• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ConfusedMonkey

HELP!

60 posts in this topic

I have noticed a lot of different spywares on my computer and some like a free travel voucher icon keeps coming up. I also noticed id53.exe and fnuninstaller.exe and don't know what to do with these. There is also Windows SR 2.0 and none of these are removable by going to control panel add/remove programs. Also under the add/remove programs list there is stuff like URL display, Lycos search engine and more that won't uninstall. Please help. Plus there is the HijackThis log too....

 

Logfile of HijackThis v1.97.7

Scan saved at 5:51:51 PM, on 7/10/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\LIVEUPDATE\LIVEUPDATE.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.ca

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - SOFTWARE - (no file)

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl

O4 - Startup: PowerReg SchedulerV2.exe

O9 - Extra button: Translate (HKLM)

O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)

O9 - Extra 'Tools' menuitem: AV Home (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.ca

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

Share this post


Link to post
Share on other sites

Please help, I don't know anything about what HijackThis is listing and am even having troubles shutting down my computer. I am also getting error stating that Windows System is not responding.

Share this post


Link to post
Share on other sites

Hi,

Close all open windows, rescan with HijackThis

Place a check in each of the following then click "Fix checked".

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O2 - BHO: (no name) - SOFTWARE - (no file)

O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe

O4 - Startup: PowerReg SchedulerV2.exe

 

Then reboot, on restart, restart in Ms-Dos Mode

 

From C:\> (type and press Enter after each command)

 

cd\windows

smartdrv

deltree tempor~1

deltree history

deltree temp

cd\windows\system\fonts\system\explorer

deltree mru

 

 

Restart (Ctrl-Alt-Del)

 

Upon restart ... Download icon11.gifAd-Aware

 

After installing Ad-Aware, and before running the program.

 

Update Ad-aware's Reference File: instructions icon11.gifhere

 

Required Step: icon11.gifReconfigure Ad-Aware for Full Scan

 

icon13.gifImportant! Your system is severly out of date!

Visit icon11.gifWindows Update and install all the "Critical Updates"

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Share this post


Link to post
Share on other sites

When restarting in Ms-dos mode it said

C:\windows\

 

so I just continued and typed in each command but after the deltree ones it asks if I want to delete & all subdirectories (y/n), yes or no?

Also, when I type in cd\windows\system\fonts\system\explorer and then press enter and deltree mru it follows up with C:\windows\system\fonts\system\explorer\deltree mru and asks whether I want to delete and all subdirectories, yes or no?

 

Please Help!

P.S. I have Ad-Aware 6.0 do I need to re-download?

 

*Edit: Updated and reconfigured Ad-Adware for Full Scan and Updated and Installed All Critical Updates (Hopefully those are free). Just patiently awaiting answers.

Edited by ConfusedMonkey

Share this post


Link to post
Share on other sites

C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe

PowerReg SchedulerV2.exe

 

show up with check marks next to them on msconfig's startup. Also my task scheduler is back and I was wondering if I uncheck mmtask.exe to get rid of it from my taskbar. Thanks.

Edited by ConfusedMonkey

Share this post


Link to post
Share on other sites

Hi,

after the deltree ones it asks if I want to delete & all subdirectories
That's normal for the prompt from Windows for "deltree", just press "Y" and continue for each prompt. Yes you want to delete all the "subdirectories".

 

Note: the reason you have to do this in DOS mode is Windows hides from view any other files\folders for "Windows\Fonts". Those "subdirectories" should not exist there, but that's why these culprits use those locations = to hide them from your view.

 

show up with check marks next to them on msconfig's startup.

Those 2 items will be removed from Msconfig via HijackThis, when you select those 2 entries for removal. (see my previous post)

 

Also my task scheduler is back
Back from where? Was it missing? It only runs when you have assigned a specific task to run at a specific time. Otherwise it does not show up. This may have reappeared from updating your browser and the (check for) "Windows Update" is now a scheduled task.

Disable via Control Panel | Scheduled Tasks | Advanced

[more info]

Q195933 - Cannot Disable Task Scheduler

http://support.microsoft.com/?id=195933

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 10:50:12 AM, on 7/12/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain

O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl

O9 - Extra button: Translate (HKLM)

O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)

O9 - Extra 'Tools' menuitem: AV Home (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8179.9264351852

 

 

Then I continued to remove (again) the 2 that were previously listed and this is the log after...

Logfile of HijackThis v1.97.7

Scan saved at 10:54:13 AM, on 7/12/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl

O9 - Extra button: Translate (HKLM)

O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)

O9 - Extra 'Tools' menuitem: AV Home (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8179.9264351852

 

Please note one of the bolded selections is still present after 2 attempts.

P.S. The task scheduler had reappeared in my taskbar and I removed it from my taskbar by going to msconfig and removing the check next to mmtask.exe. There are also numerous backup copies of the task scheduler and I am not sure whether to keep them or delete them. Also, I did not understand how to disable the live update. Thanks.

Share this post


Link to post
Share on other sites

Also, once I began having problems with spyware a numerous amount of icons started appearing in my folders (C:\windows and just C:\). If requested I can make screen caps of the icons or type in the name given to the files. Thanks for your help. :)

Share this post


Link to post
Share on other sites

Hi,

Please note one of the bolded selections is still present after 2 attempts.
Download: RepairDefaultPrefix.reg

http://www.mvps.org/winhelp2002/unwanted.htm

To use: Right-click and select: Merge, Ok the prompt and reboot.

 

numerous amount of icons started appearing in my folders (C:\windows and just C:\).
Can't you just delete those items? Does Ad-Aware detect those items? As they are not showing up in your log ...

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 6:43:20 PM, on 7/12/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl

O9 - Extra button: Translate (HKLM)

O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)

O9 - Extra 'Tools' menuitem: AV Home (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8179.9264351852

 

 

Should I try to delete it again?

For the other programs that have appeared... So far I have run Ad-Aware and Spybot and these files do not seem to go away. Also, I have seen new files being added to be add/remove programs box in the control panel. I can delete them but I don't know what is needed and what is spyware. Thanks for the help. :)

Edited by ConfusedMonkey

Share this post


Link to post
Share on other sites

Hi,

That reg file (RepairDefaultPrefix.reg) should have reset that entry.

Looks like you are going to have to fix this manually.

 

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

 

Start | Run (type) regedit

Navigate to the following location:

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

 

In the right pane, right-click on the below entry and select: Rename

 

{CFBFAE00-17A6-11D0-99CB-00C04FD64497}_

 

Backspace out the "_" at the end of the entry. Close Regedit.

 

Also, I have seen new files being added to be add/remove programs box

Open SpyBot, click "+Tools", click "Uninstall info"

Click Export (right pane), this will create a text file (SpybotSD.Uninstall report.txt) of

the entries in Add Remove. Paste that info into your next post.

