Tech Support Guy banner
Status
Not open for further replies.
1 - 20 of 43 Posts

·
Registered
Joined
·
36 Posts
Discussion Starter · #1 ·
windows 98 second...
browser IE 6

If you need more info, asks...

when I boot the computer I get widows that I am missing:
morze5.exe
morze1.exe
k41xqxec.exe
njd0pefo.exe

windows looks for the exe but can not find them..then asks if I want to redirect the link to different exe, which I said no to...

computer seems to be working ok....

I have had spyware problems in the past and did notice lastnight that my homepage had been changed to some add.......

thanks,
Nathan
 

·
Registered
Joined
·
36 Posts
Discussion Starter · #2 ·
Logfile of HijackThis v1.97.7
Scan saved at 9:21:05 PM, on 3/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\PDDIEE36.EXE
C:\WINDOWS\SYSTEM\FC42ENUM.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS1977\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hkcu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\ADSHIELD\ADSHIELD\ADSHIELD.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\CALSDR.DLL
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [FC42ENUM] C:\WINDOWS\SYSTEM\FC42ENUM.exe
O4 - HKLM\..\Run: [PDDIEE36.EXE] C:\WINDOWS\PDDIEE36.EXE /dk
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [PDDIEE36.EXE] C:\WINDOWS\PDDIEE36.EXE /dk
O4 - Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: QECB075T.lnk = C:\WINDOWS\qecb075t.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: 1ZKARB0G.lnk = C:\WINDOWS\1zkarb0g.exe
O4 - Startup: RF1M2ID0.lnk = C:\WINDOWS\rf1m2id0.exe
O4 - Startup: 29G20PMA.lnk = C:\WINDOWS\29g20pma.exe
O4 - Startup: VH7T1N0I.lnk = C:\WINDOWS\vh7t1n0i.exe
O4 - Startup: JJ40F0BD.lnk = C:\WINDOWS\jj40f0bd.exe
O4 - Startup: L6HL509D.lnk = C:\WINDOWS\l6hl509d.exe
O4 - Startup: NJD0PEFO.lnk = C:\WINDOWS\njd0pefo.exe
O4 - Startup: K41XQXEC.lnk = C:\WINDOWS\k41xqxec.exe
O4 - Startup: PDDIEE36.lnk = C:\WINDOWS\pddiee36.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: QECB075T.lnk = C:\WINDOWS\qecb075t.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: 1ZKARB0G.lnk = C:\WINDOWS\1zkarb0g.exe
O4 - Global Startup: RF1M2ID0.lnk = C:\WINDOWS\rf1m2id0.exe
O4 - Global Startup: 29G20PMA.lnk = C:\WINDOWS\29g20pma.exe
O4 - Global Startup: VH7T1N0I.lnk = C:\WINDOWS\vh7t1n0i.exe
O4 - Global Startup: JJ40F0BD.lnk = C:\WINDOWS\jj40f0bd.exe
O4 - Global Startup: L6HL509D.lnk = C:\WINDOWS\l6hl509d.exe
O4 - Global Startup: NJD0PEFO.lnk = C:\WINDOWS\njd0pefo.exe
O4 - Global Startup: K41XQXEC.lnk = C:\WINDOWS\k41xqxec.exe
O4 - Global Startup: PDDIEE36.lnk = C:\WINDOWS\pddiee36.exe
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Juno (HKCU)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .MTD: C:\PROGRA~1\INTERN~1\Plugins\npmusicn.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://ez.messagebay.com/code1/mbayactx.cab
O16 - DPF: {E09F6B38-3A0D-11D3-B5E7-0008C7BF61F2} (DetectMN) - http://www.musicnotes.com/download/npmusicn.cab
O16 - DPF: {71CA4411-45EC-4608-B9D7-6D4B6A9D1BB4} (Attenza System Profiler) - http://service.dell.com/dell/SystemProfiler.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.19/Hiwire.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} (MapQuest) - http://cdn.mapquest.com/mqtoolbar/mqgold1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37797.9005555556
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab

what is this all about? I see alot of those exe here:
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: QECB075T.lnk = C:\WINDOWS\qecb075t.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: 1ZKARB0G.lnk = C:\WINDOWS\1zkarb0g.exe
O4 - Global Startup: RF1M2ID0.lnk = C:\WINDOWS\rf1m2id0.exe
O4 - Global Startup: 29G20PMA.lnk = C:\WINDOWS\29g20pma.exe
O4 - Global Startup: VH7T1N0I.lnk = C:\WINDOWS\vh7t1n0i.exe
O4 - Global Startup: JJ40F0BD.lnk = C:\WINDOWS\jj40f0bd.exe
O4 - Global Startup: L6HL509D.lnk = C:\WINDOWS\l6hl509d.exe
O4 - Global Startup: NJD0PEFO.lnk = C:\WINDOWS\njd0pefo.exe
O4 - Global Startup: K41XQXEC.lnk = C:\WINDOWS\k41xqxec.exe
O4 - Global Startup: PDDIEE36.lnk = C:\WINDOWS\pddiee36.exe
 

·
Registered
Joined
·
22,468 Posts
First off, it's probably good that it can't find those files. Try running MSCONFIG and remove anything from starting automatically that you don't need.

In addition to a virus scan, you might want to download a good Spyware and Trojan Removal program. Those files are awfully suspicious.

Spybot Search and Destroy:
http://www.safer-networking.org/index.php?page=spybotsda

SpySweeper:
There is also a good spyware program at:
http://www.webroot.com/wb/products/spysweeper/index.php
This will also protect your home page from being hijacked.

Ad-Aware:
http://www.lavasoft.de/

With any of the above three programs, just like with Anti-Virus software, should have the latest updates installed before doing a scan.

CWShredder:
http://www.spywareinfo.com/downloads/tools/CWShredder.exe
 

·
Registered
Joined
·
36 Posts
Discussion Starter · #5 ·
ok, so I ran that virus checker and it found 14 infected files, but could not clean them, so I let it delete them. It dleted all but 1, b/c it was in use......

I ran highjack again and here is the log:

Logfile of HijackThis v1.97.7
Scan saved at 11:44:34 PM, on 3/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\WINDOWS\ZCBL4GVW.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS1977\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\ADSHIELD\ADSHIELD\ADSHIELD.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ZCBL4GVW.EXE] C:\WINDOWS\ZCBL4GVW.EXE /dk
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ZCBL4GVW.EXE] C:\WINDOWS\ZCBL4GVW.EXE /dk
O4 - Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: QECB075T.lnk = C:\WINDOWS\qecb075t.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: 1ZKARB0G.lnk = C:\WINDOWS\1zkarb0g.exe
O4 - Startup: RF1M2ID0.lnk = C:\WINDOWS\rf1m2id0.exe
O4 - Startup: 29G20PMA.lnk = C:\WINDOWS\29g20pma.exe
O4 - Startup: VH7T1N0I.lnk = C:\WINDOWS\vh7t1n0i.exe
O4 - Startup: JJ40F0BD.lnk = C:\WINDOWS\jj40f0bd.exe
O4 - Startup: L6HL509D.lnk = C:\WINDOWS\l6hl509d.exe
O4 - Startup: NJD0PEFO.lnk = C:\WINDOWS\njd0pefo.exe
O4 - Startup: K41XQXEC.lnk = C:\WINDOWS\k41xqxec.exe
O4 - Startup: PDDIEE36.lnk = C:\WINDOWS\pddiee36.exe
O4 - Startup: 0IVX5EWN.lnk = C:\WINDOWS\0ivx5ewn.exe
O4 - Startup: N43YL75G.lnk = C:\WINDOWS\n43yl75g.exe
O4 - Startup: ZCBL4GVW.lnk = C:\WINDOWS\zcbl4gvw.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: QECB075T.lnk = C:\WINDOWS\qecb075t.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: 1ZKARB0G.lnk = C:\WINDOWS\1zkarb0g.exe
O4 - Global Startup: RF1M2ID0.lnk = C:\WINDOWS\rf1m2id0.exe
O4 - Global Startup: 29G20PMA.lnk = C:\WINDOWS\29g20pma.exe
O4 - Global Startup: VH7T1N0I.lnk = C:\WINDOWS\vh7t1n0i.exe
O4 - Global Startup: JJ40F0BD.lnk = C:\WINDOWS\jj40f0bd.exe
O4 - Global Startup: L6HL509D.lnk = C:\WINDOWS\l6hl509d.exe
O4 - Global Startup: NJD0PEFO.lnk = C:\WINDOWS\njd0pefo.exe
O4 - Global Startup: K41XQXEC.lnk = C:\WINDOWS\k41xqxec.exe
O4 - Global Startup: PDDIEE36.lnk = C:\WINDOWS\pddiee36.exe
O4 - Global Startup: 0IVX5EWN.lnk = C:\WINDOWS\0ivx5ewn.exe
O4 - Global Startup: N43YL75G.lnk = C:\WINDOWS\n43yl75g.exe
O4 - Global Startup: ZCBL4GVW.lnk = C:\WINDOWS\zcbl4gvw.exe
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Juno (HKCU)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .MTD: C:\PROGRA~1\INTERN~1\Plugins\npmusicn.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://ez.messagebay.com/code1/mbayactx.cab
O16 - DPF: {E09F6B38-3A0D-11D3-B5E7-0008C7BF61F2} (DetectMN) - http://www.musicnotes.com/download/npmusicn.cab
O16 - DPF: {71CA4411-45EC-4608-B9D7-6D4B6A9D1BB4} (Attenza System Profiler) - http://service.dell.com/dell/SystemProfiler.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.19/Hiwire.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} (MapQuest) - http://cdn.mapquest.com/mqtoolbar/mqgold1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37797.9005555556
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
 

·
Registered
Joined
·
16,274 Posts
Rescan and put a check next to each of these then close all browser windows and click "fix checked"

O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\ADSHIELD\ADSHIELD\ADSHIELD.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O4 - HKLM\..\Run: [ZCBL4GVW.EXE] C:\WINDOWS\ZCBL4GVW.EXE /dk

O4 - HKCU\..\Run: [ZCBL4GVW.EXE] C:\WINDOWS\ZCBL4GVW.EXE /dk
O4 - Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: QECB075T.lnk = C:\WINDOWS\qecb075t.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: 1ZKARB0G.lnk = C:\WINDOWS\1zkarb0g.exe
O4 - Startup: RF1M2ID0.lnk = C:\WINDOWS\rf1m2id0.exe
O4 - Startup: 29G20PMA.lnk = C:\WINDOWS\29g20pma.exe
O4 - Startup: VH7T1N0I.lnk = C:\WINDOWS\vh7t1n0i.exe
O4 - Startup: JJ40F0BD.lnk = C:\WINDOWS\jj40f0bd.exe
O4 - Startup: L6HL509D.lnk = C:\WINDOWS\l6hl509d.exe
O4 - Startup: NJD0PEFO.lnk = C:\WINDOWS\njd0pefo.exe
O4 - Startup: K41XQXEC.lnk = C:\WINDOWS\k41xqxec.exe
O4 - Startup: PDDIEE36.lnk = C:\WINDOWS\pddiee36.exe
O4 - Startup: 0IVX5EWN.lnk = C:\WINDOWS\0ivx5ewn.exe
O4 - Startup: N43YL75G.lnk = C:\WINDOWS\n43yl75g.exe
O4 - Startup: ZCBL4GVW.lnk = C:\WINDOWS\zcbl4gvw.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: QECB075T.lnk = C:\WINDOWS\qecb075t.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: 1ZKARB0G.lnk = C:\WINDOWS\1zkarb0g.exe
O4 - Global Startup: RF1M2ID0.lnk = C:\WINDOWS\rf1m2id0.exe
O4 - Global Startup: 29G20PMA.lnk = C:\WINDOWS\29g20pma.exe
O4 - Global Startup: VH7T1N0I.lnk = C:\WINDOWS\vh7t1n0i.exe
O4 - Global Startup: JJ40F0BD.lnk = C:\WINDOWS\jj40f0bd.exe
O4 - Global Startup: L6HL509D.lnk = C:\WINDOWS\l6hl509d.exe
O4 - Global Startup: NJD0PEFO.lnk = C:\WINDOWS\njd0pefo.exe
O4 - Global Startup: K41XQXEC.lnk = C:\WINDOWS\k41xqxec.exe
O4 - Global Startup: PDDIEE36.lnk = C:\WINDOWS\pddiee36.exe
O4 - Global Startup: 0IVX5EWN.lnk = C:\WINDOWS\0ivx5ewn.exe
O4 - Global Startup: N43YL75G.lnk = C:\WINDOWS\n43yl75g.exe
O4 - Global Startup: ZCBL4GVW.lnk = C:\WINDOWS\zcbl4gvw.exe

