Jump to content


Photo

HELP!


  • This topic is locked This topic is locked
59 replies to this topic

#1 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 10 July 2004 - 04:57 PM

I have noticed a lot of different spywares on my computer and some like a free travel voucher icon keeps coming up. I also noticed id53.exe and fnuninstaller.exe and don't know what to do with these. There is also Windows SR 2.0 and none of these are removable by going to control panel add/remove programs. Also under the add/remove programs list there is stuff like URL display, Lycos search engine and more that won't uninstall. Please help. Plus there is the HijackThis log too....

Logfile of HijackThis v1.97.7
Scan saved at 5:51:51 PM, on 7/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\LIVEUPDATE\LIVEUPDATE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - SOFTWARE - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.ca
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab

#2 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 10 July 2004 - 11:32 PM

Please help, I don't know anything about what HijackThis is listing and am even having troubles shutting down my computer. I am also getting error stating that Windows System is not responding.

#3 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 11 July 2004 - 07:54 AM

Hi,
Close all open windows, rescan with HijackThis
Place a check in each of the following then click "Fix checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe
O4 - Startup: PowerReg SchedulerV2.exe


Then reboot, on restart, restart in Ms-Dos Mode

From C:\> (type and press Enter after each command)

cd\windows
smartdrv
deltree tempor~1
deltree history
deltree temp
cd\windows\system\fonts\system\explorer
deltree mru



Restart (Ctrl-Alt-Del)

Upon restart ... Download Posted Image Ad-Aware

After installing Ad-Aware, and before running the program.

Update Ad-aware's Reference File: instructions Posted Image here

Required Step: Posted Image Reconfigure Ad-Aware for Full Scan

Posted ImageImportant! Your system is severly out of date!
Visit Posted Image Windows Update and install all the "Critical Updates"

After the above, reboot, rescan with HijackThis and post a fresh log ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#4 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 11 July 2004 - 11:59 PM

When restarting in Ms-dos mode it said
C:\windows\

so I just continued and typed in each command but after the deltree ones it asks if I want to delete & all subdirectories (y/n), yes or no?
Also, when I type in cd\windows\system\fonts\system\explorer and then press enter and deltree mru it follows up with C:\windows\system\fonts\system\explorer\deltree mru and asks whether I want to delete and all subdirectories, yes or no?

Please Help!
P.S. I have Ad-Aware 6.0 do I need to re-download?

*Edit: Updated and reconfigured Ad-Adware for Full Scan and Updated and Installed All Critical Updates (Hopefully those are free). Just patiently awaiting answers.

Edited by ConfusedMonkey, 12 July 2004 - 12:41 AM.


#5 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 12 July 2004 - 12:47 AM

C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe
PowerReg SchedulerV2.exe

show up with check marks next to them on msconfig's startup. Also my task scheduler is back and I was wondering if I uncheck mmtask.exe to get rid of it from my taskbar. Thanks.

Edited by ConfusedMonkey, 12 July 2004 - 12:48 AM.


#6 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 12 July 2004 - 04:11 AM

Hi,

after the deltree ones it asks if I want to delete & all subdirectories

That's normal for the prompt from Windows for "deltree", just press "Y" and continue for each prompt. Yes you want to delete all the "subdirectories".

Note: the reason you have to do this in DOS mode is Windows hides from view any other files\folders for "Windows\Fonts". Those "subdirectories" should not exist there, but that's why these culprits use those locations = to hide them from your view.

show up with check marks next to them on msconfig's startup.

Those 2 items will be removed from Msconfig via HijackThis, when you select those 2 entries for removal. (see my previous post)

Also my task scheduler is back

Back from where? Was it missing? It only runs when you have assigned a specific task to run at a specific time. Otherwise it does not show up. This may have reappeared from updating your browser and the (check for) "Windows Update" is now a scheduled task.
Disable via Control Panel | Scheduled Tasks | Advanced
[more info]
Q195933 - Cannot Disable Task Scheduler
http://support.micro....com/?id=195933
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#7 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 12 July 2004 - 09:56 AM

Logfile of HijackThis v1.97.7
Scan saved at 10:50:12 AM, on 7/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8179.9264351852


Then I continued to remove (again) the 2 that were previously listed and this is the log after...
Logfile of HijackThis v1.97.7
Scan saved at 10:54:13 AM, on 7/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE
C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8179.9264351852

Please note one of the bolded selections is still present after 2 attempts.
P.S. The task scheduler had reappeared in my taskbar and I removed it from my taskbar by going to msconfig and removing the check next to mmtask.exe. There are also numerous backup copies of the task scheduler and I am not sure whether to keep them or delete them. Also, I did not understand how to disable the live update. Thanks.

#8 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 12 July 2004 - 12:09 PM

Also, once I began having problems with spyware a numerous amount of icons started appearing in my folders (C:\windows and just C:\). If requested I can make screen caps of the icons or type in the name given to the files. Thanks for your help. :)

#9 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 12 July 2004 - 03:24 PM

Hi,

Please note one of the bolded selections is still present after 2 attempts.

Download: RepairDefaultPrefix.reg
http://www.mvps.org/...02/unwanted.htm
To use: Right-click and select: Merge, Ok the prompt and reboot.

numerous amount of icons started appearing in my folders (C:\windows and just C:\).

Can't you just delete those items? Does Ad-Aware detect those items? As they are not showing up in your log ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#10 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 12 July 2004 - 05:45 PM

Logfile of HijackThis v1.97.7
Scan saved at 6:43:20 PM, on 7/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE
C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8179.9264351852


Should I try to delete it again?
For the other programs that have appeared... So far I have run Ad-Aware and Spybot and these files do not seem to go away. Also, I have seen new files being added to be add/remove programs box in the control panel. I can delete them but I don't know what is needed and what is spyware. Thanks for the help. :)

Edited by ConfusedMonkey, 12 July 2004 - 06:21 PM.


#11 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 12 July 2004 - 06:20 PM

Just an update... I did try to delete the file again and it won't delete.

#12 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 12 July 2004 - 07:59 PM

Hi,
That reg file (RepairDefaultPrefix.reg) should have reset that entry.
Looks like you are going to have to fix this manually.

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

Start | Run (type) regedit
Navigate to the following location:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

In the right pane, right-click on the below entry and select: Rename

{CFBFAE00-17A6-11D0-99CB-00C04FD64497}_

Backspace out the "_" at the end of the entry. Close Regedit.