 

Just an update... I did try to delete the file again and it won't delete.

You tried to delete what file?

Share this post


Link to post
Share on other sites

For the first step it says that the name already exists (it is located in the same folder) and to choose another file name.

 

For the second step, I opened spybot - search and destroy (Version 1.2) and can't find "+Tools".

Share this post


Link to post
Share on other sites

Hi,

Locate: RepairDefaultPrefix.reg

Right-click and select: Merge, Ok the prompt and reboot.

 

search and destroy (Version 1.2) and can't find "+Tools".

Well ... you are using an outdated version ...

Download icon11.gifSpyBot-Search & Destroy 1.3

 

Open SpyBot, click "Search for Updates"

Then run a scan, "fix" everything marked in red and reboot.

Share this post


Link to post
Share on other sites

I followed the steps listed in the previous post. I tried to rename the file but there is still one file with the exact same name but without the "_". Should I delete one? Thank you for your continuing help. :)

 

P.S. Here is the Spybot Report

 

(DXM_Runtime)

 

(ICW)

 

Microsoft Internet Explorer 6 SP1 and Internet Tools (IE40)

uninstall cmd: rundll32 setupwbv.dll,IE6Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINDOWS\IE Uninstall Log.Txt"

 

(DirectDrawEx)

 

(IE5BAKEX)

 

(SchedulingAgent)

 

(MobileOptionPack)

 

(MSJavaVM)

 

(MSTASK)

 

(MSWALLET)

 

Microsoft Outlook Express 6 (OutlookExpress)

uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /UNINSTALL /PROMPT

 

(AddressBook)

uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT

 

Microsoft Web Publishing Wizard 1.6 (WebPost)

uninstall cmd: RunDll32 ADVPACK.DLL,LaunchINFSection C:\windows\INF\wpie5x86.inf,WebPostUninstall

 

(Branding)

 

(fontcore)

 

(IE_EXTRA)

 

NetMeeting 3.01 (NetMeeting)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\msnetmtg.inf,NetMtg.Remove.W95

 

Microsoft FrontPage Express (FrontPageExpress)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\fpxpress.inf, Uninstall

 

(fontsup)

 

(ADIELangPack)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\AD.inf, Uninstall

 

Windows 98 Second Edition Digital Video Update (W98SE.DV.UPD)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\QFE\2427UN.inf, DefaultInstall

 

Easy Access Button Support ({93539D60-1817-11D1-9504-00805F26A89C})

uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93539D60-1817-11D1-9504-00805F26A89C}\setup.exe" -uninst

 

(CPQBezelDeinstKey)

 

Microsoft Works 2000 1.0.0.0000 ({56364334-9530-11D2-BFFC-00C04FA329AA})

version: 16777216

version (major): 1

install date: 5/5/00

install source: C:\appl.zip\wks2000\

uninstall cmd: MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}

publisher: Microsoft Corporation

comments: Microsoft Works 2000 installation.

help link: http://www.microsoft.com

 

Compaq Wizard Host Online v2.6 (Compaq Wizard Host Online)

uninstall cmd: C:\WINDOWS\uninst.exe -fc:\compaq\lutil\DeIsL1.isu -c"c:\compaq\lutil\ISUninst.dll

 

Compaq Digital Dashboard LED (Digital Dashboard)

uninstall cmd: C:\Program Files\Compaq\Digital Dashboard\uninstall.exe

 

Compaq OOBE Online (Compaq OOBEDeinstKey)

uninstall cmd: C:\WINDOWS\uninst.exe -fC:\compaq\oobe\DeIsL1.isu

 

Compaq WebReg v2.6 (Compaq WebReg v2.6)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq WebReg v2.6\Uninst.isu"

 

Compaq WebISP (WebISPDeinstKey)

uninstall cmd: C:\WINDOWS\uninst.exe -fC:\Compaq\webisp\DeIsL1.isu

 

Compaq IE5 Custom CA v2.6 (Compaq IE5 Custom CA v2.6)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq IE5 Custom CA v2.6\Uninst.isu" -c"C:\Compaq\IE5\IE5_Uninstall.DLL"

 

Netscape Communicator 4.7 (Netscape Communicator 4.7)

uninstall cmd: C:\WINDOWS\cd32.exe 4.7 (en)

 

Compaq Hardware Discovery (Compaq Hardware Discovery)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq Hardware Discovery\Uninst.isu"

 

RioPort Audio Manager (Audio Manager)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RioPort\Audio Manager\Uninst.isu" -c"C:\Program Files\RioPort\Audio Manager\Uninst.dll"

 

Compaq Diagnostics for Windows (Compaq Diagnostics for Windows)

uninstall cmd: C:\WINDOWS\uninst.exe -fC:\WINDOWS\CPQDIAG\DeIsL1.isu -cC:\WINDOWS\CPQDIAG\_ISREG32.DLL

 

Microsoft Money 2000 Standard (MSMONEYV80)

uninstall cmd: C:\Program Files\Microsoft Money\setup\setup.exe

 

Shockwave (Shockwave)

uninstall cmd: C:\WINDOWS\SYSTEM\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM\MACROMED\SHOCKW~2\Install.log

 

Microsoft Encarta Encyclopedia 2000 (Encarta Encyclopedia 2000 A)

uninstall cmd: "C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000\unee2000.exe" /uninstall

 

HSP56 MicroModem Drivers (Installing HSP56 MicroModem Drivers)

uninstall cmd: ptuninst.exe

 

(ADAPTECMASTERKEY)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"

 

(ADAPTECCreateCDKEY)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\CreateCD\UNINST.ISU"

 

(ADAPTECCreatr32KEY)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"

 

Adaptec Easy CD Creator 4 (Adaptec Master Setup)

uninstall cmd: "C:\Program Files\Common Files\Adaptec\ECDCUNIN\SETUP.EXE" -l0009 -fECDC.INS

 

Adaptec DirectCD (DirectCD)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\DirectCD\DCDUnins.isu" -cC:\PROGRA~1\ADAPTEC\DIRECTCD\Dcduhlp.dll

 

(Chl99)

 

Access Manager (Access Manager)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Sympatico High Speed Edition\Access Manager\Uninst.isu" -c"C:\SYMPAT~1\ACCESS~1\NTSUninstall.dll"

 

Viewpoint Media Player (ViewpointMediaPlayer)

uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

 

(expinst)

 

(IEREADME)

 

(HTMLHelp)

 

(128PATCH)

 

Foreign Language Advantage 2001 (Foreign Language Advantage 2001)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Encore Software\Foreign Language Advantage 2001\Uninst.isu"

 