Then reboot into safe mode and delete :
C:\WINDOWS\morze5.exe
C:\WINDOWS\qecb075t.exe
C:\WINDOWS\morze1.exe
C:\WINDOWS\1zkarb0g.exe
C:\WINDOWS\rf1m2id0.exe
C:\WINDOWS\29g20pma.exe
C:\WINDOWS\vh7t1n0i.exe
C:\WINDOWS\jj40f0bd.exe
C:\WINDOWS\l6hl509d.exe
C:\WINDOWS\njd0pefo.exe
C:\WINDOWS\k41xqxec.exe
C:\WINDOWS\pddiee36.exe
C:\WINDOWS\0ivx5ewn.exe
C:\WINDOWS\n43yl75g.exe
C:\WINDOWS\zcbl4gvw.exe
C:\WINDOWS\morze5.exe
C:\WINDOWS\qecb075t.exe
C:\WINDOWS\morze1.exe
C:\WINDOWS\1zkarb0g.exe
C:\WINDOWS\rf1m2id0.exe
C:\WINDOWS\29g20pma.exe
C:\WINDOWS\vh7t1n0i.exe
C:\WINDOWS\jj40f0bd.exe
C:\WINDOWS\l6hl509d.exe
C:\WINDOWS\njd0pefo.exe
C:\WINDOWS\k41xqxec.exe
C:\WINDOWS\pddiee36.exe
C:\WINDOWS\0ivx5ewn.exe
C:\WINDOWS\n43yl75g.exe
C:\WINDOWS\zcbl4gvw.exe
C:\WINDOWS\ZCBL4GVW.EXE
C:\Program Files\Common Files\efax\Dllcmd32.exe

Then produce a fresh log please.
 

·
Registered
Joined
·
36 Posts
Discussion Starter · #11 ·
hey...I tried. I ran and deleted the files you said. I got to safe mode and could not find any of those exe. Yes show all is on.. They are not there in safe mode or in normal mode. when I restared the computer I had a bunch more errors regaurding missing exe that I never heard of..
so here is the scan log for the current time:

Logfile of HijackThis v1.97.7
Scan saved at 12:48:40 AM, on 3/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\QAF8UJBZ.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS1977\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QAF8UJBZ.EXE] C:\WINDOWS\QAF8UJBZ.EXE /dk
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [QAF8UJBZ.EXE] C:\WINDOWS\QAF8UJBZ.EXE /dk
O4 - Startup: 2GJPAPDZ.lnk = C:\WINDOWS\2gjpapdz.exe
O4 - Startup: PA0I2UD6.lnk = C:\WINDOWS\pa0i2ud6.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: U5B86JLN.lnk = C:\WINDOWS\u5b86jln.exe
O4 - Startup: G3TR6RU2.lnk = C:\WINDOWS\g3tr6ru2.exe
O4 - Startup: P61RWAZN.lnk = C:\WINDOWS\p61rwazn.exe
O4 - Startup: QAF8UJBZ.lnk = C:\WINDOWS\qaf8ujbz.exe
O4 - Startup: BH88BT43.lnk = C:\WINDOWS\bh88bt43.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: PA0I2UD6.lnk = C:\WINDOWS\pa0i2ud6.exe
O4 - Global Startup: 0PXWUBJW.lnk = C:\WINDOWS\0pxwubjw.exe
O4 - Global Startup: U5B86JLN.lnk = C:\WINDOWS\u5b86jln.exe
O4 - Global Startup: G3TR6RU2.lnk = C:\WINDOWS\g3tr6ru2.exe
O4 - Global Startup: P61RWAZN.lnk = C:\WINDOWS\p61rwazn.exe
O4 - Global Startup: 2GJPAPDZ.lnk = C:\WINDOWS\2gjpapdz.exe
O4 - Global Startup: QAF8UJBZ.lnk = C:\WINDOWS\qaf8ujbz.exe
O4 - Global Startup: BH88BT43.lnk = C:\WINDOWS\bh88bt43.exe
O4 - Global Startup: OJ8L7CR0.lnk = C:\WINDOWS\oj8l7cr0.exe
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Juno (HKCU)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .MTD: C:\PROGRA~1\INTERN~1\Plugins\npmusicn.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://ez.messagebay.com/code1/mbayactx.cab
O16 - DPF: {E09F6B38-3A0D-11D3-B5E7-0008C7BF61F2} (DetectMN) - http://www.musicnotes.com/download/npmusicn.cab
O16 - DPF: {71CA4411-45EC-4608-B9D7-6D4B6A9D1BB4} (Attenza System Profiler) - http://service.dell.com/dell/SystemProfiler.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.19/Hiwire.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} (MapQuest) - http://cdn.mapquest.com/mqtoolbar/mqgold1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37797.9005555556
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
 

·
Registered
Joined
·
36 Posts
Discussion Starter · #12 ·
O4 - Startup: 2GJPAPDZ.lnk = C:\WINDOWS\2gjpapdz.exe
O4 - Startup: PA0I2UD6.lnk = C:\WINDOWS\pa0i2ud6.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: U5B86JLN.lnk = C:\WINDOWS\u5b86jln.exe
O4 - Startup: G3TR6RU2.lnk = C:\WINDOWS\g3tr6ru2.exe
O4 - Startup: P61RWAZN.lnk = C:\WINDOWS\p61rwazn.exe
O4 - Startup: QAF8UJBZ.lnk = C:\WINDOWS\qaf8ujbz.exe
O4 - Startup: BH88BT43.lnk = C:\WINDOWS\bh88bt43.exe

I still dont like these and don't reconize em..
 

·
Registered
Joined
·
36 Posts
Discussion Starter · #17 ·
hey I used the antivirus scaner at the site listed above trend one. I am now scaning with nortan, but in all honesty, it is not so up to date....Well I will look around and try and delete some of the above and then post a log..

thanks for your continued help.....
Nathan
 

·
Registered
Joined
·
36 Posts
Discussion Starter · #18 ·
looking at other stuff I found this

in running proccese:
C:\WINDOWS\N8X8OUK3.EX

Shell folders Startup:
2GJPAPDZ.lnk = C:\WINDOWS\2gjpapdz.exe
PA0I2UD6.lnk = C:\WINDOWS\pa0i2ud6.exe
U5B86JLN.lnk = C:\WINDOWS\u5b86jln.exe
G3TR6RU2.lnk = C:\WINDOWS\g3tr6ru2.exe
P61RWAZN.lnk = C:\WINDOWS\p61rwazn.exe
QAF8UJBZ.lnk = C:\WINDOWS\qaf8ujbz.exe
QHJUGDKR.lnk = C:\WINDOWS\qhjugdkr.exe
GTXYD7VM.lnk = C:\WINDOWS\gtxyd7vm.exe
7FQZ1011.lnk = C:\WINDOWS\7fqz1011.exe
Z69CMH0T.lnk = C:\WINDOWS\z69cmh0t.exe
P4POEOUZ.lnk = C:\WINDOWS\p4poeouz.exe
ODY1PCV4.lnk = C:\WINDOWS\ody1pcv4.exe
AO10IRA7.lnk = C:\WINDOWS\ao10ira7.exe
N8X8OUK3.lnk = C:\WINDOWS\n8x8ouk3.exe
BH88BT43.lnk = C:\WINDOWS\bh88bt43.exe