Also, I have seen new files being added to be add/remove programs box

Open SpyBot, click "+Tools", click "Uninstall info"
Click Export (right pane), this will create a text file (SpybotSD.Uninstall report.txt) of
the entries in Add Remove. Paste that info into your next post.

Just an update... I did try to delete the file again and it won't delete.

You tried to delete what file?
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#13 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 12 July 2004 - 10:45 PM

For the first step it says that the name already exists (it is located in the same folder) and to choose another file name.

For the second step, I opened spybot - search and destroy (Version 1.2) and can't find "+Tools".

#14 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 13 July 2004 - 04:00 AM

Hi,
Locate: RepairDefaultPrefix.reg
Right-click and select: Merge, Ok the prompt and reboot.

search and destroy (Version 1.2) and can't find "+Tools".

Well ... you are using an outdated version ...
Download Posted Image SpyBot-Search & Destroy 1.3

Open SpyBot, click "Search for Updates"
Then run a scan, "fix" everything marked in red and reboot.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#15 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 13 July 2004 - 04:32 PM

I followed the steps listed in the previous post. I tried to rename the file but there is still one file with the exact same name but without the "_". Should I delete one? Thank you for your continuing help. :)

P.S. Here is the Spybot Report

(DXM_Runtime)

(ICW)

Microsoft Internet Explorer 6 SP1 and Internet Tools (IE40)
uninstall cmd: rundll32 setupwbv.dll,IE6Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINDOWS\IE Uninstall Log.Txt"

(DirectDrawEx)

(IE5BAKEX)

(SchedulingAgent)

(MobileOptionPack)

(MSJavaVM)

(MSTASK)

(MSWALLET)

Microsoft Outlook Express 6 (OutlookExpress)
uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /UNINSTALL /PROMPT

(AddressBook)
uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT

Microsoft Web Publishing Wizard 1.6 (WebPost)
uninstall cmd: RunDll32 ADVPACK.DLL,LaunchINFSection C:\windows\INF\wpie5x86.inf,WebPostUninstall

(Branding)

(fontcore)

(IE_EXTRA)

NetMeeting 3.01 (NetMeeting)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\msnetmtg.inf,NetMtg.Remove.W95

Microsoft FrontPage Express (FrontPageExpress)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\fpxpress.inf, Uninstall

(fontsup)

(ADIELangPack)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\AD.inf, Uninstall

Windows 98 Second Edition Digital Video Update (W98SE.DV.UPD)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\QFE\2427UN.inf, DefaultInstall

Easy Access Button Support ({93539D60-1817-11D1-9504-00805F26A89C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93539D60-1817-11D1-9504-00805F26A89C}\setup.exe" -uninst

(CPQBezelDeinstKey)

Microsoft Works 2000 1.0.0.0000 ({56364334-9530-11D2-BFFC-00C04FA329AA})
version: 16777216
version (major): 1
install date: 5/5/00
install source: C:\appl.zip\wks2000\
uninstall cmd: MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
publisher: Microsoft Corporation
comments: Microsoft Works 2000 installation.
help link: http://www.microsoft.com

Compaq Wizard Host Online v2.6 (Compaq Wizard Host Online)
uninstall cmd: C:\WINDOWS\uninst.exe -fc:\compaq\lutil\DeIsL1.isu -c"c:\compaq\lutil\ISUninst.dll

Compaq Digital Dashboard LED (Digital Dashboard)
uninstall cmd: C:\Program Files\Compaq\Digital Dashboard\uninstall.exe

Compaq OOBE Online (Compaq OOBEDeinstKey)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\compaq\oobe\DeIsL1.isu

Compaq WebReg v2.6 (Compaq WebReg v2.6)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq WebReg v2.6\Uninst.isu"

Compaq WebISP (WebISPDeinstKey)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\Compaq\webisp\DeIsL1.isu

Compaq IE5 Custom CA v2.6 (Compaq IE5 Custom CA v2.6)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq IE5 Custom CA v2.6\Uninst.isu" -c"C:\Compaq\IE5\IE5_Uninstall.DLL"

Netscape Communicator 4.7 (Netscape Communicator 4.7)
uninstall cmd: C:\WINDOWS\cd32.exe 4.7 (en)

Compaq Hardware Discovery (Compaq Hardware Discovery)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq Hardware Discovery\Uninst.isu"

RioPort Audio Manager (Audio Manager)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RioPort\Audio Manager\Uninst.isu" -c"C:\Program Files\RioPort\Audio Manager\Uninst.dll"

Compaq Diagnostics for Windows (Compaq Diagnostics for Windows)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\WINDOWS\CPQDIAG\DeIsL1.isu -cC:\WINDOWS\CPQDIAG\_ISREG32.DLL

Microsoft Money 2000 Standard (MSMONEYV80)
uninstall cmd: C:\Program Files\Microsoft Money\setup\setup.exe

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\SYSTEM\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM\MACROMED\SHOCKW~2\Install.log

Microsoft Encarta Encyclopedia 2000 (Encarta Encyclopedia 2000 A)
uninstall cmd: "C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000\unee2000.exe" /uninstall

HSP56 MicroModem Drivers (Installing HSP56 MicroModem Drivers)
uninstall cmd: ptuninst.exe

(ADAPTECMASTERKEY)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"

(ADAPTECCreateCDKEY)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\CreateCD\UNINST.ISU"

(ADAPTECCreatr32KEY)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"

Adaptec Easy CD Creator 4 (Adaptec Master Setup)
uninstall cmd: "C:\Program Files\Common Files\Adaptec\ECDCUNIN\SETUP.EXE" -l0009 -fECDC.INS

Adaptec DirectCD (DirectCD)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\DirectCD\DCDUnins.isu" -cC:\PROGRA~1\ADAPTEC\DIRECTCD\Dcduhlp.dll

(Chl99)

Access Manager (Access Manager)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Sympatico High Speed Edition\Access Manager\Uninst.isu" -c"C:\SYMPAT~1\ACCESS~1\NTSUninstall.dll"

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

(expinst)

(IEREADME)

(HTMLHelp)

(128PATCH)

Foreign Language Advantage 2001 (Foreign Language Advantage 2001)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Encore Software\Foreign Language Advantage 2001\Uninst.isu"

StudyWorks 2001 (StudyWorks 2001)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MathSoft\StudyWorks 2001\Uninst.isu" -c"C:\Program Files\MathSoft\StudyWorks 2001\uninst.dll

