• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
diamondsoul

Explorer errors

15 posts in this topic

Explorer has caused an error in IEFRARED.DLL Explorer will now close.

 

I know I have malware and was slowly trying to clear it out of the system with Adaware, CWS, and virus scans. I grabbed BHO and Spyware Blaster while I was at it and before installing those the error quoted above read "Explorer has caused an error in <unknown>". Now I have a file name but I have no clue what's causing the problem. It also comes up in Safe Mode and I can't use ALT CTRL DEL to shut down unncessary programs without killing Explorer first. Hijack This log follows-

 

Logfile of HijackThis v1.97.7

Scan saved at 11:55:22 AM, on 6/30/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNEW\SYSTEM\KERNEL32.DLL

C:\WINNEW\SYSTEM\MSGSRV32.EXE

C:\WINNEW\SYSTEM\mmtask.tsk

C:\WINNEW\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE

C:\WINNEW\EXPLORER.EXE

C:\WINNEW\RUNDLL32.EXE

C:\WINNEW\SYSTEM\RESTORE\STMGR.EXE

C:\WINNEW\TASKMON.EXE

C:\WINNEW\SYSTEM\SYSTRAY.EXE

C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE

C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\AHQTB.EXE

C:\WINNEW\SYSTEM\HPZTSB06.EXE

C:\WINNEW\LOADQM.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE

C:\WINNEW\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE

C:\WINNEW\SYSTEM32\IPNUT.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE

C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE

C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE

C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE

C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE

C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i...//sbc.yahoo.com

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O4 - HKLM\..\Run: [TaskMonitor] C:\WINNEW\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE"

O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNEW\SYSTEM\hpztsb06.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [sysUpd] C:\WINNEW\SYSUPD.EXE

O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE

O4 - HKLM\..\Run: [iPNUT] C:\WINNEW\SYSTEM32\IPNUT.EXE

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINNEW\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\ShareDLL\AHQ\CTAutoEA.ahq" 0

O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe

O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: Arkadium (HKLM)

O9 - Extra 'Tools' menuitem: Arkadium (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/dlhelper/ve...n4/dlhelper.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7909.7341550926

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamgame.com/java2/cabs/swing.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WISH

O16 - DPF: {6CEE8563-CA62-4F56-AD89-48EC7B72B8AA} (CacheUtils Class) - https://www.tournamentgames.com/tg/console/...myInetUtils.cab

O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://64.69.77.23/SafeCommon/downloads/WalletCab.CAB

O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} (ArkDownloader Class) - http://www.arkadium.com/install/ArkDownloader.dll

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/br...ut/brickout.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab

O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab

O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab

O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v47/co...se/collapse.cab

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v44/wo...be/wordcube.cab

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v49/bj...ck/bjattack.cab

O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldwinner.com/games/v40/focus/focus.cab

O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab

O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/ti...ty/tilecity.cab

O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - https://www.kintera.com/CommonLib/Ektron3/ewebeditpro3.cab

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab

O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v46/bl...x/blockwerx.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.1.28...o-ob-assets.cab

O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab

O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab

O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.8.2.19...s-ob-assets.cab

O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet/drawpoker...r-ob-assets.cab

O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/b...n-ob-assets.cab

O16 - DPF: Pirate's Gold by pogo - http://solitaire02.pogo.com/applet-5.8.3.2...d-ob-assets.cab

O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.8.3.26/popf...u-ob-assets.cab

O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet/slots/alibaba-ob-assets.cab

O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet/slots/showbiz2-ob-assets.cab

O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/s...l-ob-assets.cab

O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.8.3.26/...k-ob-assets.cab

O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab

O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab

O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab

O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdow...n-ob-assets.cab

O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wor...p-ob-assets.cab

O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab

O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab

O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab

O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.com/applet-5.8.2.19/hold...m-ob-assets.cab