Shell folders Common Startup:
PA0I2UD6.lnk = C:\WINDOWS\pa0i2ud6.exe
0PXWUBJW.lnk = C:\WINDOWS\0pxwubjw.exe
U5B86JLN.lnk = C:\WINDOWS\u5b86jln.exe
G3TR6RU2.lnk = C:\WINDOWS\g3tr6ru2.exe
P61RWAZN.lnk = C:\WINDOWS\2gjpapdz.exe
2GJPAPDZ.lnk = C:\WINDOWS\2gjpapdz.exe
QAF8UJBZ.lnk = C:\WINDOWS\qaf8ujbz.exe
QHJUGDKR.lnk = C:\WINDOWS\qhjugdkr.exe
GTXYD7VM.lnk = C:\WINDOWS\gtxyd7vm.exe
7FQZ1011.lnk = C:\WINDOWS\7fqz1011.exe
Z69CMH0T.lnk = C:\WINDOWS\z69cmh0t.exe
P4POEOUZ.lnk = C:\WINDOWS\p4poeouz.exe
ODY1PCV4.lnk = C:\WINDOWS\ody1pcv4.exe
AO10IRA7.lnk = C:\WINDOWS\ao10ira7.exe
N8X8OUK3.lnk = C:\WINDOWS\n8x8ouk3.exe
BH88BT43.lnk = C:\WINDOWS\bh88bt43.exe
OJ8L7CR0.lnk = C:\WINDOWS\oj8l7cr0.exe