ICQ (ICQ)
uninstall cmd: C:\PROGRA~1\ICQ\ICQUninstall.EXE

ZipCentral 4.01 4.01 (ZipCentral_is1)
uninstall cmd: "C:\Program Files\ZipCentral\unins000.exe"
publisher: Johan Savås
help link: http://zipcentral.isCool.net

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\SYSTEM\QuickTime\Uninstall.log

Trellix Web (Trellix2DeinstKey9)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Trellix Web\Uninst.isu"

Print Perfect Suite (Print Perfect Suite)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\Pperfect\DeIsL1.isu -cC:\Pperfect\_ISREG32.DLL

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: C:\WINDOWS\TEMP\pft9362~TMP\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\98\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\98\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com...robat/main.html

RealOne Player (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

Lexmark Z22-Z32 Series (Lexmark Z22-Z32 Series)
uninstall cmd: LXAEDEL.EXE

(ShockwaveFlash)

Logitech QuickCam (Logitech QuickCam)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Logitech\QuickCam\Uninst.isu"

Microsoft NetShow Tools 2.0 (Microsoft NetShow Tools 2.0)
uninstall cmd: C:\Program Files\Microsoft NetShow\Tools\_INSTTOO.EXE /U

(Microsoft NetShow Player 2.0)

EACOM Game Installer (EACOM Game Installer)
uninstall cmd: C:\Program Files\EAcom\GILS\uninstall.exe C:\PROGRA~1\EACOM\GILS\INSTALL.LOG

EA.COM (EA.COM )
uninstall cmd: C:\PROGRA~1\EACOM\UPDATE\UNWISE.EXE C:\PROGRA~1\EACOM\UPDATE\INSTALL.LOG

Easy Translator International (Easy Translator International)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\TLI\Transcend\DeIsL1.isu"

MDL Chime/Chime Pro for Internet Explorer (MDL Chime/Chime Pro for Internet Explorer)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\INTERN~1\Plugins\chime26.isu

QuickTime for Windows (32-bit) (QuickTime32)
uninstall cmd: C:\WINDOWS\QTW32DEL.EXE

Quicktime Browser Plug-In (QuicktimePluginDeinstallKey)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Internet Explorer\plugins\npqtw\DeIsL1.isu"

Red Swoosh EDN Client (remove only) (RSNet EDN)
uninstall cmd: C:\WINDOWS\RSEDNClientUninstaller.exe

Arabic Language Support (ARIELangPack)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\AR.inf, Uninstall

Windows Media Player system update (9 Series) (WMP7)
uninstall cmd: C:\PROGRA~1\WINDOW~1\setup_wm.exe /Uninstall

(MPlayer2)

Norton AntiVirus 2001 (Norton AntiVirus)
uninstall cmd: "C:\WINDOWS\NAVUSTUB.EXE" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Norton AntiVirus\nav95.isu" -c"C:\Program Files\Norton AntiVirus\NAVINS95.DLL"

LiveReg (Symantec Corporation) 2.1.5.1502 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE
publisher: Symantec Corporation

Rescue Disk (Norton Rescue)

DivX Player 2.1 (DivX Player)
uninstall cmd: C:\Program Files\DivX\DivX Player 2.1\uninstall.bat

DivX Codec (DivX Codec)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log

Paint Shop Pro 7 ESD 7.0.0.0000 ({D6DE02C7-1F47-11D4-9515-00105AE4B89A})
version: 117440512
version (major): 7
estimated size: 138767
install date: 20030729
install source: c:\windows\TEMP\_is62F3\
uninstall cmd: MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
publisher: Jasc Software Inc
comments: Paint Shop Pro 7
help link: http://www.jasc.com
help telephone: 952-930-9171
readme: c:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Readme.doc

AOL (Choose which version to remove) (America Online ca)
uninstall cmd: C:\Program Files\Common Files\aolshare\Aolunins_ca.exe

(InstallShield Uninstall Information)

Microsoft PowerPoint Viewer 97 (PPTView97)
uninstall cmd: C:\Program Files\PowerPoint Viewer\setup\setup.exe

Microsoft Office 2000 Premium 9.00.2720 ({00000409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 549665
install date: 20031106
install source: E:\
uninstall cmd: MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: c:\Program Files\Microsoft Office\Office\ofread9.txt

Japanese Language Support (JAIELangPack)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall

Java 2 SDK, SE v1.4.2 1.4.2 ({35A3A4F4-B792-11D6-A78A-00B0D0142000})
version: 17039362
version (major): 1
version (minor): 4
estimated size: 160768
install date: 20040101
install source: C:\WINDOWS\Local Settings\Application Data\{35A3A4F2-B792-11D6-A78A-00B0D0142000}\
uninstall cmd: MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142000}
publisher: Sun Microsystems, Inc.
comments: no comments
contact: http://java.sun.com
help link: http://java.sun.com
help telephone: http://java.sun.com

LiveUpdate 2.0 (Symantec Corporation) 2.0.39.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Adobe Download Manager 1.2 (Remove Only) (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

MSN Messenger 6.1 6.1.0211 ({ABEB838C-A1A7-4C5D-B7E1-8B4314600211})
version: 100729043
version (major): 6
version (minor): 1
estimated size: 9636
install date: 20040409
install source: c:\windows\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}
publisher: Microsoft Corporation

Ad-aware 6 Personal 6.0.1.181 Personal (Ad-aware 6 Personal)
uninstall cmd: C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavahelp.com

XviD MPEG-4 Video Codec XviD-1.0-05042004 (XviD_is1)
uninstall cmd: "C:\Program Files\XviD\unins000.exe"
publisher: XviD Team (Koepi)
help link: http://forum.doom9.o...p?s=&forumid=52

Java 2 Runtime Environment, SE v1.4.2_04 1.4.2_04 ({7148F0A8-6813-11D6-A77B-00B0D0142040})
version (major): 1
version (minor): 4
estimated size: 221121
install date: 20040612
install source: http://java.sun.com/...5/windows-i586/
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt

WildTangent Web Driver (WildTangent CDA)
uninstall cmd: C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe

URL Display (UrlSidebar)
uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f3

Context Display (ContextSidebar)
uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f4

LookSmart Search (SpiderSidebar)
uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f5

RON Display (RonSidebar)
uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f7

Lycos Search (MirrorUnder)
uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f8

Relaxing Ocean Screen Saver (Relaxing Ocean)
uninstall cmd: C:\WINDOWS\SYSTEM\Relaxing Ocean.scr /u

(IEData)

(IE4Data)

(VGX)

Windows 98 Q823559 Update (Q823559)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\QFE\W98.SE\823559UN.INF

Spybot - Search & Destroy 1.3 1.3 (Spybot - Search & Destroy_is1)
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Edited by ConfusedMonkey, 13 July 2004 - 04:33 PM.