O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/vid...k-ob-assets.cab

O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/fl...r-ob-assets.cab

O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/popblocker.cab

O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://mirror.worldwinner.com/games/v43/so...iv/solotriv.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50074/QDow_AS2.cab

O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldwinner.com/games/v45/sk...am/skillgam.cab

Share this post


Link to post
Share on other sites

I forgot I updated to the newest version of HJT and scanned again- here's the current log-file

 

Logfile of HijackThis v1.98.0

Scan saved at 9:51:57 AM, on 7/1/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNEW\SYSTEM\KERNEL32.DLL

C:\WINNEW\SYSTEM\MSGSRV32.EXE

C:\WINNEW\SYSTEM\SPOOL32.EXE

C:\WINNEW\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE

C:\WINNEW\SYSTEM\mmtask.tsk

C:\WINNEW\EXPLORER.EXE

C:\WINNEW\SYSTEM\RESTORE\STMGR.EXE

C:\WINNEW\RUNDLL32.EXE

C:\WINNEW\TASKMON.EXE

C:\WINNEW\SYSTEM\SYSTRAY.EXE

C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE

C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\AHQTB.EXE

C:\WINNEW\SYSTEM\HPZTSB06.EXE

C:\WINNEW\LOADQM.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE

C:\WINNEW\SYSTEM32\IPNUT.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE

C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE

C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE

C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE

C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE

C:\PROGRAM FILES\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O4 - HKLM\..\Run: [TaskMonitor] C:\WINNEW\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE"

O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNEW\SYSTEM\hpztsb06.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [sysUpd] C:\WINNEW\SYSUPD.EXE

O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE

O4 - HKLM\..\Run: [iPNUT] C:\WINNEW\SYSTEM32\IPNUT.EXE

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINNEW\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\ShareDLL\AHQ\CTAutoEA.ahq" 0

O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe

O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/dlhelper/ve...n4/dlhelper.cab

O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamgame.com/java2/cabs/swing.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WISH

O16 - DPF: {6CEE8563-CA62-4F56-AD89-48EC7B72B8AA} (CacheUtils Class) - https://www.tournamentgames.com/tg/console/...myInetUtils.cab

O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://64.69.77.23/SafeCommon/downloads/WalletCab.CAB

O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} (ArkDownloader Class) - http://www.arkadium.com/install/ArkDownloader.dll

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/br...ut/brickout.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab

O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab

O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab

O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v47/co...se/collapse.cab

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v44/wo...be/wordcube.cab

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v49/bj...ck/bjattack.cab

O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldwinner.com/games/v40/focus/focus.cab

O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab

O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/ti...ty/tilecity.cab

O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - https://www.kintera.com/CommonLib/Ektron3/ewebeditpro3.cab

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab

O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v46/bl...x/blockwerx.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.1.28...o-ob-assets.cab

O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab

O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab

O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.8.2.19...s-ob-assets.cab

O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet/drawpoker...r-ob-assets.cab

O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/b...n-ob-assets.cab

O16 - DPF: Pirate's Gold by pogo - http://solitaire02.pogo.com/applet-5.8.3.2...d-ob-assets.cab

O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.8.3.26/popf...u-ob-assets.cab

O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet/slots/alibaba-ob-assets.cab

O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet/slots/showbiz2-ob-assets.cab

O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/s...l-ob-assets.cab

O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.8.3.26/...k-ob-assets.cab

O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab

O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab

O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab

O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdow...n-ob-assets.cab

O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wor...p-ob-assets.cab

O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab

O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab

O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab

O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.com/applet-5.8.2.19/hold...m-ob-assets.cab

O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/vid...k-ob-assets.cab

O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/fl...r-ob-assets.cab

O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/popblocker.cab

O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://mirror.worldwinner.com/games/v43/so...iv/solotriv.cab

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50074/QDow_AS2.cab

O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldwinner.com/games/v45/sk...am/skillgam.cab

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINNEW\SYSTEM\AUHOOK.DLL

Share this post


Link to post
Share on other sites

Bumping so I can post a new log shortly.