Autorun entries from Registry:
N8X8OUK3.EXE = C:\WINDOWS\N8X8OUK3.EXE /dk

Autorun entries from Registry:
N8X8OUK3.EXE = C:\WINDOWS\N8X8OUK3.EXE /dk
 

·
Registered
Joined
·
36 Posts
Discussion Starter · #19 ·
most recent log..let me know guys thanks..
Logfile of HijackThis v1.97.7
Scan saved at 11:26:30 PM, on 3/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\1LFEYTL8.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS1977\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [1LFEYTL8.EXE] C:\WINDOWS\1LFEYTL8.EXE /dk
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [1LFEYTL8.EXE] C:\WINDOWS\1LFEYTL8.EXE /dk
O4 - Startup: 2GJPAPDZ.lnk = C:\WINDOWS\2gjpapdz.exe
O4 - Startup: PA0I2UD6.lnk = C:\WINDOWS\pa0i2ud6.exe
O4 - Startup: 5N000QCA.lnk = C:\WINDOWS\5n000qca.exe
O4 - Startup: U5B86JLN.lnk = C:\WINDOWS\u5b86jln.exe
O4 - Startup: G3TR6RU2.lnk = C:\WINDOWS\g3tr6ru2.exe
O4 - Startup: P61RWAZN.lnk = C:\WINDOWS\p61rwazn.exe
O4 - Startup: QAF8UJBZ.lnk = C:\WINDOWS\qaf8ujbz.exe
O4 - Startup: QHJUGDKR.lnk = C:\WINDOWS\qhjugdkr.exe
O4 - Startup: GTXYD7VM.lnk = C:\WINDOWS\gtxyd7vm.exe
O4 - Startup: 7FQZ1011.lnk = C:\WINDOWS\7fqz1011.exe
O4 - Startup: Z69CMH0T.lnk = C:\WINDOWS\z69cmh0t.exe
O4 - Startup: P4POEOUZ.lnk = C:\WINDOWS\p4poeouz.exe
O4 - Startup: ODY1PCV4.lnk = C:\WINDOWS\ody1pcv4.exe
O4 - Startup: AO10IRA7.lnk = C:\WINDOWS\ao10ira7.exe
O4 - Startup: N8X8OUK3.lnk = C:\WINDOWS\n8x8ouk3.exe
O4 - Startup: 1LFEYTL8.lnk = C:\WINDOWS\1lfeytl8.exe
O4 - Startup: BH88BT43.lnk = C:\WINDOWS\bh88bt43.exe
O4 - Global Startup: 5N000QCA.lnk = C:\WINDOWS\5n000qca.exe
O4 - Global Startup: PA0I2UD6.lnk = C:\WINDOWS\pa0i2ud6.exe
O4 - Global Startup: 0PXWUBJW.lnk = C:\WINDOWS\0pxwubjw.exe
O4 - Global Startup: U5B86JLN.lnk = C:\WINDOWS\u5b86jln.exe
O4 - Global Startup: G3TR6RU2.lnk = C:\WINDOWS\g3tr6ru2.exe
O4 - Global Startup: P61RWAZN.lnk = C:\WINDOWS\2gjpapdz.exe
O4 - Global Startup: 2GJPAPDZ.lnk = C:\WINDOWS\2gjpapdz.exe
O4 - Global Startup: QAF8UJBZ.lnk = C:\WINDOWS\qaf8ujbz.exe
O4 - Global Startup: QHJUGDKR.lnk = C:\WINDOWS\qhjugdkr.exe
O4 - Global Startup: GTXYD7VM.lnk = C:\WINDOWS\gtxyd7vm.exe
O4 - Global Startup: 7FQZ1011.lnk = C:\WINDOWS\7fqz1011.exe
O4 - Global Startup: Z69CMH0T.lnk = C:\WINDOWS\z69cmh0t.exe
O4 - Global Startup: P4POEOUZ.lnk = C:\WINDOWS\p4poeouz.exe
O4 - Global Startup: ODY1PCV4.lnk = C:\WINDOWS\ody1pcv4.exe
O4 - Global Startup: AO10IRA7.lnk = C:\WINDOWS\ao10ira7.exe
O4 - Global Startup: N8X8OUK3.lnk = C:\WINDOWS\n8x8ouk3.exe
O4 - Global Startup: BH88BT43.lnk = C:\WINDOWS\bh88bt43.exe
O4 - Global Startup: OJ8L7CR0.lnk = C:\WINDOWS\oj8l7cr0.exe
O4 - Global Startup: 1LFEYTL8.lnk = C:\WINDOWS\1lfeytl8.exe
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Juno (HKCU)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .MTD: C:\PROGRA~1\INTERN~1\Plugins\npmusicn.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://ez.messagebay.com/code1/mbayactx.cab
O16 - DPF: {E09F6B38-3A0D-11D3-B5E7-0008C7BF61F2} (DetectMN) - http://www.musicnotes.com/download/npmusicn.cab
O16 - DPF: {71CA4411-45EC-4608-B9D7-6D4B6A9D1BB4} (Attenza System Profiler) - http://service.dell.com/dell/SystemProfiler.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.19/Hiwire.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} (MapQuest) - http://cdn.mapquest.com/mqtoolbar/mqgold1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37797.9005555556
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab

ps:
errors that have popped up:
MORZE1 caused a general protection fault
in module DDEML.DLL at 0002:00002139.

N8X8OUK3 caused a general protection fault
in module DDEML.DLL at 0002:00002139.

AO10IRA7 caused a general protection fault
in module DDEML.DLL at 0002:00002139.

and this may or may not matter:

also microsoft office 2000 standard keeps popping up and trying to install something when I am not requesting it to do so. I hit cancel and it trys 2 more times and then stops. Ironicaly this same thing happen to me today at school on a computer in the library. The only file I can think of that I was working on at home and then at school was a powerpoint presentation and a outline in word...
 
1 - 20 of 43 Posts
Status
Not open for further replies.
Top