#16 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 13 July 2004 - 04:48 PM

I just rebooted my computer and got an error on startup...
Error Loading C:\Progra~1\Wildta~1\Apps\CDA\CDAENG~1.dll

Then I went to Start>Run>msconfig>startup and saw a checkmark next to Wild Tangent CDA Rundll32.exe C:\Progra~1\Wildta~1\Apps\CDA\CDAENG~1.dll, cdaEngineMain

Should I remove the check mark next to Wild Tangent CDA?

Also, I noticed that there was something without a checkmark next to it titled Activity Recorder and it said that it was located in C:\Download Files\activity 1\activityrecorder.exe -1
Is this harmful spyware?
P.S. I went to the location it specified and there were no files there by that name (also checked hidden files).

Thanks. :)

Edited by ConfusedMonkey, 13 July 2004 - 11:29 PM.


#17 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 13 July 2004 - 11:47 PM

These are the files that I was worried about because they were in my C:\ and C:\Windows and they some just began to show up on my computer. I do not know which ones I need and which are to be deleted. Thank you. :)

C:\
autoexec.bat
autoexec.nai
autoexec.nav
cmdline.txt
Command.com
Command (Ms-Dos Logo)
Cq_rem.ini
Cq_rstat.ini
Essaudio.com
Essaudio.ini
Frunlog.txt
installer.txt
jswx.log
Jul2002.LOG
log.txt
Netlog.txt
newfile.exe
npdrmv2.zip
npds.zip
o
o.bat
pdoxusrs.net
perform.log
s2vvk2f9
s3vvk2f9.1
s3vvqe3h
scandisk.log
scrcfg.dat
scrhisc.dat
scropt.dat
scrsave.dat
setupxlg.txt
slacode3.txt
slainfo3.txt
travel.ico (appeared on desktop when many spyware problems began to show up)
WINDOWSWinHlp32.BMK

C: Folders
.netbeans
bsx32
Cpqdrv
cpqs
GmEmitter
Ncdtree

C:\Windows
UnstSA2.exe

C:\Download Files\Other
backup-20040712-003933-217
backup-20040712-003933-427
backup-20040712-003933-438
backup-20040712-003933-541
backup-20040712-003933-613
backup-20040712-003933-276
backup-20040712-003933-927
backup-20040712-003933-724
backup-20040712-003933-108
backup-20040712-003933-462
backup-20040712-003933-427-PowerRegSchedulerV2.exe

#18 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 14 July 2004 - 11:44 PM

I just rebooted my computer and got an error on startup...
Error Loading C:\Progra~1\Wildta~1\Apps\CDA\CDAENG~1.dll

Then I went to Start>Run>msconfig>startup and saw a checkmark next to Wild Tangent CDA Rundll32.exe C:\Progra~1\Wildta~1\Apps\CDA\CDAENG~1.dll, cdaEngineMain

Should I remove the check mark next to Wild Tangent CDA?

Just to update, I removed the checkmark and the error message does not appear at start up anymore so that appears to be okay.

Edited by ConfusedMonkey, 14 July 2004 - 11:44 PM.


#19 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 15 July 2004 - 02:33 AM

Hi,

I tried to rename the file but there is still one file with the exact same name but without the "_". Should I delete one?

No do not delete the good one, just delete the entry:

{CFBFAE00-17A6-11D0-99CB-00C04FD64497}_

Remove the following via SpyBot > Uninstall info
Highlight then click Delete:

Red Swoosh EDN Client (remove only) (RSNet EDN)
uninstall cmd: C:\WINDOWS\RSEDNClientUninstaller.exe

URL Display (UrlSidebar)
uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f3

Context Display (ContextSidebar)
uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f4

LookSmart Search (SpiderSidebar)
uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f5

RON Display (RonSidebar)
uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f7

Lycos Search (MirrorUnder)
uninstall cmd: \Progra~1\Lycos\IEagent\FNuninstaller.EXE -f8


I just rebooted my computer and got an error on startup...
Error Loading C:\Progra~1\Wildta~1\Apps\CDA\CDAENG~1.dll

I have no idea why you are getting that error, you may need to uninstall WindTagnet then reinstall, but do this after you get your machine cleaned up.

without a checkmark next to it titled Activity Recorder

I have no idea what that is exactly, but it looks like something you installed to record the activity on your machine.
http://www.google.co...fe=off&c2coff=1

As for the files in question ...
Do not delete at least the following:
autoexec.bat
autoexec.nai
autoexec.nav
Command.com
Command (Ms-Dos Logo)
Cq_rem.ini
Cq_rstat.ini
Essaudio.com
Essaudio.ini
-
I would suggest creating a "C:\Junk" folder and "move" any unknown files there, if nothing complains after about 30 days you can detete them.

Note: newfile.exe, o, o.bat =
http://www.computing...orum/11829.html

C:\Windows: UnstSA2.exe = Adware.BlazeFind
http://sarc.com/avce....blazefind.html
Note: your NAV should have caught that! Is NAV up-to-date and working?

How To: Configure Norton AntiVirus to scan all files
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#20 Potato

Potato

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 15 July 2004 - 07:50 AM

Hi, I have the second thought thing on my comp and I don't know what Highjack This is. I can't even shutdown my computer now because it says something about windows\system32\command.com (sorry, i can't remember the exact thing) not being able to end. Can someone please help me? Thanks!

#21 Potato

Potato

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 15 July 2004 - 08:01 AM

Sorry about the last post. I downloaded Highjack This now. Here's my log file:
Edit by cnm: Removed log to avoid confusing this thread. Potato has now posted it at http://forums.spywar...topic=15623&hl=

Edited by cnm, 15 July 2004 - 07:14 PM.