StudyWorks 2001 (StudyWorks 2001)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MathSoft\StudyWorks 2001\Uninst.isu" -c"C:\Program Files\MathSoft\StudyWorks 2001\uninst.dll

 

ICQ (ICQ)

uninstall cmd: C:\PROGRA~1\ICQ\ICQUninstall.EXE

 

ZipCentral 4.01 4.01 (ZipCentral_is1)

uninstall cmd: "C:\Program Files\ZipCentral\unins000.exe"

publisher: Johan Savås

help link: http://zipcentral.isCool.net

 

QuickTime (QuickTime)

uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\SYSTEM\QuickTime\Uninstall.log

 

Trellix Web (Trellix2DeinstKey9)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Trellix Web\Uninst.isu"

 

Print Perfect Suite (Print Perfect Suite)

uninstall cmd: C:\WINDOWS\uninst.exe -fC:\Pperfect\DeIsL1.isu -cC:\Pperfect\_ISREG32.DLL

 

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)

version (major): 5

install location: C:\Program Files\Adobe\Acrobat 5.0

install source: C:\WINDOWS\TEMP\pft9362~TMP\

uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\98\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\98\Uninst.dll"

publisher: Adobe Systems, Inc.

help link: http://www.adobe.com/prodindex/acrobat/main.html

 

RealOne Player (RealPlayer 6.0)

uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

 

(RealJukebox 1.0)

uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

 

Lexmark Z22-Z32 Series (Lexmark Z22-Z32 Series)

uninstall cmd: LXAEDEL.EXE

 

(ShockwaveFlash)

 

Logitech QuickCam (Logitech QuickCam)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Logitech\QuickCam\Uninst.isu"

 

Microsoft NetShow Tools 2.0 (Microsoft NetShow Tools 2.0)

uninstall cmd: C:\Program Files\Microsoft NetShow\Tools\_INSTTOO.EXE /U

 

(Microsoft NetShow Player 2.0)

 

EACOM Game Installer (EACOM Game Installer)

uninstall cmd: C:\Program Files\EAcom\GILS\uninstall.exe C:\PROGRA~1\EACOM\GILS\INSTALL.LOG

 

EA.COM (EA.COM )

uninstall cmd: C:\PROGRA~1\EACOM\UPDATE\UNWISE.EXE C:\PROGRA~1\EACOM\UPDATE\INSTALL.LOG

 

Easy Translator International (Easy Translator International)

uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\TLI\Transcend\DeIsL1.isu"

 

MDL Chime/Chime Pro for Internet Explorer (MDL Chime/Chime Pro for Internet Explorer)

uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\INTERN~1\Plugins\chime26.isu

 

QuickTime for Windows (32-bit) (QuickTime32)

uninstall cmd: C:\WINDOWS\QTW32DEL.EXE

 

Quicktime Browser Plug-In (QuicktimePluginDeinstallKey)

uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Internet Explorer\plugins\npqtw\DeIsL1.isu"

 

Red Swoosh EDN Client (remove only) (RSNet EDN)

uninstall cmd: C:\WINDOWS\RSEDNClientUninstaller.exe

 

Arabic Language Support (ARIELangPack)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\AR.inf, Uninstall

 

Windows Media Player system update (9 Series) (WMP7)

uninstall cmd: C:\PROGRA~1\WINDOW~1\setup_wm.exe /Uninstall

 

(MPlayer2)

 

Norton AntiVirus 2001 (Norton AntiVirus)

uninstall cmd: "C:\WINDOWS\NAVUSTUB.EXE" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Norton AntiVirus\nav95.isu" -c"C:\Program Files\Norton AntiVirus\NAVINS95.DLL"

 

LiveReg (Symantec Corporation) 2.1.5.1502 (LiveReg)

install location: C:\Program Files\Common Files\Symantec Shared\LiveReg

uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE

publisher: Symantec Corporation

 

Rescue Disk (Norton Rescue)

 

DivX Player 2.1 (DivX Player)

uninstall cmd: C:\Program Files\DivX\DivX Player 2.1\uninstall.bat

 

DivX Codec (DivX Codec)

uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log

 

Paint Shop Pro 7 ESD 7.0.0.0000 ({D6DE02C7-1F47-11D4-9515-00105AE4B89A})

version: 117440512

version (major): 7

estimated size: 138767

install date: 20030729

install source: c:\windows\TEMP\_is62F3\

uninstall cmd: MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}

publisher: Jasc Software Inc

comments: Paint Shop Pro 7

help link: http://www.jasc.com

help telephone: 952-930-9171

readme: c:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Readme.doc

 

AOL (Choose which version to remove) (America Online ca)

uninstall cmd: C:\Program Files\Common Files\aolshare\Aolunins_ca.exe

 

(InstallShield Uninstall Information)

 

Microsoft PowerPoint Viewer 97 (PPTView97)

uninstall cmd: C:\Program Files\PowerPoint Viewer\setup\setup.exe

 

Microsoft Office 2000 Premium 9.00.2720 ({00000409-78E1-11D2-B60F-006097C998E7})

version: 150997664

version (major): 9

estimated size: 549665

install date: 20031106

install source: E:\

uninstall cmd: MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}

publisher: Microsoft Corporation

help link: http://www.microsoft.com/support

readme: c:\Program Files\Microsoft Office\Office\ofread9.txt

 

Japanese Language Support (JAIELangPack)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall

 

Java 2 SDK, SE v1.4.2 1.4.2 ({35A3A4F4-B792-11D6-A78A-00B0D0142000})

version: 17039362

version (major): 1

version (minor): 4

estimated size: 160768

install date: 20040101

install source: C:\WINDOWS\Local Settings\Application Data\{35A3A4F2-B792-11D6-A78A-00B0D0142000}\

uninstall cmd: MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142000}

publisher: Sun Microsystems, Inc.

comments: no comments

contact: http://java.sun.com

help link: http://java.sun.com

help telephone: http://java.sun.com

 

LiveUpdate 2.0 (Symantec Corporation) 2.0.39.0 (LiveUpdate)

install location: C:\Program Files\Symantec\LiveUpdate

uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U

publisher: Symantec Corporation

 

Adobe Download Manager 1.2 (Remove Only) (AdobeESD)

uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

 

MSN Messenger 6.1 6.1.0211 ({ABEB838C-A1A7-4C5D-B7E1-8B4314600211})

version: 100729043

version (major): 6

version (minor): 1

estimated size: 9636

install date: 20040409

install source: c:\windows\TEMP\IXP000.TMP\

uninstall cmd: MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}

publisher: Microsoft Corporation

 

Ad-aware 6 Personal 6.0.1.181 Personal (Ad-aware 6 Personal)

uninstall cmd: C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG

publisher: Lavasoft

help link: http://www.lavahelp.com

 

