Tech Support Guy banner
Cancel

(Solved) problem with shortcut

Jump to Latest Follow
Status
Not open for further replies.
1 - 12 of 12 Posts
W

· Registered
Joined
·
18 Posts
Discussion Starter · #1 ·
i get these problem with shortcuts everytime i start up windows, and weird files show up in startup , when i delete them, they reappear again. it says the shortcut morze5.lnk is unavailable. about twenty different ones show up, one right after another such as n4tyoc05.lnk. i have run registry mechanic, ad aware, virus check, all with no luck of removing whatever this is.

this is the highjack this log

Logfile of HijackThis v1.97.7
Scan saved at 6:27:55 PM, on 3/31/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
C:\PROGRAM FILES\APOINT\APWHEEL.EXE
C:\WINDOWS\EUGH89C3.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\Client\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EUGH89C3.EXE] C:\WINDOWS\EUGH89C3.EXE /dk
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [EUGH89C3.EXE] C:\WINDOWS\EUGH89C3.EXE /dk
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [InstMsi0] C:\WINDOWS\SYSTEM\msiexec.exe /regserver
O4 - HKLM\..\RunOnce: [InstMsi1] rundll32.exe C:\WINDOWS\SYSTEM\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Installer\InstMsi0"
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: N4TYOC05.lnk = C:\WINDOWS\n4tyoc05.exe
O4 - Startup: G73DKYD0.lnk = C:\WINDOWS\g73dkyd0.exe
O4 - Startup: YN1RL7RW.lnk = C:\WINDOWS\yn1rl7rw.exe
O4 - Startup: JJXG5IP4.lnk = C:\WINDOWS\jjxg5ip4.exe
O4 - Startup: Y89KXLFP.lnk = C:\WINDOWS\y89kxlfp.exe
O4 - Startup: IH28302M.lnk = C:\WINDOWS\ih28302m.exe
O4 - Startup: 95GYWAU0.lnk = C:\WINDOWS\95gywau0.exe
O4 - Startup: 5R58L0PJ.lnk = C:\WINDOWS\5r58l0pj.exe
O4 - Startup: CGHCGK2H.lnk = C:\WINDOWS\cghcgk2h.exe
O4 - Startup: KVHIVHVM.lnk = C:\WINDOWS\kvhivhvm.exe
O4 - Startup: W1C4BNF0.lnk = C:\WINDOWS\w1c4bnf0.exe
O4 - Startup: Y8YMTHW3.lnk = C:\WINDOWS\y8ymthw3.exe
O4 - Startup: 91NIH6Y2.lnk = C:\WINDOWS\91nih6y2.exe
O4 - Startup: EUGH89C3.lnk = C:\WINDOWS\eugh89c3.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: 3VNJEK0M.lnk = C:\WINDOWS\3vnjek0m.exe
O4 - Global Startup: J73E7003.lnk = C:\WINDOWS\j73e7003.exe
O4 - Global Startup: MLW098MW.lnk = C:\WINDOWS\mlw098mw.exe