#22 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 15 July 2004 - 09:02 AM

Potato,
Please start your own Topic, (click New Topic) then post your HijackThis log there.
See the big red bold instructions at the top of the page ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#23 Potato

Potato

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 15 July 2004 - 04:21 PM

whoops.. sorry about that. It was 6am in the morning when i wrote that after trying to get rid of second thought for 5 hours. my mind wasn't functioning properly. i've posted it under a new topic now. sorry!
http://forums.spywar...topic=15623&hl=

#24 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 15 July 2004 - 05:01 PM

Potato,
No problem, it just gets too confusing trying to diagnose different logs in the same topic.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#25 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 16 July 2004 - 01:03 AM

I uninstalled the files listed as instructed and deleted the single registry. Should I delete newfile.exe, o, o.bat and UnstSA2.exe? I configured NAV (2001) and scanned my computer but it did not detect anything. I am currently moving the files into the "Junk" folder.

#26 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 16 July 2004 - 01:53 AM

Hi,

Should I delete newfile.exe, o, o.bat and UnstSA2.exe?

Yes!

I configured NAV (2001) and scanned my computer but it did not detect anything.

That's odd it should have ... hmm ... "NAV (2001)" <--you may need to update that to a more current version?

Looks like you should be all set now ... :wave:
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#27 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 16 July 2004 - 04:14 PM

I deleted the files and I located a folder in the C:\Windows called Kdx and winsxs. Are these spyware or are they programs? Here is my updated HijackThis log. Thank you very much for your continuing help. :)

Logfile of HijackThis v1.97.7
Scan saved at 5:14:13 PM, on 7/16/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8179.9264351852

#28 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 16 July 2004 - 04:16 PM

Also, this is my spybot uninstall info log... :)

(DXM_Runtime)

(ICW)

Microsoft Internet Explorer 6 SP1 and Internet Tools (IE40)
uninstall cmd: rundll32 setupwbv.dll,IE6Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINDOWS\IE Uninstall Log.Txt"

(DirectDrawEx)

(IE5BAKEX)

(SchedulingAgent)

(MobileOptionPack)

(MSJavaVM)

(MSTASK)

(MSWALLET)

Microsoft Outlook Express 6 (OutlookExpress)
uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /UNINSTALL /PROMPT

(AddressBook)
uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT

Microsoft Web Publishing Wizard 1.6 (WebPost)
uninstall cmd: RunDll32 ADVPACK.DLL,LaunchINFSection C:\windows\INF\wpie5x86.inf,WebPostUninstall

(Branding)

(fontcore)

(IE_EXTRA)

NetMeeting 3.01 (NetMeeting)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\msnetmtg.inf,NetMtg.Remove.W95

Microsoft FrontPage Express (FrontPageExpress)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\fpxpress.inf, Uninstall

(fontsup)

(ADIELangPack)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\AD.inf, Uninstall

Windows 98 Second Edition Digital Video Update (W98SE.DV.UPD)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\windows\INF\QFE\2427UN.inf, DefaultInstall

Easy Access Button Support ({93539D60-1817-11D1-9504-00805F26A89C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93539D60-1817-11D1-9504-00805F26A89C}\setup.exe" -uninst

(CPQBezelDeinstKey)

Microsoft Works 2000 1.0.0.0000 ({56364334-9530-11D2-BFFC-00C04FA329AA})
version: 16777216
version (major): 1
install date: 5/5/00
install source: C:\appl.zip\wks2000\
uninstall cmd: MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
publisher: Microsoft Corporation
comments: Microsoft Works 2000 installation.
help link: http://www.microsoft.com

Compaq Wizard Host Online v2.6 (Compaq Wizard Host Online)
uninstall cmd: C:\WINDOWS\uninst.exe -fc:\compaq\lutil\DeIsL1.isu -c"c:\compaq\lutil\ISUninst.dll

Compaq Digital Dashboard LED (Digital Dashboard)
uninstall cmd: C:\Program Files\Compaq\Digital Dashboard\uninstall.exe

Compaq OOBE Online (Compaq OOBEDeinstKey)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\compaq\oobe\DeIsL1.isu

Compaq WebReg v2.6 (Compaq WebReg v2.6)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq WebReg v2.6\Uninst.isu"

Compaq WebISP (WebISPDeinstKey)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\Compaq\webisp\DeIsL1.isu

Compaq IE5 Custom CA v2.6 (Compaq IE5 Custom CA v2.6)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq IE5 Custom CA v2.6\Uninst.isu" -c"C:\Compaq\IE5\IE5_Uninstall.DLL"

Netscape Communicator 4.7 (Netscape Communicator 4.7)
uninstall cmd: C:\WINDOWS\cd32.exe 4.7 (en)

Compaq Hardware Discovery (Compaq Hardware Discovery)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq Hardware Discovery\Uninst.isu"

RioPort Audio Manager (Audio Manager)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RioPort\Audio Manager\Uninst.isu" -c"C:\Program Files\RioPort\Audio Manager\Uninst.dll"

Compaq Diagnostics for Windows (Compaq Diagnostics for Windows)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\WINDOWS\CPQDIAG\DeIsL1.isu -cC:\WINDOWS\CPQDIAG\_ISREG32.DLL

Microsoft Money 2000 Standard (MSMONEYV80)
uninstall cmd: C:\Program Files\Microsoft Money\setup\setup.exe

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\SYSTEM\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM\MACROMED\SHOCKW~2\Install.log

Microsoft Encarta Encyclopedia 2000 (Encarta Encyclopedia 2000 A)
uninstall cmd: "C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000\unee2000.exe" /uninstall

HSP56 MicroModem Drivers (Installing HSP56 MicroModem Drivers)
uninstall cmd: ptuninst.exe

(ADAPTECMASTERKEY)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"

(ADAPTECCreateCDKEY)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\CreateCD\UNINST.ISU"

(ADAPTECCreatr32KEY)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"

Adaptec Easy CD Creator 4 (Adaptec Master Setup)
uninstall cmd: "C:\Program Files\Common Files\Adaptec\ECDCUNIN\SETUP.EXE" -l0009 -fECDC.INS

Adaptec DirectCD (DirectCD)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\DirectCD\DCDUnins.isu" -cC:\PROGRA~1\ADAPTEC\DIRECTCD\Dcduhlp.dll

(Chl99)

Access Manager (Access Manager)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Sympatico High Speed Edition\Access Manager\Uninst.isu" -c"C:\SYMPAT~1\ACCESS~1\NTSUninstall.dll"

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

(expinst)

(IEREADME)

(HTMLHelp)

(128PATCH)