XviD MPEG-4 Video Codec XviD-1.0-05042004 (XviD_is1)

uninstall cmd: "C:\Program Files\XviD\unins000.exe"

publisher: XviD Team (Koepi)

help link: http://forum.doom9.org/forumdisplay.php?s=&forumid=52

 

Java 2 Runtime Environment, SE v1.4.2_04 1.4.2_04 ({7148F0A8-6813-11D6-A77B-00B0D0142040})

version (major): 1

version (minor): 4

estimated size: 221121

install date: 20040612

install source: http://java.sun.com/webapps/download/GetFi...5/windows-i586/

uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}

publisher: Sun Microsystems, Inc.

comments: http://www.java.com

contact: http://www.java.com

help link: http://www.java.com

help telephone: http://www.java.com

readme: Readme.txt

 

WildTangent Web Driver (WildTangent CDA)

uninstall cmd: C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe

 

URL Display (UrlSidebar)

uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f3

 

Context Display (ContextSidebar)

uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f4

 

LookSmart Search (SpiderSidebar)

uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f5

 

RON Display (RonSidebar)

uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f7

 

Lycos Search (MirrorUnder)

uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f8

 

Relaxing Ocean Screen Saver (Relaxing Ocean)

uninstall cmd: C:\WINDOWS\SYSTEM\Relaxing Ocean.scr /u

 

(IEData)

 

(IE4Data)

 

(VGX)

 

Windows 98 Q823559 Update (Q823559)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\QFE\W98.SE\823559UN.INF

 

Spybot - Search & Destroy 1.3 1.3 (Spybot - Search & Destroy_is1)

uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

publisher: Safer Networking Limited

Edited by ConfusedMonkey

Share this post


Link to post
Share on other sites

I just rebooted my computer and got an error on startup...

Error Loading C:\Progra~1\Wildta~1\Apps\CDA\CDAENG~1.dll

 

Then I went to Start>Run>msconfig>startup and saw a checkmark next to Wild Tangent CDA Rundll32.exe C:\Progra~1\Wildta~1\Apps\CDA\CDAENG~1.dll, cdaEngineMain

 

Should I remove the check mark next to Wild Tangent CDA?

 

Also, I noticed that there was something without a checkmark next to it titled Activity Recorder and it said that it was located in C:\Download Files\activity 1\activityrecorder.exe -1

Is this harmful spyware?

P.S. I went to the location it specified and there were no files there by that name (also checked hidden files).

 

Thanks. :)

Edited by ConfusedMonkey

Share this post


Link to post
Share on other sites

These are the files that I was worried about because they were in my C:\ and C:\Windows and they some just began to show up on my computer. I do not know which ones I need and which are to be deleted. Thank you. :)

 

C:\

autoexec.bat

autoexec.nai

autoexec.nav

cmdline.txt

Command.com

Command (Ms-Dos Logo)

Cq_rem.ini

Cq_rstat.ini

Essaudio.com

Essaudio.ini

Frunlog.txt

installer.txt

jswx.log

Jul2002.LOG

log.txt

Netlog.txt

newfile.exe

npdrmv2.zip

npds.zip

o

o.bat

pdoxusrs.net

perform.log

s2vvk2f9

s3vvk2f9.1

s3vvqe3h

scandisk.log

scrcfg.dat

scrhisc.dat

scropt.dat

scrsave.dat

setupxlg.txt

slacode3.txt

slainfo3.txt

travel.ico (appeared on desktop when many spyware problems began to show up)

WINDOWSWinHlp32.BMK

 

C: Folders

.netbeans

bsx32

Cpqdrv

cpqs

GmEmitter

Ncdtree

 

C:\Windows

UnstSA2.exe

 

C:\Download Files\Other

backup-20040712-003933-217

backup-20040712-003933-427

backup-20040712-003933-438

backup-20040712-003933-541

backup-20040712-003933-613

backup-20040712-003933-276

backup-20040712-003933-927

backup-20040712-003933-724

backup-20040712-003933-108

backup-20040712-003933-462

backup-20040712-003933-427-PowerRegSchedulerV2.exe

Share this post


Link to post
Share on other sites
I just rebooted my computer and got an error on startup...

Error Loading C:\Progra~1\Wildta~1\Apps\CDA\CDAENG~1.dll

 

Then I went to Start>Run>msconfig>startup and saw a checkmark next to Wild Tangent CDA Rundll32.exe C:\Progra~1\Wildta~1\Apps\CDA\CDAENG~1.dll, cdaEngineMain

 

Should I remove the check mark next to Wild Tangent CDA?

 

Just to update, I removed the checkmark and the error message does not appear at start up anymore so that appears to be okay.

Edited by ConfusedMonkey

Share this post


Link to post
Share on other sites

Hi,

I tried to rename the file but there is still one file with the exact same name but without the "_". Should I delete one?

No do not delete the good one, just delete the entry:

 

{CFBFAE00-17A6-11D0-99CB-00C04FD64497}_

 

Remove the following via SpyBot > Uninstall info

Highlight then click Delete:

 

Red Swoosh EDN Client (remove only) (RSNet EDN)

uninstall cmd: C:\WINDOWS\RSEDNClientUninstaller.exe

 

URL Display (UrlSidebar)

uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f3

 

Context Display (ContextSidebar)

uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f4

 

LookSmart Search (SpiderSidebar)

uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f5

 

RON Display (RonSidebar)

uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f7

 

Lycos Search (MirrorUnder)

uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f8

 

I just rebooted my computer and got an error on startup...

Error Loading C:\Progra~1\Wildta~1\Apps\CDA\CDAENG~1.dll

I have no idea why you are getting that error, you may need to uninstall WindTagnet then reinstall, but do this after you get your machine cleaned up.

 

without a checkmark next to it titled Activity Recorder
I have no idea what that is exactly, but it looks like something you installed to record the activity on your machine.

http://www.google.com/search?q=%22Activity...fe=off&c2coff=1

 

As for the files in question ...

Do not delete at least the following:

autoexec.bat

autoexec.nai

autoexec.nav

Command.com

Command (Ms-Dos Logo)

Cq_rem.ini

Cq_rstat.ini

Essaudio.com

Essaudio.ini

-

I would suggest creating a "C:\Junk" folder and "move" any unknown files there, if nothing complains after about 30 days you can detete them.

 

Note: newfile.exe, o, o.bat =

http://www.computing.net/security/wwwboard/forum/11829.html

 

C:\Windows: UnstSA2.exe = Adware.BlazeFind

http://sarc.com/avcenter/venc/data/pf/adware.blazefind.html

Note: your NAV should have caught that! Is NAV up-to-date and working?