O4 - Global Startup: BIDBYH7X.lnk = C:\WINDOWS\bidbyh7x.exe
O4 - Global Startup: XDNG8V9Z.lnk = C:\WINDOWS\xdng8v9z.exe
O4 - Global Startup: ZQZM73R3.lnk = C:\WINDOWS\zqzm73r3.exe
O4 - Global Startup: 09HQ7A4Y.lnk = C:\WINDOWS\09hq7a4y.exe
O4 - Global Startup: BZBXGK5U.lnk = C:\WINDOWS\bzbxgk5u.exe
O4 - Global Startup: BUKD75OQ.lnk = C:\WINDOWS\bukd75oq.exe
O4 - Global Startup: KCM0ZYAU.lnk = C:\WINDOWS\kcm0zyau.exe
O4 - Global Startup: VUO0TLBF.lnk = C:\WINDOWS\vuo0tlbf.exe
O4 - Global Startup: 5NCB8D3N.lnk = C:\WINDOWS\5ncb8d3n.exe
O4 - Global Startup: 1CRORB48.lnk = C:\WINDOWS\1crorb48.exe
O4 - Global Startup: V08LP4H1.lnk = C:\WINDOWS\v08lp4h1.exe
O4 - Global Startup: WMABG7GN.lnk = C:\WINDOWS\wmabg7gn.exe
O4 - Global Startup: 7V1VNN87.lnk = C:\WINDOWS\7v1vnn87.exe
O4 - Global Startup: 4A6VYEFQ.lnk = C:\WINDOWS\4a6vyefq.exe
O4 - Global Startup: NUU5XYUP.lnk = C:\WINDOWS\nuu5xyup.exe
O4 - Global Startup: W8J0VND1.lnk = C:\WINDOWS\w8j0vnd1.exe
O4 - Global Startup: 07RVLT0U.lnk = C:\WINDOWS\07rvlt0u.exe
O4 - Global Startup: YN1RL7RW.lnk = C:\WINDOWS\yn1rl7rw.exe
O4 - Global Startup: ATDG3J7B.lnk = C:\WINDOWS\atdg3j7b.exe
O4 - Global Startup: O7JG9UNN.lnk = C:\WINDOWS\o7jg9unn.exe
O4 - Global Startup: NN1ZLMCN.lnk = C:\WINDOWS\nn1zlmcn.exe
O4 - Global Startup: 0TH03W45.lnk = C:\WINDOWS\0th03w45.exe
O4 - Global Startup: WUM7W2AV.lnk = C:\WINDOWS\wum7w2av.exe
O4 - Global Startup: V2HJO3PF.lnk = C:\WINDOWS\v2hjo3pf.exe
O4 - Global Startup: N4TYOC05.lnk = C:\WINDOWS\n4tyoc05.exe
O4 - Global Startup: G73DKYD0.lnk = C:\WINDOWS\g73dkyd0.exe
O4 - Global Startup: JJXG5IP4.lnk = C:\WINDOWS\jjxg5ip4.exe
O4 - Global Startup: Y89KXLFP.lnk = C:\WINDOWS\y89kxlfp.exe
O4 - Global Startup: IH28302M.lnk = C:\WINDOWS\ih28302m.exe
O4 - Global Startup: 95GYWAU0.lnk = C:\WINDOWS\95gywau0.exe
O4 - Global Startup: 5R58L0PJ.lnk = C:\WINDOWS\5r58l0pj.exe
O4 - Global Startup: CGHCGK2H.lnk = C:\WINDOWS\cghcgk2h.exe
O4 - Global Startup: KVHIVHVM.lnk = C:\WINDOWS\kvhivhvm.exe
O4 - Global Startup: W1C4BNF0.lnk = C:\WINDOWS\w1c4bnf0.exe
O4 - Global Startup: Y8YMTHW3.lnk = C:\WINDOWS\y8ymthw3.exe
O4 - Global Startup: 91NIH6Y2.lnk = C:\WINDOWS\91nih6y2.exe
O4 - Global Startup: EUGH89C3.lnk = C:\WINDOWS\eugh89c3.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
 
Triple6

· Premium Member
Joined
·
52,999 Posts
First Name -
Rob
#2 ·
Wow, thats gotta be a virus or some really nasty adware/spyware. There's several problems in your log.

Please do the following:

To check for a virus please visit one of the following sites for a free online virus scan. Even if you a virus scanner installed, this one gives you a second opinion, and it will be up-to-date which yours might not be.

Symantec:
http://security.symantec.com/sscv6/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=TBOWYHGBYNCJEIMXQKC

Trend Micro:
http://housecall.trendmicro.com

If you do not currently have and antivirus program install you can try AVG from www.grisoft.com – it is free.

In IE go to Tools -> Internet Options -> and delete Files and Cookies.

To check for and remove any Spyware or Adware that may be installed on your machine, download and install Adaware and Spybot. Then update each program before scanning. Fix ALL problems found by either of the programs. You may need to reboot and have the scan run at startup. Run it again to make sure all components have been removed. There is also an Immunize in feature in Spybot that should be enabled to protect against some installations of Adware/Spyware.

Ad-aware and Spybot:
http://spywareinfo.com/downloads.php?cat=sp#det

If you have Kazaa, it has to go. Uninstall through ADD/REMOVE PROGRAMS in Control Panel then use Kazaa Begone to remove it completely. Kazaa is full of Spyware and spreads viruses. All file-sharing programs cause a multitude of problems and promote illegal sharing of information.

Kazaa Begone:
http://www.spywareinfo.com/~merijn/downloads.html

Then post a new HijackThis Log to have someone analysis it for further cleaning/recommendations.

Hijack This:
http://www.spywareinfo.com/~merijn/downloads.html
 
Triple6

· Premium Member
Joined
·
52,999 Posts
First Name -
Rob
#3 ·
Remove these in Hijackthis:
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O4 - HKLM\..\Run: [EUGH89C3.EXE] C:\WINDOWS\EUGH89C3.EXE /dk
O4 - HKCU\..\Run: [EUGH89C3.EXE] C:\WINDOWS\EUGH89C3.EXE /dk
O4 - HKLM\..\RunOnce: [InstMsi0] C:\WINDOWS\SYSTEM\msiexec.exe /regserver
O4 - HKLM\..\RunOnce: [InstMsi1] rundll32.exe C:\WINDOWS\SYSTEM\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Installer\InstMsi0"
O4 - Startup: N4TYOC05.lnk = C:\WINDOWS\n4tyoc05.exe
O4 - Startup: G73DKYD0.lnk = C:\WINDOWS\g73dkyd0.exe
O4 - Startup: YN1RL7RW.lnk = C:\WINDOWS\yn1rl7rw.exe
O4 - Startup: JJXG5IP4.lnk = C:\WINDOWS\jjxg5ip4.exe
O4 - Startup: Y89KXLFP.lnk = C:\WINDOWS\y89kxlfp.exe
O4 - Startup: IH28302M.lnk = C:\WINDOWS\ih28302m.exe
O4 - Startup: 95GYWAU0.lnk = C:\WINDOWS\95gywau0.exe
O4 - Startup: 5R58L0PJ.lnk = C:\WINDOWS\5r58l0pj.exe
O4 - Startup: CGHCGK2H.lnk = C:\WINDOWS\cghcgk2h.exe
O4 - Startup: KVHIVHVM.lnk = C:\WINDOWS\kvhivhvm.exe
O4 - Startup: W1C4BNF0.lnk = C:\WINDOWS\w1c4bnf0.exe
O4 - Startup: Y8YMTHW3.lnk = C:\WINDOWS\y8ymthw3.exe
O4 - Startup: 91NIH6Y2.lnk = C:\WINDOWS\91nih6y2.exe
O4 - Startup: EUGH89C3.lnk = C:\WINDOWS\eugh89c3.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: 3VNJEK0M.lnk = C:\WINDOWS\3vnjek0m.exe
O4 - Global Startup: J73E7003.lnk = C:\WINDOWS\j73e7003.exe
O4 - Global Startup: MLW098MW.lnk = C:\WINDOWS\mlw098mw.exe
O4 - Global Startup: BIDBYH7X.lnk = C:\WINDOWS\bidbyh7x.exe
O4 - Global Startup: XDNG8V9Z.lnk = C:\WINDOWS\xdng8v9z.exe
O4 - Global Startup: ZQZM73R3.lnk = C:\WINDOWS\zqzm73r3.exe
O4 - Global Startup: 09HQ7A4Y.lnk = C:\WINDOWS\09hq7a4y.exe
O4 - Global Startup: BZBXGK5U.lnk = C:\WINDOWS\bzbxgk5u.exe
O4 - Global Startup: BUKD75OQ.lnk = C:\WINDOWS\bukd75oq.exe
O4 - Global Startup: KCM0ZYAU.lnk = C:\WINDOWS\kcm0zyau.exe
O4 - Global Startup: VUO0TLBF.lnk = C:\WINDOWS\vuo0tlbf.exe
O4 - Global Startup: 5NCB8D3N.lnk = C:\WINDOWS\5ncb8d3n.exe
O4 - Global Startup: 1CRORB48.lnk = C:\WINDOWS\1crorb48.exe
O4 - Global Startup: V08LP4H1.lnk = C:\WINDOWS\v08lp4h1.exe
O4 - Global Startup: WMABG7GN.lnk = C:\WINDOWS\wmabg7gn.exe
O4 - Global Startup: 7V1VNN87.lnk = C:\WINDOWS\7v1vnn87.exe
O4 - Global Startup: 4A6VYEFQ.lnk = C:\WINDOWS\4a6vyefq.exe
O4 - Global Startup: NUU5XYUP.lnk = C:\WINDOWS\nuu5xyup.exe
O4 - Global Startup: W8J0VND1.lnk = C:\WINDOWS\w8j0vnd1.exe
O4 - Global Startup: 07RVLT0U.lnk = C:\WINDOWS\07rvlt0u.exe
O4 - Global Startup: YN1RL7RW.lnk = C:\WINDOWS\yn1rl7rw.exe
O4 - Global Startup: ATDG3J7B.lnk = C:\WINDOWS\atdg3j7b.exe
O4 - Global Startup: O7JG9UNN.lnk = C:\WINDOWS\o7jg9unn.exe
O4 - Global Startup: NN1ZLMCN.lnk = C:\WINDOWS\nn1zlmcn.exe
O4 - Global Startup: 0TH03W45.lnk = C:\WINDOWS\0th03w45.exe
O4 - Global Startup: WUM7W2AV.lnk = C:\WINDOWS\wum7w2av.exe
O4 - Global Startup: V2HJO3PF.lnk = C:\WINDOWS\v2hjo3pf.exe
O4 - Global Startup: N4TYOC05.lnk = C:\WINDOWS\n4tyoc05.exe
O4 - Global Startup: G73DKYD0.lnk = C:\WINDOWS\g73dkyd0.exe
O4 - Global Startup: JJXG5IP4.lnk = C:\WINDOWS\jjxg5ip4.exe
O4 - Global Startup: Y89KXLFP.lnk = C:\WINDOWS\y89kxlfp.exe
O4 - Global Startup: IH28302M.lnk = C:\WINDOWS\ih28302m.exe
O4 - Global Startup: 95GYWAU0.lnk = C:\WINDOWS\95gywau0.exe
O4 - Global Startup: 5R58L0PJ.lnk = C:\WINDOWS\5r58l0pj.exe
O4 - Global Startup: CGHCGK2H.lnk = C:\WINDOWS\cghcgk2h.exe
O4 - Global Startup: KVHIVHVM.lnk = C:\WINDOWS\kvhivhvm.exe
O4 - Global Startup: W1C4BNF0.lnk = C:\WINDOWS\w1c4bnf0.exe
O4 - Global Startup: Y8YMTHW3.lnk = C:\WINDOWS\y8ymthw3.exe
O4 - Global Startup: 91NIH6Y2.lnk = C:\WINDOWS\91nih6y2.exe
O4 - Global Startup: EUGH89C3.lnk = C:\WINDOWS\eugh89c3.exe
 
Couriant

· Super Moderator
Joined
·
44,654 Posts
First Name -
James
#4 ·
Ouch! You got hit pretty bad :) OK do hjt again and remove:

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKCU\..\Run: [EUGH89C3.EXE] C:\WINDOWS\EUGH89C3.EXE /dk
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe - don't trust this one.
O4 - Startup: N4TYOC05.lnk = C:\WINDOWS\n4tyoc05.exe
O4 - Startup: G73DKYD0.lnk = C:\WINDOWS\g73dkyd0.exe
O4 - Startup: YN1RL7RW.lnk = C:\WINDOWS\yn1rl7rw.exe
O4 - Startup: JJXG5IP4.lnk = C:\WINDOWS\jjxg5ip4.exe
O4 - Startup: Y89KXLFP.lnk = C:\WINDOWS\y89kxlfp.exe
O4 - Startup: IH28302M.lnk = C:\WINDOWS\ih28302m.exe
O4 - Startup: 95GYWAU0.lnk = C:\WINDOWS\95gywau0.exe
O4 - Startup: 5R58L0PJ.lnk = C:\WINDOWS\5r58l0pj.exe
O4 - Startup: CGHCGK2H.lnk = C:\WINDOWS\cghcgk2h.exe
O4 - Startup: KVHIVHVM.lnk = C:\WINDOWS\kvhivhvm.exe
O4 - Startup: W1C4BNF0.lnk = C:\WINDOWS\w1c4bnf0.exe
O4 - Startup: Y8YMTHW3.lnk = C:\WINDOWS\y8ymthw3.exe
O4 - Startup: 91NIH6Y2.lnk = C:\WINDOWS\91nih6y2.exe
O4 - Startup: EUGH89C3.lnk = C:\WINDOWS\eugh89c3.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: 3VNJEK0M.lnk = C:\WINDOWS\3vnjek0m.exe
O4 - Global Startup: J73E7003.lnk = C:\WINDOWS\j73e7003.exe
O4 - Global Startup: MLW098MW.lnk = C:\WINDOWS\mlw098mw.exe
O4 - Global Startup: BIDBYH7X.lnk = C:\WINDOWS\bidbyh7x.exe
O4 - Global Startup: XDNG8V9Z.lnk = C:\WINDOWS\xdng8v9z.exe
O4 - Global Startup: ZQZM73R3.lnk = C:\WINDOWS\zqzm73r3.exe
O4 - Global Startup: 09HQ7A4Y.lnk = C:\WINDOWS\09hq7a4y.exe
O4 - Global Startup: BZBXGK5U.lnk = C:\WINDOWS\bzbxgk5u.exe
O4 - Global Startup: BUKD75OQ.lnk = C:\WINDOWS\bukd75oq.exe
O4 - Global Startup: KCM0ZYAU.lnk = C:\WINDOWS\kcm0zyau.exe
O4 - Global Startup: VUO0TLBF.lnk = C:\WINDOWS\vuo0tlbf.exe
O4 - Global Startup: 5NCB8D3N.lnk = C:\WINDOWS\5ncb8d3n.exe
O4 - Global Startup: 1CRORB48.lnk = C:\WINDOWS\1crorb48.exe
O4 - Global Startup: V08LP4H1.lnk = C:\WINDOWS\v08lp4h1.exe
O4 - Global Startup: WMABG7GN.lnk = C:\WINDOWS\wmabg7gn.exe
O4 - Global Startup: 7V1VNN87.lnk = C:\WINDOWS\7v1vnn87.exe
O4 - Global Startup: 4A6VYEFQ.lnk = C:\WINDOWS\4a6vyefq.exe
O4 - Global Startup: NUU5XYUP.lnk = C:\WINDOWS\nuu5xyup.exe
O4 - Global Startup: W8J0VND1.lnk = C:\WINDOWS\w8j0vnd1.exe
O4 - Global Startup: 07RVLT0U.lnk = C:\WINDOWS\07rvlt0u.exe
O4 - Global Startup: YN1RL7RW.lnk = C:\WINDOWS\yn1rl7rw.exe
O4 - Global Startup: ATDG3J7B.lnk = C:\WINDOWS\atdg3j7b.exe
O4 - Global Startup: O7JG9UNN.lnk = C:\WINDOWS\o7jg9unn.exe
O4 - Global Startup: NN1ZLMCN.lnk = C:\WINDOWS\nn1zlmcn.exe
O4 - Global Startup: 0TH03W45.lnk = C:\WINDOWS\0th03w45.exe
O4 - Global Startup: WUM7W2AV.lnk = C:\WINDOWS\wum7w2av.exe
O4 - Global Startup: V2HJO3PF.lnk = C:\WINDOWS\v2hjo3pf.exe
O4 - Global Startup: N4TYOC05.lnk = C:\WINDOWS\n4tyoc05.exe
O4 - Global Startup: G73DKYD0.lnk = C:\WINDOWS\g73dkyd0.exe
O4 - Global Startup: JJXG5IP4.lnk = C:\WINDOWS\jjxg5ip4.exe
O4 - Global Startup: Y89KXLFP.lnk = C:\WINDOWS\y89kxlfp.exe
O4 - Global Startup: IH28302M.lnk = C:\WINDOWS\ih28302m.exe
O4 - Global Startup: 95GYWAU0.lnk = C:\WINDOWS\95gywau0.exe
O4 - Global Startup: 5R58L0PJ.lnk = C:\WINDOWS\5r58l0pj.exe
O4 - Global Startup: CGHCGK2H.lnk = C:\WINDOWS\cghcgk2h.exe
O4 - Global Startup: KVHIVHVM.lnk = C:\WINDOWS\kvhivhvm.exe
O4 - Global Startup: W1C4BNF0.lnk = C:\WINDOWS\w1c4bnf0.exe
O4 - Global Startup: Y8YMTHW3.lnk = C:\WINDOWS\y8ymthw3.exe
O4 - Global Startup: 91NIH6Y2.lnk = C:\WINDOWS\91nih6y2.exe
O4 - Global Startup: EUGH89C3.lnk = C:\WINDOWS\eugh89c3.exe

Download and run Spybot S&D, Lavasoft Ad-Aware and CWShredder. Run these and remove anything they find. Also install spywareblaster. Make sure you update this. reboot and redo the log.
 
NiteHawk

· Registered
Joined
·
4,733 Posts
#5 ·
DO NOT REMOVE THIS LINE!!

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

Is NOT, I repeat, IS NOT A VIRUS!!

It is an extremely important part of Windows 98, 98 SE, and ME. It creates a backup copy of your registry on start-up. This can "save your butt" in a lot of cases.
 
W

· Registered
Joined
·
18 Posts
Discussion Starter · #6 ·
tried getting rid of a lot of stuff, this is what i got left, also, there are about 20 or 30 of those old ones in my startup of msconfig and i don't know how ot get rid of them

Logfile of HijackThis v1.97.7
Scan saved at 8:56:09 PM, on 3/31/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\APOINT\APWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\Client\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
NiteHawk

· Registered
Joined
·
4,733 Posts
#7 ·
It looks at least 200% better :up:

Here are two entries that really aren't necessary and are regarded by some as spyware.

O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs

ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware

O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\Client\bin\tgcmd.exe" /server /nosystra

Software from SupportSoft (aka Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech)) and ISPs (such as Comcast, Cox and Charter (Pipeline Support Agent)) that allows them to offer on-line support - to update drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see here). This part does the protection and "self-healing". Uninstallation is recommended by most people - especially for System Restore users (WinME/XP). If not available via Add/Remove, Charter offer some uninstallation instructions involving a registry patch that you may be able to modify for your proivder or try here

This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox. Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. "tgcmdprovidersbc" is for SBC Yahoo DSL
 
NiteHawk

· Registered
Joined
·
4,733 Posts
#8 ·
Also, use the restore function in HJT to put this line back in.

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

I wish I had seen that post earlier than I did.
 
Couriant

· Super Moderator
Joined
·
44,654 Posts
First Name -
James
#9 ·
REGCLEANER may be able to help you remove the listing of those old ones in MSCONFIG.

Nitehawk, my bad for missing information under that O4 : Scanregisty. I was on a Mac and for some dumb reason wasn't typing. There has been a few files like that one, but the one you have was not (should not) the bad file. Again my bad. I need to stop using tha Mac... :(
 
1 - 12 of 12 Posts
Status
Not open for further replies.
About this Discussion
11 Replies
4 Participants
Last post:
NiteHawk
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top