Foreign Language Advantage 2001 (Foreign Language Advantage 2001)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Encore Software\Foreign Language Advantage 2001\Uninst.isu"

StudyWorks 2001 (StudyWorks 2001)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MathSoft\StudyWorks 2001\Uninst.isu" -c"C:\Program Files\MathSoft\StudyWorks 2001\uninst.dll

ICQ (ICQ)
uninstall cmd: C:\PROGRA~1\ICQ\ICQUninstall.EXE

ZipCentral 4.01 4.01 (ZipCentral_is1)
uninstall cmd: "C:\Program Files\ZipCentral\unins000.exe"
publisher: Johan Savås
help link: http://zipcentral.isCool.net

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\SYSTEM\QuickTime\Uninstall.log

Trellix Web (Trellix2DeinstKey9)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Trellix Web\Uninst.isu"

Print Perfect Suite (Print Perfect Suite)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\Pperfect\DeIsL1.isu -cC:\Pperfect\_ISREG32.DLL

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: C:\WINDOWS\TEMP\pft9362~TMP\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\98\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\98\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com...robat/main.html

RealOne Player (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

Lexmark Z22-Z32 Series (Lexmark Z22-Z32 Series)
uninstall cmd: LXAEDEL.EXE

(ShockwaveFlash)

Logitech QuickCam (Logitech QuickCam)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Logitech\QuickCam\Uninst.isu"

Microsoft NetShow Tools 2.0 (Microsoft NetShow Tools 2.0)
uninstall cmd: C:\Program Files\Microsoft NetShow\Tools\_INSTTOO.EXE /U

(Microsoft NetShow Player 2.0)

EACOM Game Installer (EACOM Game Installer)
uninstall cmd: C:\Program Files\EAcom\GILS\uninstall.exe C:\PROGRA~1\EACOM\GILS\INSTALL.LOG

EA.COM (EA.COM )
uninstall cmd: C:\PROGRA~1\EACOM\UPDATE\UNWISE.EXE C:\PROGRA~1\EACOM\UPDATE\INSTALL.LOG

Easy Translator International (Easy Translator International)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\TLI\Transcend\DeIsL1.isu"

MDL Chime/Chime Pro for Internet Explorer (MDL Chime/Chime Pro for Internet Explorer)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\INTERN~1\Plugins\chime26.isu

QuickTime for Windows (32-bit) (QuickTime32)
uninstall cmd: C:\WINDOWS\QTW32DEL.EXE

Quicktime Browser Plug-In (QuicktimePluginDeinstallKey)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Internet Explorer\plugins\npqtw\DeIsL1.isu"

Arabic Language Support (ARIELangPack)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\AR.inf, Uninstall

Windows Media Player system update (9 Series) (WMP7)
uninstall cmd: C:\PROGRA~1\WINDOW~1\setup_wm.exe /Uninstall

(MPlayer2)

Norton AntiVirus 2001 (Norton AntiVirus)
uninstall cmd: "C:\WINDOWS\NAVUSTUB.EXE" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Norton AntiVirus\nav95.isu" -c"C:\Program Files\Norton AntiVirus\NAVINS95.DLL"

LiveReg (Symantec Corporation) 2.1.5.1502 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE
publisher: Symantec Corporation

Rescue Disk (Norton Rescue)

DivX Player 2.1 (DivX Player)
uninstall cmd: C:\Program Files\DivX\DivX Player 2.1\uninstall.bat

DivX Codec (DivX Codec)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log

Paint Shop Pro 7 ESD 7.0.0.0000 ({D6DE02C7-1F47-11D4-9515-00105AE4B89A})
version: 117440512
version (major): 7
estimated size: 138767
install date: 20030729
install source: c:\windows\TEMP\_is62F3\
uninstall cmd: MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
publisher: Jasc Software Inc
comments: Paint Shop Pro 7
help link: http://www.jasc.com
help telephone: 952-930-9171
readme: c:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Readme.doc

AOL (Choose which version to remove) (America Online ca)
uninstall cmd: C:\Program Files\Common Files\aolshare\Aolunins_ca.exe

(InstallShield Uninstall Information)

Microsoft PowerPoint Viewer 97 (PPTView97)
uninstall cmd: C:\Program Files\PowerPoint Viewer\setup\setup.exe

Microsoft Office 2000 Premium 9.00.2720 ({00000409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 549665
install date: 20031106
install source: E:\
uninstall cmd: MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: c:\Program Files\Microsoft Office\Office\ofread9.txt

Japanese Language Support (JAIELangPack)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall

Java 2 SDK, SE v1.4.2 1.4.2 ({35A3A4F4-B792-11D6-A78A-00B0D0142000})
version: 17039362
version (major): 1
version (minor): 4
estimated size: 160768
install date: 20040101
install source: C:\WINDOWS\Local Settings\Application Data\{35A3A4F2-B792-11D6-A78A-00B0D0142000}\
uninstall cmd: MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142000}
publisher: Sun Microsystems, Inc.
comments: no comments
contact: http://java.sun.com
help link: http://java.sun.com
help telephone: http://java.sun.com

LiveUpdate 2.0 (Symantec Corporation) 2.0.39.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Adobe Download Manager 1.2 (Remove Only) (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

MSN Messenger 6.1 6.1.0211 ({ABEB838C-A1A7-4C5D-B7E1-8B4314600211})
version: 100729043
version (major): 6
version (minor): 1
estimated size: 9636
install date: 20040409
install source: c:\windows\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}
publisher: Microsoft Corporation

Ad-aware 6 Personal 6.0.1.181 Personal (Ad-aware 6 Personal)
uninstall cmd: C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavahelp.com

XviD MPEG-4 Video Codec XviD-1.0-05042004 (XviD_is1)
uninstall cmd: "C:\Program Files\XviD\unins000.exe"
publisher: XviD Team (Koepi)
help link: http://forum.doom9.o...p?s=&forumid=52

Java 2 Runtime Environment, SE v1.4.2_04 1.4.2_04 ({7148F0A8-6813-11D6-A77B-00B0D0142040})
version (major): 1
version (minor): 4
estimated size: 221121
install date: 20040612
install source: http://java.sun.com/...5/windows-i586/
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt

WildTangent Web Driver (WildTangent CDA)
uninstall cmd: C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe

Relaxing Ocean Screen Saver (Relaxing Ocean)
uninstall cmd: C:\WINDOWS\SYSTEM\Relaxing Ocean.scr /u

(IEData)

(IE4Data)

(VGX)

Windows 98 Q823559 Update (Q823559)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\QFE\W98.SE\823559UN.INF

Spybot - Search & Destroy 1.3 1.3 (Spybot - Search & Destroy_is1)
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

#29 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 16 July 2004 - 04:48 PM

Just to update...I just checked start>run>msconfig>startup, there is a checkmark next to C:\Windows\system\fonts\system\explorer\mru\smss.exe
should I remove the checkmark? Also, how do I delete some of the listings on there that are no longer being used... for example I never had TV media and there is a listing for it there. Does that mean it is still present on my computer. Thanks.