 

How To: Configure Norton AntiVirus to scan all files

Share this post


Link to post
Share on other sites

Hi, I have the second thought thing on my comp and I don't know what Highjack This is. I can't even shutdown my computer now because it says something about windows\system32\command.com (sorry, i can't remember the exact thing) not being able to end. Can someone please help me? Thanks!

Share this post


Link to post
Share on other sites

Potato,

Please start your own Topic, (click New Topic) then post your HijackThis log there.

See the big red bold instructions at the top of the page ...

Share this post


Link to post
Share on other sites

Potato,

No problem, it just gets too confusing trying to diagnose different logs in the same topic.

Share this post


Link to post
Share on other sites

I uninstalled the files listed as instructed and deleted the single registry. Should I delete newfile.exe, o, o.bat and UnstSA2.exe? I configured NAV (2001) and scanned my computer but it did not detect anything. I am currently moving the files into the "Junk" folder.

Share this post


Link to post
Share on other sites

Hi,

Should I delete newfile.exe, o, o.bat and UnstSA2.exe?
Yes!

 

I configured NAV (2001) and scanned my computer but it did not detect anything.
That's odd it should have ... hmm ... "NAV (2001)" <--you may need to update that to a more current version?

 

Looks like you should be all set now ... :wave:

Share this post


Link to post
Share on other sites

I deleted the files and I located a folder in the C:\Windows called Kdx and winsxs. Are these spyware or are they programs? Here is my updated HijackThis log. Thank you very much for your continuing help. :)

 

Logfile of HijackThis v1.97.7

Scan saved at 5:14:13 PM, on 7/16/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl

O9 - Extra button: Translate (HKLM)

O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)

O9 - Extra 'Tools' menuitem: AV Home (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8179.9264351852

Share this post


Link to post
Share on other sites

Also, this is my spybot uninstall info log... :)

 

(DXM_Runtime)

 

(ICW)

 

Microsoft Internet Explorer 6 SP1 and Internet Tools (IE40)

uninstall cmd: rundll32 setupwbv.dll,IE6Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINDOWS\IE Uninstall Log.Txt"

 

(DirectDrawEx)

 

(IE5BAKEX)

 

(SchedulingAgent)

 

(MobileOptionPack)

 

(MSJavaVM)

 

(MSTASK)

 

(MSWALLET)

 

Microsoft Outlook Express 6 (OutlookExpress)

uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /UNINSTALL /PROMPT

 

(AddressBook)

uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT

 

Microsoft Web Publishing Wizard 1.6 (WebPost)

uninstall cmd: RunDll32 ADVPACK.DLL,LaunchINFSection C:\windows\INF\wpie5x86.inf,WebPostUninstall

 

(Branding)

 

(fontcore)

 

(IE_EXTRA)

 

NetMeeting 3.01 (NetMeeting)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\msnetmtg.inf,NetMtg.Remove.W95

 

Microsoft FrontPage Express (FrontPageExpress)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\fpxpress.inf, Uninstall

 

(fontsup)

 

(ADIELangPack)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\AD.inf, Uninstall

 

Windows 98 Second Edition Digital Video Update (W98SE.DV.UPD)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\QFE\2427UN.inf, DefaultInstall

 

Easy Access Button Support ({93539D60-1817-11D1-9504-00805F26A89C})

uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93539D60-1817-11D1-9504-00805F26A89C}\setup.exe" -uninst

 

(CPQBezelDeinstKey)

 

Microsoft Works 2000 1.0.0.0000 ({56364334-9530-11D2-BFFC-00C04FA329AA})

version: 16777216

version (major): 1

install date: 5/5/00

install source: C:\appl.zip\wks2000\

uninstall cmd: MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}

publisher: Microsoft Corporation

comments: Microsoft Works 2000 installation.

help link: http://www.microsoft.com

 

Compaq Wizard Host Online v2.6 (Compaq Wizard Host Online)

uninstall cmd: C:\WINDOWS\uninst.exe -fc:\compaq\lutil\DeIsL1.isu -c"c:\compaq\lutil\ISUninst.dll

 

Compaq Digital Dashboard LED (Digital Dashboard)

uninstall cmd: C:\Program Files\Compaq\Digital Dashboard\uninstall.exe

 

Compaq OOBE Online (Compaq OOBEDeinstKey)

uninstall cmd: C:\WINDOWS\uninst.exe -fC:\compaq\oobe\DeIsL1.isu

 

Compaq WebReg v2.6 (Compaq WebReg v2.6)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq WebReg v2.6\Uninst.isu"

 

Compaq WebISP (WebISPDeinstKey)

uninstall cmd: C:\WINDOWS\uninst.exe -fC:\Compaq\webisp\DeIsL1.isu

 

Compaq IE5 Custom CA v2.6 (Compaq IE5 Custom CA v2.6)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq IE5 Custom CA v2.6\Uninst.isu" -c"C:\Compaq\IE5\IE5_Uninstall.DLL"

 

Netscape Communicator 4.7 (Netscape Communicator 4.7)

uninstall cmd: C:\WINDOWS\cd32.exe 4.7 (en)

 

Compaq Hardware Discovery (Compaq Hardware Discovery)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq Hardware Discovery\Uninst.isu"

 

RioPort Audio Manager (Audio Manager)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RioPort\Audio Manager\Uninst.isu" -c"C:\Program Files\RioPort\Audio Manager\Uninst.dll"

 

Compaq Diagnostics for Windows (Compaq Diagnostics for Windows)

uninstall cmd: C:\WINDOWS\uninst.exe -fC:\WINDOWS\CPQDIAG\DeIsL1.isu -cC:\WINDOWS\CPQDIAG\_ISREG32.DLL

 

Microsoft Money 2000 Standard (MSMONEYV80)

uninstall cmd: C:\Program Files\Microsoft Money\setup\setup.exe

 

Shockwave (Shockwave)

uninstall cmd: C:\WINDOWS\SYSTEM\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM\MACROMED\SHOCKW~2\Install.log

 

Microsoft Encarta Encyclopedia 2000 (Encarta Encyclopedia 2000 A)

uninstall cmd: "C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000\unee2000.exe" /uninstall

 

HSP56 MicroModem Drivers (Installing HSP56 MicroModem Drivers)

uninstall cmd: ptuninst.exe

 

(ADAPTECMASTERKEY)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"

 

(ADAPTECCreateCDKEY)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\CreateCD\UNINST.ISU"

 

(ADAPTECCreatr32KEY)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"

 

Adaptec Easy CD Creator 4 (Adaptec Master Setup)

uninstall cmd: "C:\Program Files\Common Files\Adaptec\ECDCUNIN\SETUP.EXE" -l0009 -fECDC.INS

 

Adaptec DirectCD (DirectCD)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\DirectCD\DCDUnins.isu" -cC:\PROGRA~1\ADAPTEC\DIRECTCD\Dcduhlp.dll

 

(Chl99)

 

Access Manager (Access Manager)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Sympatico High Speed Edition\Access Manager\Uninst.isu" -c"C:\SYMPAT~1\ACCESS~1\NTSUninstall.dll"

 

Viewpoint Media Player (ViewpointMediaPlayer)

uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

 

(expinst)

 

(IEREADME)

 

(HTMLHelp)

 

(128PATCH)

 

Foreign Language Advantage 2001 (Foreign Language Advantage 2001)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Encore Software\Foreign Language Advantage 2001\Uninst.isu"

 

StudyWorks 2001 (StudyWorks 2001)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MathSoft\StudyWorks 2001\Uninst.isu" -c"C:\Program Files\MathSoft\StudyWorks 2001\uninst.dll

 

ICQ (ICQ)

uninstall cmd: C:\PROGRA~1\ICQ\ICQUninstall.EXE

 

ZipCentral 4.01 4.01 (ZipCentral_is1)

uninstall cmd: "C:\Program Files\ZipCentral\unins000.exe"

publisher: Johan Savås

help link: http://zipcentral.isCool.net

 

QuickTime (QuickTime)

uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\SYSTEM\QuickTime\Uninstall.log

 

Trellix Web (Trellix2DeinstKey9)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Trellix Web\Uninst.isu"

 

Print Perfect Suite (Print Perfect Suite)

uninstall cmd: C:\WINDOWS\uninst.exe -fC:\Pperfect\DeIsL1.isu -cC:\Pperfect\_ISREG32.DLL

 

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)

version (major): 5

install location: C:\Program Files\Adobe\Acrobat 5.0

install source: C:\WINDOWS\TEMP\pft9362~TMP\

uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\98\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\98\Uninst.dll"

publisher: Adobe Systems, Inc.

help link: http://www.adobe.com/prodindex/acrobat/main.html

 

RealOne Player (RealPlayer 6.0)

uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

 

(RealJukebox 1.0)

uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

 

Lexmark Z22-Z32 Series (Lexmark Z22-Z32 Series)

uninstall cmd: LXAEDEL.EXE

 

(ShockwaveFlash)

 

Logitech QuickCam (Logitech QuickCam)

uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Logitech\QuickCam\Uninst.isu"

 

Microsoft NetShow Tools 2.0 (Microsoft NetShow Tools 2.0)

uninstall cmd: C:\Program Files\Microsoft NetShow\Tools\_INSTTOO.EXE /U

 

(Microsoft NetShow Player 2.0)

 

EACOM Game Installer (EACOM Game Installer)

uninstall cmd: C:\Program Files\EAcom\GILS\uninstall.exe C:\PROGRA~1\EACOM\GILS\INSTALL.LOG

 

EA.COM (EA.COM )

uninstall cmd: C:\PROGRA~1\EACOM\UPDATE\UNWISE.EXE C:\PROGRA~1\EACOM\UPDATE\INSTALL.LOG

 

Easy Translator International (Easy Translator International)

uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\TLI\Transcend\DeIsL1.isu"

 

MDL Chime/Chime Pro for Internet Explorer (MDL Chime/Chime Pro for Internet Explorer)

uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\INTERN~1\Plugins\chime26.isu

 

QuickTime for Windows (32-bit) (QuickTime32)

uninstall cmd: C:\WINDOWS\QTW32DEL.EXE

 

Quicktime Browser Plug-In (QuicktimePluginDeinstallKey)

uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Internet Explorer\plugins\npqtw\DeIsL1.isu"

 

Arabic Language Support (ARIELangPack)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\AR.inf, Uninstall

 

Windows Media Player system update (9 Series) (WMP7)

uninstall cmd: C:\PROGRA~1\WINDOW~1\setup_wm.exe /Uninstall

 

(MPlayer2)

 

Norton AntiVirus 2001 (Norton AntiVirus)

uninstall cmd: "C:\WINDOWS\NAVUSTUB.EXE" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Norton AntiVirus\nav95.isu" -c"C:\Program Files\Norton AntiVirus\NAVINS95.DLL"

 

LiveReg (Symantec Corporation) 2.1.5.1502 (LiveReg)

install location: C:\Program Files\Common Files\Symantec Shared\LiveReg

uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE

publisher: Symantec Corporation

 

Rescue Disk (Norton Rescue)

 

DivX Player 2.1 (DivX Player)

uninstall cmd: C:\Program Files\DivX\DivX Player 2.1\uninstall.bat

 

DivX Codec (DivX Codec)

uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log

 

Paint Shop Pro 7 ESD 7.0.0.0000 ({D6DE02C7-1F47-11D4-9515-00105AE4B89A})

version: 117440512

version (major): 7

estimated size: 138767

install date: 20030729

install source: c:\windows\TEMP\_is62F3\

uninstall cmd: MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}

publisher: Jasc Software Inc

comments: Paint Shop Pro 7

help link: http://www.jasc.com

help telephone: 952-930-9171

readme: c:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Readme.doc

 

AOL (Choose which version to remove) (America Online ca)

uninstall cmd: C:\Program Files\Common Files\aolshare\Aolunins_ca.exe

 

(InstallShield Uninstall Information)

 

Microsoft PowerPoint Viewer 97 (PPTView97)

uninstall cmd: C:\Program Files\PowerPoint Viewer\setup\setup.exe

 

Microsoft Office 2000 Premium 9.00.2720 ({00000409-78E1-11D2-B60F-006097C998E7})

version: 150997664

version (major): 9

estimated size: 549665

install date: 20031106

install source: E:\

uninstall cmd: MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}

publisher: Microsoft Corporation

help link: http://www.microsoft.com/support

readme: c:\Program Files\Microsoft Office\Office\ofread9.txt

 

Japanese Language Support (JAIELangPack)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall

 

Java 2 SDK, SE v1.4.2 1.4.2 ({35A3A4F4-B792-11D6-A78A-00B0D0142000})

version: 17039362

version (major): 1

version (minor): 4

estimated size: 160768

install date: 20040101

install source: C:\WINDOWS\Local Settings\Application Data\{35A3A4F2-B792-11D6-A78A-00B0D0142000}\

uninstall cmd: MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142000}

publisher: Sun Microsystems, Inc.

comments: no comments

contact: http://java.sun.com

help link: http://java.sun.com

help telephone: http://java.sun.com

 

LiveUpdate 2.0 (Symantec Corporation) 2.0.39.0 (LiveUpdate)

install location: C:\Program Files\Symantec\LiveUpdate

uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U

publisher: Symantec Corporation

 

Adobe Download Manager 1.2 (Remove Only) (AdobeESD)

uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

 

MSN Messenger 6.1 6.1.0211 ({ABEB838C-A1A7-4C5D-B7E1-8B4314600211})

version: 100729043

version (major): 6

version (minor): 1

estimated size: 9636

install date: 20040409

install source: c:\windows\TEMP\IXP000.TMP\

uninstall cmd: MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}

publisher: Microsoft Corporation

 

Ad-aware 6 Personal 6.0.1.181 Personal (Ad-aware 6 Personal)

uninstall cmd: C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG

publisher: Lavasoft

help link: http://www.lavahelp.com

 

XviD MPEG-4 Video Codec XviD-1.0-05042004 (XviD_is1)

uninstall cmd: "C:\Program Files\XviD\unins000.exe"

publisher: XviD Team (Koepi)

help link: http://forum.doom9.org/forumdisplay.php?s=&forumid=52

 

Java 2 Runtime Environment, SE v1.4.2_04 1.4.2_04 ({7148F0A8-6813-11D6-A77B-00B0D0142040})

version (major): 1

version (minor): 4

estimated size: 221121

install date: 20040612

install source: http://java.sun.com/webapps/download/GetFi...5/windows-i586/

uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}

publisher: Sun Microsystems, Inc.

comments: http://www.java.com

contact: http://www.java.com

help link: http://www.java.com

help telephone: http://www.java.com

readme: Readme.txt

 

WildTangent Web Driver (WildTangent CDA)

uninstall cmd: C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe

 

Relaxing Ocean Screen Saver (Relaxing Ocean)

uninstall cmd: C:\WINDOWS\SYSTEM\Relaxing Ocean.scr /u

 

(IEData)

 

(IE4Data)

 

(VGX)

 

Windows 98 Q823559 Update (Q823559)

uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\QFE\W98.SE\823559UN.INF

 

Spybot - Search & Destroy 1.3 1.3 (Spybot - Search & Destroy_is1)

uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

publisher: Safer Networking Limited

Share this post


Link to post
Share on other sites

Just to update...I just checked start>run>msconfig>startup, there is a checkmark next to C:\Windows\system\fonts\system\explorer\mru\smss.exe

should I remove the checkmark? Also, how do I delete some of the listings on there that are no longer being used... for example I never had TV media and there is a listing for it there. Does that mean it is still present on my computer. Thanks.

Share this post


Link to post
Share on other sites

Hi,

a folder in the C:\Windows called Kdx and winsxs.
I have no idea exactly what those folders are.

Microsoft does use "Winsxs" but not usually on Win98 ...

 

there is a checkmark next to C:\Windows\system\fonts\system\explorer\mru\smss.exe
It's not showing up in your log ...

You may need to edit the Registry manually by searching on:

C:\Windows\system\fonts\system\explorer\mru\smss.exe

 

Do the same for: TV media

However Ad-Aware and\or SpyBot should pick those up ...

 

The uninstall and HijackThis log look clean now ... :wave:

Share this post


Link to post
Share on other sites
Hi,
a folder in the C:\Windows called Kdx and winsxs.
I have no idea exactly what those folders are.

Microsoft does use "Winsxs" but not usually on Win98 ...

I will leave those folders alone then.

 

there is a checkmark next to C:\Windows\system\fonts\system\explorer\mru\smss.exe
It's not showing up in your log ...

You may need to edit the Registry manually by searching on:

C:\Windows\system\fonts\system\explorer\mru\smss.exe

I tried searching for it but it does not show up. Should I just remove the checkmark?

 

Do the same for: TV media

I did find a folder called bsx32 in my C:\ and it has a lot of different files in them that might look like spyware but am not sure. Should I delete it or move it to the Junk folder?

 

However Ad-Aware and\or SpyBot should pick those up ...

I had many spyware attacks and they mostly got rid of them but it is still showing up on my msconfig startup list so I was just wondering if it is still present on my computer.

 

The uninstall and HijackThis log look clean now ... :wave:

Woo Hoo! :) Thank you for your continuing help.

Share this post


Link to post
Share on other sites

I just did a quick scan with HijackThis and it seems that one of the problems is back...

 

Logfile of HijackThis v1.97.7

Scan saved at 1:52:01 AM, on 7/17/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl

O9 - Extra button: Translate (HKLM)

O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)

O9 - Extra 'Tools' menuitem: AV Home (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8179.9264351852

 

Should I just put the checkmark next to it and "fix" the problem again?

Edited by ConfusedMonkey

Share this post


Link to post
Share on other sites

Hi,

Close all open windows, rescan with HijackThis

Place a check in each of the following then click "Fix checked".

 

O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe

 

Then reboot, on restart, Restart in Ms-Dos Mode

From C:\> (type and press Enter after each command)

 

cd\windows

smartdrv

deltree tempor~1

deltree history

deltree temp

cd\windows\system\fonts\system\explorer\mru

deltree mru

 

Restart (Ctrl-Alt-Del)

 

Note: "deltree" will prompt you about deleting, answer (Y) yes

 

Download icon11.gifHijackThis! 1.98

Share this post


Link to post
Share on other sites
Do the same for: TV media

I did find a folder called bsx32 in my C:\ and it has a lot of different files in them that might look like spyware but am not sure. Should I delete it or move it to the Junk folder?

 

However Ad-Aware and\or SpyBot should pick those up ...

I had many spyware attacks and they mostly got rid of them but it is still showing up on my msconfig startup list so I was just wondering if it is still present on my computer.

____________________________________________________________

 

I did as the above says but when I tried to type in cd\windows\system\fonts\system\explorer\mru it said invalid directory

then I tried it without the mru and typed in deltree mru but it did not prompt me about deleting.

 

Here is my updated HijackThis Log...

Logfile of HijackThis v1.98.0

Scan saved at 3:07:45 PM, on 7/17/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O21 - SSODL: URLREWIN - {CA2DB500-5ECF-11D2-B28F-0080C8383C7B} - C:\WINDOWS\SYSTEM\shmswnrc.dll

 

In the previous logs I have never seen this entry. Should it be removed? Thanks. :)

Share this post


Link to post
Share on other sites

Hi,

In the previous logs I have never seen this entry.
HijackThis 1.98 detects a few more entries ...

 

Spector is perhaps the most powerful and common spyware. It adds several files to the C:\Windows\System directory, including mswnsrvx.cnt, mswnsrvx.exe, mswnsrvx.hlp, shmswnmp.dll, and shmswnrc.dll (all of these are hidden files). The easiest way to determine whether you are under surveillance by Spector is to check for the C:\Windows\System\WebExt directory, which contains files with names like "4F0BF6D8.TPS." There may also be a master log file called "_MSFILEA.TXT", which shows when each capture file starts. The WebExt directory isn't hidden, but it can be changed to another name to make it harder to detect.

http://faculty.ncwc.edu/toconnor/426/426lect15.htm

http://www.pcworld.com/news/article/0,aid,32863,pg,8,00.asp

 

Close all open windows and browsers, rescan with HijackThis.

Place a check in each of the following then click "Fix checked".

 

O21 - SSODL: URLREWIN - {CA2DB500-5ECF-11D2-B28F-0080C8383C7B} - C:\WINDOWS\SYSTEM\shmswnrc.dll

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Open Windows Explorer to C:\Windows\Temp

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\WINDOWS\SYSTEM\shmswnrc.dll <--this file

 

While still in Safe Mode ...

Then "move" those files from "bsx32" to C:\Junk

 

Then check for (delete) any other existing file from "Spector" mentioned above.

 

Also does this folder still exist?

C:\windows\system\fonts\system\explorer\mru

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Share this post


Link to post
Share on other sites

Okay, I found and deleted mswnsrvx.cnt, mswnsrvx.exe, mswnsrvx.hlp, shmswnmp.dll, shmswnrc.dll (they are still in my recycling bin because I forgot to empty out while in safe mode, should I go back to safe mode and empty my recycling bin?) Also I found 2 copies of "_MSFILEA.TXT", should I delete both? One was found in C:\Windows\System\ieext (should I delete the entire folder)? The other copy was found in C:\My Music\Spector and inside the folder there are multiple .spt files (Rasmol script files) should I delete everything in the folder? Also, I moved all of the files from bsx32 to junk and will leave it there for 30 days, if no troubles arise it is safe to delete, right? Is it better if I just save the folder junk on a CD-RW and delete them all of my computer? I was unable to locate the folder C:\Windows\System\Fonts\System\Explore\mru.

 

Here is my updated HijackThis log...

Logfile of HijackThis v1.98.0

Scan saved at 6:39:45 PM, on 7/17/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

Share this post


Link to post
Share on other sites

Hi,

Delete:

C:\Windows\System\ieext <--this folder

C:\My Music\Spector <--this folder

_MSFILEA.TXT <--this file

 

Then empty the Recycle Bin

 

Is it better if I just save the folder junk on a CD-RW and delete them

You can just delete the contents of C:\Junk after a while.

Share this post


Link to post
Share on other sites

Here is my newest HijackThis Log. Since I started getting help from this forum my computer has started to run a lot faster. I had a little bit of trouble following the last set of directions given because I restarted and went into safe mode but when I started to delete some of the files I lost control of the mouse. To specify, whenever I would just move the mouse it would start to left-click and right-click on the icons on my desktop, so I continued by using the keyboard. The only files I deleted while not in safe mode was C:\My Music\Spector. I hope this is okay. Would you like me to post my uninstall info log from spybot? Also, are there any files I can download to prevent this from happening again? Thank you very much for your help and I hope this log brings better news. :)

 

Logfile of HijackThis v1.98.0

Scan saved at 11:07:29 PM, on 7/17/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

 

For all of them that say file missing in brackets, should they be deleted? Also, what are the 016's? Can the be deleted to free up more resources on my computer? Thanks :)

Edited by ConfusedMonkey

Share this post


Link to post
Share on other sites

Just to update, I have installed IE-SPYADS, SpywareBlaster and Browser Hijack Blaster after reading the recommendations on this website. Do I have to run Browser Hijack Blaster on my taskbar in order for it to work? Also, I just re-checked my C:\ and the folder .netbeans is back and I also have some new files (including hidden files) that I am not sure about.

 

C:\

Bootlog.prv (hidden)

bootlog.txt (hidden)

Config.sys

detlog.txt (hidden)

drvspace.bin (hidden)

lo.sys (hidden)

jswx.log

logo.sys

Msdos.--- (hidden)

Msdos.sys (hidden)

npdrmv2.dll

npdsplay.dll

npwmsdrm.dll

perform.log

videorom.bin (hidden)

 

This is after moving the previous files to the C:\Junk folder.

Share this post


Link to post
Share on other sites

After all the installations I tried to run HijackThis and the program kept freezing at 015 - Trusted Zone Enumeration. I will reboot my computer in a while and see if the problem goes away.

Share this post


Link to post
Share on other sites

Hi,

Do I have to run Browser Hijack Blaster on my taskbar in order for it to work
I have no idea as I've never used it.

Try using their Support Forum: http://www.wilderssecurity.com/

 

I just re-checked my C:\ and the folder .netbeans is back
I have no idea what that folder is or what is creating it ...

 

I also have some new files (including hidden files)
All those files are fine, most are (MS) files.

Share this post


Link to post
Share on other sites

I restarted my computer and I am unable to scan using HijackThis anymore because the program keeps freezing at the point in the scan 015 - Trusted Zone Enumeration. What should I do?

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 1:26:42 PM, on 7/18/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNDAL.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

 

Why are there so many things with file missing in brackets following? Should I delete those files? Also what are the O16's? Are they needed by my computer or is it safe to delete it to speed up my computer a little more? Thanks.

Share this post


Link to post
Share on other sites

Hi,

Your log is clean ... same as it was the last 3 times.

 

Why are there so many things with file missing in brackets following?
That's just the way the new HijackThis detects things, they are not really missing ...

 

Also what are the O16's

O16 - ActiveX Objects (aka Downloaded Program Files)

http://www.spywareinfo.com/~merijn/htlogtutorial.html

 

No, deleting them will not speed up your computer ... :wave:

Share this post


Link to post
Share on other sites
Your log is clean ... same as it was the last 3 times.

Just making sure because of the .netbeans folder reappearing.

 

Thank you for all of your help and patience. :D:wave:

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 1:16:39 AM, on 7/25/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab

O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab

 

I am getting a message at startup that states that I already have an updated version of iexplore.exe. Should I "Fix" this entry in my HijackThis log?

Share this post


Link to post
Share on other sites

Hi,

Looks like you are infected again ...

 

Close all open windows and browsers, rescan with HijackThis.

Place a check in each of the following then click "Fix checked".

 

O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Open Windows Explorer to C:\Windows\Temp

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\WINDOWS\iexplore.exe <--this file

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

 

I would suggest adding some "Defense" to your system ...

atb_help.gifHow To: Prevent this from happening again?

Share this post


Link to post
Share on other sites

Here is the new log. I am currently in the process of adding some "defense" but I already have spyware blaster and it didn't seem to help.

 

Logfile of HijackThis v1.98.0

Scan saved at 5:16:54 PM, on 7/25/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=1009

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll

O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll

O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll

O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...kII/install.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...253/mcfscan.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab

O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab

Share this post


Link to post
Share on other sites

Just an additional question. I was in the process of installing the Hosts file and it asked if I would like to re-write the previous file. Do I click yes?

 

 

*Edit: I clicked yes to replace the file with the new version.

Edited by ConfusedMonkey

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0