 

I updated CWS Shredder and ran it, ran Trojan Hunter twice (it found and removed one Trojan) and now am running RAV online virus scan (so far it's managed to find several other Trojans! :gasp: ) and then BitDefender's online scan since I can't seem to get Housecall to work.

Share this post


Link to post
Share on other sites

Hi diamondsoul,

 

You have the Look2Me parasite here.

 

But first, since you have an inordinate number of Active-X controls, we'll take them all out using hijackthis. These entries represent those dialog boxes that popup when you go to those game sites asking you "Yes" or "No". When and if you go to these sites or if you have game sites you go to on a regular basis, you will be prompted to install these Active-X controls again.

 

Run hijackthis again, click Scan. Check the boxes next to these entries. Then close all windows except HijackThis. Tell HijackThis to 'Fix checked'.

 

O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/dlhelper/ve...n4/dlhelper.cab

O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamgame.com/java2/cabs/swing.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WISH

O16 - DPF: {6CEE8563-CA62-4F56-AD89-48EC7B72B8AA} (CacheUtils Class) - https://www.tournamentgames.com/tg/console/...myInetUtils.cab

O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://64.69.77.23/SafeCommon/downloads/WalletCab.CAB

O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} (ArkDownloader Class) - http://www.arkadium.com/install/ArkDownloader.dll

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/br...ut/brickout.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab

O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab

O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab

O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v47/co...se/collapse.cab

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v44/wo...be/wordcube.cab

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v49/bj...ck/bjattack.cab

O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldwinner.com/games/v40/focus/focus.cab

O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab

O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/ti...ty/tilecity.cab

O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} (eWebEditProLibCtl3.eWebEditPro) - https://www.kintera.com/CommonLib/Ektron3/ewebeditpro3.cab

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab

O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v46/bl...x/blockwerx.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.1.28...o-ob-assets.cab

O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab

O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab

O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.8.2.19...s-ob-assets.cab

O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet/drawpoker...r-ob-assets.cab

O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/b...n-ob-assets.cab

O16 - DPF: Pirate's Gold by pogo - http://solitaire02.pogo.com/applet-5.8.3.2...d-ob-assets.cab

O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.8.3.26/popf...u-ob-assets.cab

O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet/slots/alibaba-ob-assets.cab

O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet/slots/showbiz2-ob-assets.cab

O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/s...l-ob-assets.cab

O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.8.3.26/...k-ob-assets.cab

O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab

O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab

O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab

O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdow...n-ob-assets.cab

O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wor...p-ob-assets.cab

O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab

O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab

O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab

O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.com/applet-5.8.2.19/hold...m-ob-assets.cab

O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/vid...k-ob-assets.cab

O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/fl...r-ob-assets.cab

O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/popblocker.cab

O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://mirror.worldwinner.com/games/v43/so...iv/solotriv.cab

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50074/QDow_AS2.cab

O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldwinner.com/games/v45/sk...am/skillgam.cab

 

Now, let's deal with this Look2Me parasite. Go here and download this file:

http://www.downloads.subratam.org/VX2Finder9x.exe

 

Save it to your desktop and run it. Click Make Log and paste the log back here along with an updated hijackthis log.

Share this post


Link to post
Share on other sites

Ok, cleaned out all activeX controls and ran the program you directed me to- here's what it found :gasp:

 

(If I'm supposed to get a notepad window with a log like we do from HJT, it didn't work that way, just wanted to let you know in case this isn't the kind of log you were looking for)

 

Files Found---

C:\WINNEW\SYSTEM\CqCFG32.DLL

C:\WINNEW\SYSTEM\HeTPLUG.DLL

C:\WINNEW\SYSTEM\HrTPLUG.DLL

C:\WINNEW\SYSTEM\HvTPLUG.DLL

C:\WINNEW\SYSTEM\IaSETUP.DLL

C:\WINNEW\SYSTEM\IbSETUP.DLL

C:\WINNEW\SYSTEM\IeFRARED.DLL

C:\WINNEW\SYSTEM\IpFRARED.DLL

C:\WINNEW\SYSTEM\IrSETUP.DLL

C:\WINNEW\SYSTEM\IsFRARED.DLL

C:\WINNEW\SYSTEM\IxFRARED.DLL

C:\WINNEW\SYSTEM\IyFRARED.DLL

C:\WINNEW\SYSTEM\MqLOCUSR.DLL

C:\WINNEW\SYSTEM\RjCLTC5.DLL

C:\WINNEW\SYSTEM\RoCLTS5.DLL

C:\WINNEW\SYSTEM\UgBUI.DLL

C:\WINNEW\SYSTEM\UmBUI.DLL

C:\WINNEW\SYSTEM\UtBUI.DLL

C:\WINNEW\SYSTEM\VtWWDM32.DLL

C:\WINNEW\SYSTEM\WbNG.DLL

C:\WINNEW\SYSTEM\WsNG.DLL

C:\WINNEW\SYSTEM\WuNG.DLL

 

 

User Agent String---

{DD6D7DC5-44DD-4E1D-90ED-7E7675853E64}

 

Note that IeFRARED.DLL is the file named in the error message.

 

 

Logfile of HijackThis v1.98.0

Scan saved at 10:34:35 PM, on 7/1/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNEW\SYSTEM\KERNEL32.DLL

C:\WINNEW\SYSTEM\MSGSRV32.EXE

C:\WINNEW\SYSTEM\SPOOL32.EXE

C:\WINNEW\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE

C:\WINNEW\SYSTEM\mmtask.tsk

C:\WINNEW\EXPLORER.EXE

C:\WINNEW\SYSTEM\RESTORE\STMGR.EXE

C:\WINNEW\RUNDLL32.EXE

C:\WINNEW\TASKMON.EXE

C:\WINNEW\SYSTEM\SYSTRAY.EXE

C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE

C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\AHQTB.EXE

C:\WINNEW\SYSTEM\HPZTSB06.EXE

C:\WINNEW\LOADQM.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE

C:\WINNEW\SYSTEM32\IPNUT.EXE

C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE

C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE

C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE

C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE

C:\WINNEW\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\HIJACKTHIS.EXE

C:\WINNEW\SYSTEM\DDHELP.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O4 - HKLM\..\Run: [TaskMonitor] C:\WINNEW\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE"

O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNEW\SYSTEM\hpztsb06.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [sysUpd] C:\WINNEW\SYSUPD.EXE

O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE

O4 - HKLM\..\Run: [iPNUT] C:\WINNEW\SYSTEM32\IPNUT.EXE

O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINNEW\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\ShareDLL\AHQ\CTAutoEA.ahq" 0

O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe

O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINNEW\SYSTEM\AUHOOK.DLL

Edited by diamondsoul

Share this post


Link to post
Share on other sites

Bumping for early morning help..

 

Hey guys, you know it's bad when you have dreams about cleaning spyware out of your system! :rofl::weee:

Share this post


Link to post
Share on other sites

Hi diamondsoul,

 

Yes, that is the log we are looking for.

 

Run Vx2Finder again, select the files and delete them all (your desktop will temporarily disappear. That is supposed to happen so don't panic) :)

 

Next, click the User Agent$ button which will remove the User Agent String in the registry. Finally, click the Look2Me.reg button which should fix the Double Quicklaunch toolbar.

 

Then run hijackthis again, click Scan. Check the boxes next to these entries (if they are there). Then close all windows except HijackThis. Tell HijackThis to 'Fix checked'.

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

 

Now run vx2finder again and post a new log along with an updated hijackthis log.

Share this post


Link to post
Share on other sites

Ok, OSC, I cheated and went ahead and deleted the pesky error message file- IeFRARED

 

I know I probably shouldn't have but not having access to task manager was driving me buggy. So far no errors on reboot, so I'll edit to show new VXFinder and HJT log in just a sec.

Share this post


Link to post
Share on other sites

Running Vx2Finder and removing all the logged entries left me with no response from the prgram when I hit the User Agent$ button.

 

Current Vx2 Finder log is empty no files listed under either heading

 

Current HJT log follows-(blinks...didn't we just wipe the ActiveX files?! Wha'happened?!)

 

Logfile of HijackThis v1.98.0

Scan saved at 12:47:17 PM, on 7/2/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNEW\SYSTEM\KERNEL32.DLL

C:\WINNEW\SYSTEM\MSGSRV32.EXE

C:\WINNEW\SYSTEM\SPOOL32.EXE

C:\WINNEW\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE

C:\WINNEW\SYSTEM\mmtask.tsk

C:\WINNEW\SYSTEM\RESTORE\STMGR.EXE

C:\WINNEW\EXPLORER.EXE

C:\WINNEW\TASKMON.EXE

C:\WINNEW\SYSTEM\SYSTRAY.EXE

C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE

C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\AHQTB.EXE

C:\WINNEW\SYSTEM\HPZTSB06.EXE

C:\WINNEW\LOADQM.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE

C:\WINNEW\SYSTEM32\IPNUT.EXE

C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE

C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE

C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE

C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE

C:\PROGRAM FILES\HIJACKTHIS.EXE

 

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O4 - HKLM\..\Run: [TaskMonitor] C:\WINNEW\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE"

O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNEW\SYSTEM\hpztsb06.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [sysUpd] C:\WINNEW\SYSUPD.EXE

O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE

O4 - HKLM\..\Run: [iPNUT] C:\WINNEW\SYSTEM32\IPNUT.EXE

O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINNEW\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\ShareDLL\AHQ\CTAutoEA.ahq" 0

O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe

O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} - http://skill.skilljam.com/ssp/SSP.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/dlhelper/ve...n4/dlhelper.cab

O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} - http://igweb04.iamgame.com/java2/cabs/swing.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} - http://www.rovion.com/Controls/Rovion.cab?affiliate=WISH

O16 - DPF: {6CEE8563-CA62-4F56-AD89-48EC7B72B8AA} - https://www.tournamentgames.com/tg/console/...myInetUtils.cab

O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} - http://64.69.77.23/SafeCommon/downloads/WalletCab.CAB

O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} - http://www.arkadium.com/install/ArkDownloader.dll

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab

O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} - http://www.mgisoft.com/ActiveX/LPControl.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab

O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} - http://mirror.worldwinner.com/games/shared/dephlp.cab

O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - http://mirror.worldwinner.com/games/v42/br...ut/brickout.cab

O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab

O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} - http://mirror.worldwinner.com/games/v42/shape/shape.cab

O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://mirror.worldwinner.com/games/v44/sol/sol.cab

O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} - http://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab

O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} - http://mirror.worldwinner.com/games/v47/co...se/collapse.cab

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} - http://mirror.worldwinner.com/games/v44/wo...be/wordcube.cab

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://mirror.worldwinner.com/games/v49/bj...ck/bjattack.cab

O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} - http://mirror.worldwinner.com/games/v40/focus/focus.cab

O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab

O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - http://mirror.worldwinner.com/games/v40/ti...ty/tilecity.cab

O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} - https://www.kintera.com/CommonLib/Ektron3/ewebeditpro3.cab

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} - http://download.paltalk.com/download/0.x/regdload.cab

O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://mirror.worldwinner.com/games/v46/bl...x/blockwerx.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.1.28...o-ob-assets.cab

O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab

O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab

O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.8.2.19...s-ob-assets.cab

O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet/drawpoker...r-ob-assets.cab

O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet/backgammon/b...n-ob-assets.cab

O16 - DPF: Pirate's Gold by pogo - http://solitaire02.pogo.com/applet-5.8.3.2...d-ob-assets.cab

O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.8.3.26/popf...u-ob-assets.cab

O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet/slots/alibaba-ob-assets.cab

O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet/slots/showbiz2-ob-assets.cab

O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/s...l-ob-assets.cab

O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.8.3.26/...k-ob-assets.cab

O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab

O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab

O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab

O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdow...n-ob-assets.cab

O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wor...p-ob-assets.cab

O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab

O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab

O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab

O16 - DPF: Texas Hold'em Poker by pogo - http://game2.pogo.com/applet-5.8.2.19/hold...m-ob-assets.cab

O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/vid...k-ob-assets.cab

O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/fl...r-ob-assets.cab

O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/popblocker.cab

O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} - http://mirror.worldwinner.com/games/v43/so...iv/solotriv.cab

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50074/QDow_AS2.cab

O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - http://mirror.worldwinner.com/games/v45/sk...am/skillgam.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINNEW\SYSTEM\AUHOOK.DLL

Share this post


Link to post
Share on other sites

NOTE: Was helped in chat room. Going to clean the O16's again and post a new log. Also, computer is clean of Look2Me.

Share this post


Link to post
Share on other sites

New HJT log- Any idea what those last two items are? AUHook, I don't remember seeing that on previous logs (before these recent problems) or recognize it.

 

Logfile of HijackThis v1.98.0

Scan saved at 6:39:11 AM, on 7/3/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNEW\SYSTEM\KERNEL32.DLL

C:\WINNEW\SYSTEM\MSGSRV32.EXE

C:\WINNEW\SYSTEM\SPOOL32.EXE

C:\WINNEW\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE

C:\WINNEW\SYSTEM\mmtask.tsk

C:\WINNEW\SYSTEM\RESTORE\STMGR.EXE

C:\WINNEW\EXPLORER.EXE

C:\WINNEW\TASKMON.EXE

C:\WINNEW\SYSTEM\SYSTRAY.EXE

C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE

C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\AHQTB.EXE

C:\WINNEW\SYSTEM\HPZTSB06.EXE

C:\WINNEW\LOADQM.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE

C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE

C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE

C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE

C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE

C:\WINNEW\SYSTEM32\IPNUT.EXE

C:\WINNEW\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE

C:\WINNEW\WUAUCLT.EXE

C:\PROGRAM FILES\HIJACKTHIS.EXE

 

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O4 - HKLM\..\Run: [TaskMonitor] C:\WINNEW\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGOLD\EARTHLINK 5.0\CONMGR.EXE"

O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNEW\SYSTEM\hpztsb06.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [sysUpd] C:\WINNEW\SYSUPD.EXE

O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE

O4 - HKLM\..\Run: [iPNUT] C:\WINNEW\SYSTEM32\IPNUT.EXE

O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINNEW\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBPCI512\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\ShareDLL\AHQ\CTAutoEA.ahq" 0

O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2.0\BHODemon.exe

O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINNEW\SYSTEM\AUHOOK.DLL

Share this post


Link to post
Share on other sites

Hi diamondsoul,

 

Sorry for the delay in responding. Haven't been near a computer for a few days. :evilgrin: Was having withdrawals. :D

 

Anyway, are these the items you are talking about:

O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINNEW\SYSTEM\AUHOOK.DLL

 

If so, and you are sure you don't need or want this program, check Add/Remove Programs and look for Arkadium. If it's there, uninstall it. Then fix these 2 with hijackthis (again, only if you are sure you don't use/need this program):

O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe

 

As for the last one, leave that one alone as it is a critical operating system file. :!:

 

The rest of your log is clean. :) Here's some reading for prevention.

 

Protection - download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Both are very small free programs that you run once, and then just occasionally to check for updates.

 

And also see So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0