#30 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 16 July 2004 - 07:52 PM

Hi,

a folder in the C:\Windows called Kdx and winsxs.

I have no idea exactly what those folders are.
Microsoft does use "Winsxs" but not usually on Win98 ...

there is a checkmark next to C:\Windows\system\fonts\system\explorer\mru\smss.exe

It's not showing up in your log ...
You may need to edit the Registry manually by searching on:
C:\Windows\system\fonts\system\explorer\mru\smss.exe

Do the same for: TV media
However Ad-Aware and\or SpyBot should pick those up ...

The uninstall and HijackThis log look clean now ... :wave:
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#31 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 17 July 2004 - 12:49 AM

Hi,

a folder in the C:\Windows called Kdx and winsxs.

I have no idea exactly what those folders are.
Microsoft does use "Winsxs" but not usually on Win98 ...
I will leave those folders alone then.

there is a checkmark next to C:\Windows\system\fonts\system\explorer\mru\smss.exe

It's not showing up in your log ...
You may need to edit the Registry manually by searching on:
C:\Windows\system\fonts\system\explorer\mru\smss.exe
I tried searching for it but it does not show up. Should I just remove the checkmark?

Do the same for: TV media
I did find a folder called bsx32 in my C:\ and it has a lot of different files in them that might look like spyware but am not sure. Should I delete it or move it to the Junk folder?

However Ad-Aware and\or SpyBot should pick those up ...
I had many spyware attacks and they mostly got rid of them but it is still showing up on my msconfig startup list so I was just wondering if it is still present on my computer.

The uninstall and HijackThis log look clean now ... :wave:

Woo Hoo! :) Thank you for your continuing help.

#32 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 17 July 2004 - 12:52 AM

I just did a quick scan with HijackThis and it seems that one of the problems is back...

Logfile of HijackThis v1.97.7
Scan saved at 1:52:01 AM, on 7/17/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8179.9264351852

Should I just put the checkmark next to it and "fix" the problem again?

Edited by ConfusedMonkey, 17 July 2004 - 12:53 AM.


#33 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 17 July 2004 - 04:02 AM

Hi,
Close all open windows, rescan with HijackThis
Place a check in each of the following then click "Fix checked".

O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\SYSTEM\fonts\system\explorer\mru\smss.exe

Then reboot, on restart, Restart in Ms-Dos Mode
From C:\> (type and press Enter after each command)

cd\windows
smartdrv
deltree tempor~1
deltree history
deltree temp
cd\windows\system\fonts\system\explorer\mru
deltree mru


Restart (Ctrl-Alt-Del)

Note: "deltree" will prompt you about deleting, answer (Y) yes

Download Posted Image HijackThis! 1.98
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#34 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 17 July 2004 - 02:09 PM

Do the same for: TV media

I did find a folder called bsx32 in my C:\ and it has a lot of different files in them that might look like spyware but am not sure. Should I delete it or move it to the Junk folder?

However Ad-Aware and\or SpyBot should pick those up ...

I had many spyware attacks and they mostly got rid of them but it is still showing up on my msconfig startup list so I was just wondering if it is still present on my computer.
____________________________________________________________

I did as the above says but when I tried to type in cd\windows\system\fonts\system\explorer\mru it said invalid directory
then I tried it without the mru and typed in deltree mru but it did not prompt me about deleting.

Here is my updated HijackThis Log...
Logfile of HijackThis v1.98.0
Scan saved at 3:07:45 PM, on 7/17/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O21 - SSODL: URLREWIN - {CA2DB500-5ECF-11D2-B28F-0080C8383C7B} - C:\WINDOWS\SYSTEM\shmswnrc.dll

In the previous logs I have never seen this entry. Should it be removed? Thanks. :)

#35 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 17 July 2004 - 03:17 PM

Hi,

In the previous logs I have never seen this entry.

HijackThis 1.98 detects a few more entries ...

Spector is perhaps the most powerful and common spyware. It adds several files to the C:\Windows\System directory, including mswnsrvx.cnt, mswnsrvx.exe, mswnsrvx.hlp, shmswnmp.dll, and shmswnrc.dll (all of these are hidden files). The easiest way to determine whether you are under surveillance by Spector is to check for the C:\Windows\System\WebExt directory, which contains files with names like "4F0BF6D8.TPS." There may also be a master log file called "_MSFILEA.TXT", which shows when each capture file starts. The WebExt directory isn't hidden, but it can be changed to another name to make it harder to detect.
http://faculty.ncwc....6/426lect15.htm
http://www.pcworld.c...863,pg,8,00.asp


Close all open windows and browsers, rescan with HijackThis.
Place a check in each of the following then click "Fix checked".

O21 - SSODL: URLREWIN - {CA2DB500-5ECF-11D2-B28F-0080C8383C7B} - C:\WINDOWS\SYSTEM\shmswnrc.dll

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

Open Windows Explorer to C:\Windows\Temp
Completely delete the entire contents of that "temp" folder.

Open Windows Explorer locate and delete the following:

C:\WINDOWS\SYSTEM\shmswnrc.dll <--this file

While still in Safe Mode ...
Then "move" those files from "bsx32" to C:\Junk

Then check for (delete) any other existing file from "Spector" mentioned above.

Also does this folder still exist?
C:\windows\system\fonts\system\explorer\mru

After the above, reboot, rescan with HijackThis and post a fresh log ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#36 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 17 July 2004 - 05:39 PM

Okay, I found and deleted mswnsrvx.cnt, mswnsrvx.exe, mswnsrvx.hlp, shmswnmp.dll, shmswnrc.dll (they are still in my recycling bin because I forgot to empty out while in safe mode, should I go back to safe mode and empty my recycling bin?) Also I found 2 copies of "_MSFILEA.TXT", should I delete both? One was found in C:\Windows\System\ieext (should I delete the entire folder)? The other copy was found in C:\My Music\Spector and inside the folder there are multiple .spt files (Rasmol script files) should I delete everything in the folder? Also, I moved all of the files from bsx32 to junk and will leave it there for 30 days, if no troubles arise it is safe to delete, right? Is it better if I just save the folder junk on a CD-RW and delete them all of my computer? I was unable to locate the folder C:\Windows\System\Fonts\System\Explore\mru.

Here is my updated HijackThis log...
Logfile of HijackThis v1.98.0
Scan saved at 6:39:45 PM, on 7/17/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab

#37 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 17 July 2004 - 09:10 PM

Hi,
Delete:
C:\Windows\System\ieext <--this folder
C:\My Music\Spector <--this folder
_MSFILEA.TXT <--this file

Then empty the Recycle Bin

Is it better if I just save the folder junk on a CD-RW and delete them

You can just delete the contents of C:\Junk after a while.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#38 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 17 July 2004 - 10:11 PM

Here is my newest HijackThis Log. Since I started getting help from this forum my computer has started to run a lot faster. I had a little bit of trouble following the last set of directions given because I restarted and went into safe mode but when I started to delete some of the files I lost control of the mouse. To specify, whenever I would just move the mouse it would start to left-click and right-click on the icons on my desktop, so I continued by using the keyboard. The only files I deleted while not in safe mode was C:\My Music\Spector. I hope this is okay. Would you like me to post my uninstall info log from spybot? Also, are there any files I can download to prevent this from happening again? Thank you very much for your help and I hope this log brings better news. :)

Logfile of HijackThis v1.98.0
Scan saved at 11:07:29 PM, on 7/17/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=1009 (file missing)O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab

For all of them that say file missing in brackets, should they be deleted? Also, what are the 016's? Can the be deleted to free up more resources on my computer? Thanks :)

Edited by ConfusedMonkey, 17 July 2004 - 10:13 PM.


#39 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 18 July 2004 - 01:38 AM

Just to update, I have installed IE-SPYADS, SpywareBlaster and Browser Hijack Blaster after reading the recommendations on this website. Do I have to run Browser Hijack Blaster on my taskbar in order for it to work? Also, I just re-checked my C:\ and the folder .netbeans is back and I also have some new files (including hidden files) that I am not sure about.

C:\
Bootlog.prv (hidden)
bootlog.txt (hidden)
Config.sys
detlog.txt (hidden)
drvspace.bin (hidden)
lo.sys (hidden)
jswx.log
logo.sys
Msdos.--- (hidden)
Msdos.sys (hidden)
npdrmv2.dll
npdsplay.dll
npwmsdrm.dll
perform.log
videorom.bin (hidden)

This is after moving the previous files to the C:\Junk folder.

#40 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 18 July 2004 - 01:44 AM

After all the installations I tried to run HijackThis and the program kept freezing at 015 - Trusted Zone Enumeration. I will reboot my computer in a while and see if the problem goes away.

#41 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 18 July 2004 - 02:50 AM

Hi,

Do I have to run Browser Hijack Blaster on my taskbar in order for it to work

I have no idea as I've never used it.
Try using their Support Forum: http://www.wilderssecurity.com/

I just re-checked my C:\ and the folder .netbeans is back

I have no idea what that folder is or what is creating it ...

I also have some new files (including hidden files)

All those files are fine, most are (MS) files.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#42 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 18 July 2004 - 12:21 PM

I restarted my computer and I am unable to scan using HijackThis anymore because the program keeps freezing at the point in the scan 015 - Trusted Zone Enumeration. What should I do?

#43 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 18 July 2004 - 12:25 PM

I reinstalled the program and it is working now.

#44 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 18 July 2004 - 12:28 PM

Logfile of HijackThis v1.98.0
Scan saved at 1:26:42 PM, on 7/18/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNDAL.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab

Why are there so many things with file missing in brackets following? Should I delete those files? Also what are the O16's? Are they needed by my computer or is it safe to delete it to speed up my computer a little more? Thanks.

#45 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 18 July 2004 - 12:49 PM

Hi,
Your log is clean ... same as it was the last 3 times.

Why are there so many things with file missing in brackets following?

That's just the way the new HijackThis detects things, they are not really missing ...

Also what are the O16's

O16 - ActiveX Objects (aka Downloaded Program Files)
http://www.spywarein...ogtutorial.html

No, deleting them will not speed up your computer ... :wave:
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#46 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 18 July 2004 - 01:10 PM

Your log is clean ... same as it was the last 3 times.

Just making sure because of the .netbeans folder reappearing.

Thank you for all of your help and patience. :D :wave:

#47 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 25 July 2004 - 12:17 AM

Logfile of HijackThis v1.98.0
Scan saved at 1:16:39 AM, on 7/25/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\SYMPATICO HIGH SPEED EDITION\ACCESS MANAGER\APP\ACCESSMANAGER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab

I am getting a message at startup that states that I already have an updated version of iexplore.exe. Should I "Fix" this entry in my HijackThis log?

#48 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 25 July 2004 - 03:04 AM

Hi,
Looks like you are infected again ...

Close all open windows and browsers, rescan with HijackThis.
Place a check in each of the following then click "Fix checked".

O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe


Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

Open Windows Explorer to C:\Windows\Temp
Completely delete the entire contents of that "temp" folder.

Open Windows Explorer locate and delete the following:

C:\WINDOWS\iexplore.exe <--this file

After the above, reboot, rescan with HijackThis and post a fresh log ...

I would suggest adding some "Defense" to your system ...
Posted Image How To: Prevent this from happening again?
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#49 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 25 July 2004 - 04:18 PM

Here is the new log. I am currently in the process of adding some "defense" but I already have spyware blaster and it didn't seem to help.

Logfile of HijackThis v1.98.0
Scan saved at 5:16:54 PM, on 7/25/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\DOWNLOAD FILES\OTHER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=1009
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ticketmaster.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .pdf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...kII/install.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw7fd.law7.ho...ex/HMAtchmt.ocx
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/do...py/iesnoopy.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...253/mcfscan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab

#50 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 25 July 2004 - 04:21 PM

Just an additional question. I was in the process of installing the Hosts file and it asked if I would like to re-write the previous file. Do I click yes?


*Edit: I clicked yes to replace the file with the new version.

Edited by ConfusedMonkey, 25 July 2004 - 04:23 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!