startup: 66U3H0QW.lnk = C:\WINDOWS\66u3h0qw.exe
O4 - Global Startup: QAQIFQCF.lnk = C:\WINDOWS\qaqifqcf.exe
O4 - Global Startup: DB3P63BX.lnk = C:\WINDOWS\db3p63bx.exe
O4 - Global Startup: E43K2I69.lnk = C:\WINDOWS\e43k2i69.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

To get rid of Adtomi run this script put together by Mosaic1:

Click here to download 9xAdtomi Cleanup.zip.

Unzip the files to a folder of your choice.

If you have a Script Blocking Program enabled, disable it first so the scripts may run.

Open the folder and Double Click Cleanup.bat

*NOTE: DO NOT Touch the VBS files. The bat file will run the scripts all by itself.

It will:

Remove the Adtomi Spyware files from the Windows Folder
Clean the Startup Folders
Create Backups of the Adtomi exe files it deletes and save them in this folder
Create a list of all oddly named files deleted from the Windows Folder
Uninstall the Browserhelper.dll browser plugin
Start HijackThis and give you directions on what to remove.

When you have finished please restart the computer.

Go to the folder that you extracted the Adtomi cleanup files to and find the Adtomi.txt file. Copy and paste the contents of that text file here along with a fresh Hijack This log.

well the script worked....I no longer have those missing shortcut errors.
Thank you very much for the intelligent help!
hopefully this parasite is gone.

Now one other thing.....I have already run Adaware to remove spyware....but there seems to be a \lot of popups and lag when trying to pull up browser.

Can you recomend anything better for removal?

these things are in my task manager:
DW
bargains
eanthology
defscangui
loader
starter
sys_alert
msbb and a couple others i beleive should be running.
if these dont belong....how do i remove?

Once again ty very much....good show!

This is the second log

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Windows Logon] WINLOGIN.EXE
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [W3DPROS] C:\WINDOWS\SYSTEM\W3DPROS.exe
O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\RunOnce: [Windows Logon] WINLOGIN.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab