• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
bmorton

Browser Redirected

17 posts in this topic

I have run all the spy software available (adware, spybot, cwshredder, coolwebsclear, kill2me). Also have cleared files with ccleaner.

 

Here are the symptoms:

 

1. Browser home page being modified every time I go into and out of IE and at system startup. AD WATCH is catching this. However, other symptoms continue.

The site it is currently setting is "res://hchoa.dll/indes/htm#37049". Another site (I did not document) was being set prior to using ADWARE. Since adware this is the setting.

2. ADWARE shows hchoa.dll is suspect. I remove it but it comes back

2. Accessing site really becomes slow until entire system hangs

3. Some occasions IE starts spawning quite a few Explorer processes that start with "Searching for ...."

 

Ran highjack this log is as follows:

 

Logfile of HijackThis v1.98.0

Scan saved at 5:10:39 PM, on 7/27/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE

C:\WINDOWS\SYSTEM\HPZIPM12.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\D3SN.EXE

C:\IE UTILITIES\HIJACKTHIS\HIJACKTHIS.EXE

C:\PROGRAM FILES\MSOFFICE\OFFICE\WINWORD.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://hchoa.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://hchoa.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://hchoa.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;;localhost;<local>

R3 - Default URLSearchHook is missing

O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL (file missing)

O2 - BHO: Invisible Class - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C:\WINDOWS\SYSTEM\VEG32.DLL (file missing)

O2 - BHO: (no name) - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - (no file)

O2 - BHO: Anonymizer Core Browser Helper Object - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\PROGRAM FILES\ANONYMIZER\CORE\ANONYMIZER.DLL (file missing)

O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRAM FILES\ALADDIN SYSTEMS\INTERNET CLEANUP\POPFILTR.DLL (file missing)

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\APPLICATION DATA\IEQI\IEQI.DLL (file missing)

O2 - BHO: Class - {FC8FA69B-FBF5-C176-1082-0905AB77E3AF} - C:\WINDOWS\SYSTEM\WINYR.DLL (file missing)

O2 - BHO: ì6Ë’7=9?ë>+ÚðÎ@ - Data - (no file)

O2 - BHO: Class - {CC0CF1A3-63B9-E911-72FC-7746570414B2} - C:\WINDOWS\SYSTEM\MFCGG.DLL (file missing)

O2 - BHO: Class - {1CBAA6B1-D64E-A9DE-F1C9-853D1F9FC732} - C:\WINDOWS\SYSTEM\APPJK32.DLL (file missing)

O2 - BHO: Class - {FA991F0E-1BD9-6EAD-EFEC-2317207D5E37} - C:\WINDOWS\APIVF32.DLL (file missing)

O2 - BHO: Class - {75C0CE90-77B0-474A-9042-569FE1520654} - C:\WINDOWS\SYSTEM\WINBV.DLL (file missing)

O2 - BHO: Class - {E436CD32-AE4D-738A-E06E-D227AC75B577} - C:\WINDOWS\APIKB32.DLL (file missing)

O2 - BHO: Class - {EC2CF18F-71F2-5369-7AA5-B038B7715F1A} - C:\WINDOWS\SYSTEM\ADDYO.DLL (file missing)

O2 - BHO: Class - {877B338B-0B25-FB35-72B8-272EF3FF6CDC} - C:\WINDOWS\WINMW32.DLL (file missing)

O2 - BHO: Class - {587707A9-FC34-782E-821D-EE35D04D6F9D} - C:\WINDOWS\ADDCT.DLL (file missing)

O2 - BHO: Class - {A36795B7-C66F-30E1-24FB-CE2A8EB3E7E1} - C:\WINDOWS\SYSTEM\SDKSH32.DLL (file missing)

O2 - BHO: Class - {06C29B2B-EEBB-14DC-0A66-F0ED8226BB00} - C:\WINDOWS\SYSTEM\MFCWB.DLL (file missing)

O2 - BHO: Class - {AAF49E2D-5238-7996-454E-F46EB882598D} - C:\WINDOWS\SYSTEM\D3SC.DLL (file missing)

O2 - BHO: Class - {617458C6-6E17-07E1-3E8F-4F74E109BF8F} - C:\WINDOWS\NETGZ32.DLL (file missing)

O2 - BHO: Class - {848DC661-460C-1759-2257-AF74EE2D55E8} - C:\WINDOWS\SYSTEM\WINIP32.DLL (file missing)

O2 - BHO: Class - {99DA5AB8-7087-E065-9435-7E1E655BB58E} - C:\WINDOWS\SYSTEM\APIZU.DLL (file missing)

O2 - BHO: Class - {1E8A5464-4ACA-194D-5E29-E07DCDD5972E} - C:\WINDOWS\SYSTEM\D3SB.DLL (file missing)

O2 - BHO: Class - {0CFC42C2-E994-BF8E-9D53-9FBECF61038E} - C:\WINDOWS\SYSTEM\D3QW32.DLL (file missing)

O2 - BHO: Class - {FA4788F1-4822-A986-4D3E-44B435C19A9C} - C:\WINDOWS\WINAQ32.DLL (file missing)

O2 - BHO: Class - {A460D84A-E7E5-234E-7E11-AFF0CC22C181} - C:\WINDOWS\SYSTEM\MFCDL.DLL (file missing)

O2 - BHO: Class - {4F50B7F2-A038-D4A8-1978-9247661F76F7} - C:\WINDOWS\SYSTEM\ADDCZ32.DLL (file missing)

O2 - BHO: Class - {5B571395-D542-0087-653F-7C09A44F7F9B} - C:\WINDOWS\APPIO32.DLL (file missing)

O2 - BHO: Class - {B1EC0AC1-B601-E3C9-0088-A958BCC19DD7} - C:\WINDOWS\ATLGS.DLL (file missing)

O2 - BHO: Class - {5C0DA137-C7E7-0030-01E6-36822B1A2293} - C:\WINDOWS\SYSTEM\APPKA32.DLL (file missing)

O2 - BHO: Class - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - C:\WINDOWS\NTZX32.DLL (file missing)

O2 - BHO: Class - {0A8CC5AD-6CB8-94A8-FEF2-BEB1C9592B9F} - C:\WINDOWS\ADDDE.DLL (file missing)

O2 - BHO: Class - {46BCC53C-16A6-B232-32BE-A6A734001028} - C:\WINDOWS\SYSTEM\SDKNO.DLL (file missing)

O2 - BHO: Class - {319AAF29-5AF7-424D-A2BF-652F766BFD22} - C:\WINDOWS\MSEF.DLL (file missing)

O2 - BHO: Class - {A18BBD1A-155E-061F-CEC3-1D1D0FD001AD} - C:\WINDOWS\SYSXL32.DLL

O2 - BHO: Class - {014AA13A-49F9-5D06-3090-AFE8A6A99EB3} - C:\WINDOWS\SYSTEM\D3UW.DLL (file missing)

O2 - BHO: Class - {58A3B827-E558-6A95-E4CB-C1818FB35C24} - C:\WINDOWS\SYSTEM\D3OY.DLL (file missing)

O2 - BHO: Class - {0E04E44F-DABB-A3E6-D044-F99125738982} - C:\WINDOWS\SYSTEM\MFCVU.DLL (file missing)

O2 - BHO: Class - {2622A7EE-A486-8EBC-94F7-84B63486BC92} - C:\WINDOWS\SYSTEM\MSNM.DLL (file missing)

O2 - BHO: Class - {4B034615-6EB7-64E3-324F-7E2D83C47C51} - C:\WINDOWS\SYSTEM\IPAL.DLL (file missing)

O2 - BHO: Class - {72A39AEF-DD4E-4E16-F75A-38EC18D3FF84} - C:\WINDOWS\SYSTEM\APPCH32.DLL (file missing)

O2 - BHO: Class - {055BB011-24C0-044F-1AC2-0DD6BE5F0059} - C:\WINDOWS\WINJK.DLL (file missing)

O2 - BHO: Class - {8008A5E4-E7E0-D626-819E-2CABC19B791F} - C:\WINDOWS\SYSXL32.DLL

O2 - BHO: Class - {4A515210-1CD0-C708-D58B-235E88247714} - C:\WINDOWS\SYSXL32.DLL

O2 - BHO: Class - {180FCABA-EF31-938C-9338-3DC66EBCF1D1} - C:\WINDOWS\SYSXL32.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)

O2 - BHO: Class - {199374E3-93D9-A3DC-ECFD-83B509626878} - C:\WINDOWS\SYSXL32.DLL

O2 - BHO: Class - {FF1366ED-9E07-B33B-4476-0FAE65FC41AE} - C:\WINDOWS\SYSXL32.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Ad-watch] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\Ad-watch.exe"

O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MFCEE32.EXE] C:\WINDOWS\MFCEE32.EXE

O4 - HKLM\..\RunServices: [D3SN.EXE] C:\WINDOWS\D3SN.EXE

O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Startup: hp instant support.lnk = c:\Program Files\Hewlett-Packard\hpis\bin\mpbtn.exe

O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}\NewShortcut1.exe

O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O18 - Protocol: pcn - {D540F040-F3D9-11D0-95BE-00C04FD93CA5} - C:\PROGRAM FILES\ENCOMPASS\V1MK.DLL

Edited by bmorton

Share this post


Link to post
Share on other sites

Help!!!!! Things are getting really bad. Cannot use my system for more then 20 minutes. "Serach" windows are being spawned (dozens) and eventually everything hangs.

 

Here is a latest log

 

Logfile of HijackThis v1.98.0

Scan saved at 9:23:04 AM, on 7/30/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE

C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE

C:\WINDOWS\SYSTEM\HPZIPM12.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\D3SN.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\IE UTILITIES\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;;localhost;<local>

R3 - Default URLSearchHook is missing

O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL (file missing)

O2 - BHO: Invisible Class - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C:\WINDOWS\SYSTEM\VEG32.DLL (file missing)

O2 - BHO: (no name) - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - (no file)

O2 - BHO: Anonymizer Core Browser Helper Object - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\PROGRAM FILES\ANONYMIZER\CORE\ANONYMIZER.DLL (file missing)

O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRAM FILES\ALADDIN SYSTEMS\INTERNET CLEANUP\POPFILTR.DLL (file missing)

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\APPLICATION DATA\IEQI\IEQI.DLL (file missing)

O2 - BHO: Class - {FC8FA69B-FBF5-C176-1082-0905AB77E3AF} - C:\WINDOWS\SYSTEM\WINYR.DLL (file missing)

O2 - BHO: ì6Ë’7=9?ë>+ÚðÎ@ - Data - (no file)

O2 - BHO: Class - {CC0CF1A3-63B9-E911-72FC-7746570414B2} - C:\WINDOWS\SYSTEM\MFCGG.DLL (file missing)

O2 - BHO: Class - {1CBAA6B1-D64E-A9DE-F1C9-853D1F9FC732} - C:\WINDOWS\SYSTEM\APPJK32.DLL (file missing)

O2 - BHO: Class - {FA991F0E-1BD9-6EAD-EFEC-2317207D5E37} - C:\WINDOWS\APIVF32.DLL (file missing)

O2 - BHO: Class - {75C0CE90-77B0-474A-9042-569FE1520654} - C:\WINDOWS\SYSTEM\WINBV.DLL (file missing)

O2 - BHO: Class - {E436CD32-AE4D-738A-E06E-D227AC75B577} - C:\WINDOWS\APIKB32.DLL (file missing)

O2 - BHO: Class - {EC2CF18F-71F2-5369-7AA5-B038B7715F1A} - C:\WINDOWS\SYSTEM\ADDYO.DLL (file missing)

O2 - BHO: Class - {877B338B-0B25-FB35-72B8-272EF3FF6CDC} - C:\WINDOWS\WINMW32.DLL (file missing)

O2 - BHO: Class - {587707A9-FC34-782E-821D-EE35D04D6F9D} - C:\WINDOWS\ADDCT.DLL (file missing)

O2 - BHO: Class - {A36795B7-C66F-30E1-24FB-CE2A8EB3E7E1} - C:\WINDOWS\SYSTEM\SDKSH32.DLL (file missing)

O2 - BHO: Class - {06C29B2B-EEBB-14DC-0A66-F0ED8226BB00} - C:\WINDOWS\SYSTEM\MFCWB.DLL (file missing)

O2 - BHO: Class - {AAF49E2D-5238-7996-454E-F46EB882598D} - C:\WINDOWS\SYSTEM\D3SC.DLL (file missing)

O2 - BHO: Class - {617458C6-6E17-07E1-3E8F-4F74E109BF8F} - C:\WINDOWS\NETGZ32.DLL (file missing)

O2 - BHO: Class - {848DC661-460C-1759-2257-AF74EE2D55E8} - C:\WINDOWS\SYSTEM\WINIP32.DLL (file missing)

O2 - BHO: Class - {99DA5AB8-7087-E065-9435-7E1E655BB58E} - C:\WINDOWS\SYSTEM\APIZU.DLL (file missing)

O2 - BHO: Class - {1E8A5464-4ACA-194D-5E29-E07DCDD5972E} - C:\WINDOWS\SYSTEM\D3SB.DLL (file missing)

O2 - BHO: Class - {0CFC42C2-E994-BF8E-9D53-9FBECF61038E} - C:\WINDOWS\SYSTEM\D3QW32.DLL (file missing)

O2 - BHO: Class - {FA4788F1-4822-A986-4D3E-44B435C19A9C} - C:\WINDOWS\WINAQ32.DLL (file missing)

O2 - BHO: Class - {A460D84A-E7E5-234E-7E11-AFF0CC22C181} - C:\WINDOWS\SYSTEM\MFCDL.DLL (file missing)

O2 - BHO: Class - {4F50B7F2-A038-D4A8-1978-9247661F76F7} - C:\WINDOWS\SYSTEM\ADDCZ32.DLL (file missing)

O2 - BHO: Class - {5B571395-D542-0087-653F-7C09A44F7F9B} - C:\WINDOWS\APPIO32.DLL (file missing)

O2 - BHO: Class - {B1EC0AC1-B601-E3C9-0088-A958BCC19DD7} - C:\WINDOWS\ATLGS.DLL (file missing)

O2 - BHO: Class - {5C0DA137-C7E7-0030-01E6-36822B1A2293} - C:\WINDOWS\SYSTEM\APPKA32.DLL (file missing)

O2 - BHO: Class - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - C:\WINDOWS\NTZX32.DLL (file missing)

O2 - BHO: Class - {0A8CC5AD-6CB8-94A8-FEF2-BEB1C9592B9F} - C:\WINDOWS\ADDDE.DLL (file missing)

O2 - BHO: Class - {46BCC53C-16A6-B232-32BE-A6A734001028} - C:\WINDOWS\SYSTEM\SDKNO.DLL (file missing)

O2 - BHO: Class - {319AAF29-5AF7-424D-A2BF-652F766BFD22} - C:\WINDOWS\MSEF.DLL (file missing)

O2 - BHO: Class - {A18BBD1A-155E-061F-CEC3-1D1D0FD001AD} - C:\WINDOWS\SYSXL32.DLL

O2 - BHO: Class - {014AA13A-49F9-5D06-3090-AFE8A6A99EB3} - C:\WINDOWS\SYSTEM\D3UW.DLL (file missing)

O2 - BHO: Class - {58A3B827-E558-6A95-E4CB-C1818FB35C24} - C:\WINDOWS\SYSTEM\D3OY.DLL (file missing)

O2 - BHO: Class - {0E04E44F-DABB-A3E6-D044-F99125738982} - C:\WINDOWS\SYSTEM\MFCVU.DLL (file missing)

O2 - BHO: Class - {2622A7EE-A486-8EBC-94F7-84B63486BC92} - C:\WINDOWS\SYSTEM\MSNM.DLL (file missing)

O2 - BHO: Class - {4B034615-6EB7-64E3-324F-7E2D83C47C51} - C:\WINDOWS\SYSTEM\IPAL.DLL (file missing)

O2 - BHO: Class - {72A39AEF-DD4E-4E16-F75A-38EC18D3FF84} - C:\WINDOWS\SYSTEM\APPCH32.DLL (file missing)

O2 - BHO: Class - {055BB011-24C0-044F-1AC2-0DD6BE5F0059} - C:\WINDOWS\WINJK.DLL (file missing)

O2 - BHO: Class - {8008A5E4-E7E0-D626-819E-2CABC19B791F} - C:\WINDOWS\SYSXL32.DLL

O2 - BHO: Class - {4A515210-1CD0-C708-D58B-235E88247714} - C:\WINDOWS\SYSXL32.DLL

O2 - BHO: Class - {180FCABA-EF31-938C-9338-3DC66EBCF1D1} - C:\WINDOWS\SYSXL32.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)

O2 - BHO: Class - {199374E3-93D9-A3DC-ECFD-83B509626878} - C:\WINDOWS\SYSXL32.DLL

O2 - BHO: Class - {FF1366ED-9E07-B33B-4476-0FAE65FC41AE} - C:\WINDOWS\SYSXL32.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Ad-watch] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\Ad-watch.exe"

O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MFCEE32.EXE] C:\WINDOWS\MFCEE32.EXE

O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Startup: hp instant support.lnk = c:\Program Files\Hewlett-Packard\hpis\bin\mpbtn.exe

O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}\NewShortcut1.exe

O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O18 - Protocol: pcn - {D540F040-F3D9-11D0-95BE-00C04FD93CA5} - C:\PROGRAM FILES\ENCOMPASS\V1MK.DLL

Share this post


Link to post
Share on other sites

hey

 

Go here http://www.downloads.subratam.org/AboutBuster.zip unzip to the desktop.

 

Reboot into safe mode by tapping F8 while it' booting. Open up about:buster. Read the directions. Then click OK..Click update and look for an update, if there's one, download it. Then click scan, save the log from each scan of course, it'll scan twice. When done, boot back into normal mode, post both about:buster logs and a new hijackthis log.

Share this post


Link to post
Share on other sites

Thanks for the help

 

Ran AboutBuster log:

-- Scan 1 --------

About:Buster Version 2.0

Removed! : C:\WINDOWS\qrghav.dat

Removed! : C:\WINDOWS\d3sn.exe

Removed! : C:\WINDOWS\hchoa.dat

Removed! : C:\WINDOWS\hchoa.dll

Removed! : C:\WINDOWS\ezeewz.dat

Removed! : C:\WINDOWS\urdtm.dat

Removed! : C:\WINDOWS\gzoan.dat

Removed! : C:\WINDOWS\sysxl32.dll

Removed! : C:\WINDOWS\d3dx.exe

Removed! : C:\WINDOWS\addou32.exe

Removed! : C:\WINDOWS\n_uqzasb.dat

Removed! : C:\WINDOWS\jrfjw.dat

Removed! : C:\WINDOWS\pkbnr.dat

Removed! : C:\WINDOWS\SYSTEM\shhbs.dat

Removed! : C:\WINDOWS\SYSTEM\addlj.exe

Removed! : C:\WINDOWS\SYSTEM\apiiy.exe

Removed! : C:\WINDOWS\SYSTEM\ronbo.dat

Removed! : C:\WINDOWS\SYSTEM\pdopb.dat

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

-- Scan 2 --------

About:Buster Version 2.0

Attempted Clean Of Temp folder.

Pages Reset... Done!

 

Highjack log now:

Logfile of HijackThis v1.98.0

Scan saved at 11:21:04 AM, on 7/30/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE

C:\WINDOWS\SYSTEM\HPZIPM12.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\IE UTILITIES\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;;localhost;<local>

R3 - Default URLSearchHook is missing

O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL (file missing)

O2 - BHO: Invisible Class - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C:\WINDOWS\SYSTEM\VEG32.DLL (file missing)

O2 - BHO: (no name) - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - (no file)

O2 - BHO: Anonymizer Core Browser Helper Object - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\PROGRAM FILES\ANONYMIZER\CORE\ANONYMIZER.DLL (file missing)

O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRAM FILES\ALADDIN SYSTEMS\INTERNET CLEANUP\POPFILTR.DLL (file missing)

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\APPLICATION DATA\IEQI\IEQI.DLL (file missing)

O2 - BHO: Class - {FC8FA69B-FBF5-C176-1082-0905AB77E3AF} - C:\WINDOWS\SYSTEM\WINYR.DLL (file missing)

O2 - BHO: ì6Ë’7=9?ë>+ÚðÎ@ - Data - (no file)

O2 - BHO: Class - {CC0CF1A3-63B9-E911-72FC-7746570414B2} - C:\WINDOWS\SYSTEM\MFCGG.DLL (file missing)

O2 - BHO: Class - {1CBAA6B1-D64E-A9DE-F1C9-853D1F9FC732} - C:\WINDOWS\SYSTEM\APPJK32.DLL (file missing)

O2 - BHO: Class - {FA991F0E-1BD9-6EAD-EFEC-2317207D5E37} - C:\WINDOWS\APIVF32.DLL (file missing)

O2 - BHO: Class - {75C0CE90-77B0-474A-9042-569FE1520654} - C:\WINDOWS\SYSTEM\WINBV.DLL (file missing)

O2 - BHO: Class - {E436CD32-AE4D-738A-E06E-D227AC75B577} - C:\WINDOWS\APIKB32.DLL (file missing)

O2 - BHO: Class - {EC2CF18F-71F2-5369-7AA5-B038B7715F1A} - C:\WINDOWS\SYSTEM\ADDYO.DLL (file missing)

O2 - BHO: Class - {877B338B-0B25-FB35-72B8-272EF3FF6CDC} - C:\WINDOWS\WINMW32.DLL (file missing)

O2 - BHO: Class - {587707A9-FC34-782E-821D-EE35D04D6F9D} - C:\WINDOWS\ADDCT.DLL (file missing)

O2 - BHO: Class - {A36795B7-C66F-30E1-24FB-CE2A8EB3E7E1} - C:\WINDOWS\SYSTEM\SDKSH32.DLL (file missing)

O2 - BHO: Class - {06C29B2B-EEBB-14DC-0A66-F0ED8226BB00} - C:\WINDOWS\SYSTEM\MFCWB.DLL (file missing)

O2 - BHO: Class - {AAF49E2D-5238-7996-454E-F46EB882598D} - C:\WINDOWS\SYSTEM\D3SC.DLL (file missing)

O2 - BHO: Class - {617458C6-6E17-07E1-3E8F-4F74E109BF8F} - C:\WINDOWS\NETGZ32.DLL (file missing)

O2 - BHO: Class - {848DC661-460C-1759-2257-AF74EE2D55E8} - C:\WINDOWS\SYSTEM\WINIP32.DLL (file missing)

O2 - BHO: Class - {99DA5AB8-7087-E065-9435-7E1E655BB58E} - C:\WINDOWS\SYSTEM\APIZU.DLL (file missing)

O2 - BHO: Class - {1E8A5464-4ACA-194D-5E29-E07DCDD5972E} - C:\WINDOWS\SYSTEM\D3SB.DLL (file missing)

O2 - BHO: Class - {0CFC42C2-E994-BF8E-9D53-9FBECF61038E} - C:\WINDOWS\SYSTEM\D3QW32.DLL (file missing)

O2 - BHO: Class - {FA4788F1-4822-A986-4D3E-44B435C19A9C} - C:\WINDOWS\WINAQ32.DLL (file missing)

O2 - BHO: Class - {A460D84A-E7E5-234E-7E11-AFF0CC22C181} - C:\WINDOWS\SYSTEM\MFCDL.DLL (file missing)

O2 - BHO: Class - {4F50B7F2-A038-D4A8-1978-9247661F76F7} - C:\WINDOWS\SYSTEM\ADDCZ32.DLL (file missing)

O2 - BHO: Class - {5B571395-D542-0087-653F-7C09A44F7F9B} - C:\WINDOWS\APPIO32.DLL (file missing)

O2 - BHO: Class - {B1EC0AC1-B601-E3C9-0088-A958BCC19DD7} - C:\WINDOWS\ATLGS.DLL (file missing)

O2 - BHO: Class - {5C0DA137-C7E7-0030-01E6-36822B1A2293} - C:\WINDOWS\SYSTEM\APPKA32.DLL (file missing)

O2 - BHO: Class - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - C:\WINDOWS\NTZX32.DLL (file missing)

O2 - BHO: Class - {0A8CC5AD-6CB8-94A8-FEF2-BEB1C9592B9F} - C:\WINDOWS\ADDDE.DLL (file missing)

O2 - BHO: Class - {46BCC53C-16A6-B232-32BE-A6A734001028} - C:\WINDOWS\SYSTEM\SDKNO.DLL (file missing)

O2 - BHO: Class - {319AAF29-5AF7-424D-A2BF-652F766BFD22} - C:\WINDOWS\MSEF.DLL (file missing)

O2 - BHO: Class - {A18BBD1A-155E-061F-CEC3-1D1D0FD001AD} - C:\WINDOWS\SYSXL32.DLL (file missing)

O2 - BHO: Class - {014AA13A-49F9-5D06-3090-AFE8A6A99EB3} - C:\WINDOWS\SYSTEM\D3UW.DLL (file missing)

O2 - BHO: Class - {58A3B827-E558-6A95-E4CB-C1818FB35C24} - C:\WINDOWS\SYSTEM\D3OY.DLL (file missing)

O2 - BHO: Class - {0E04E44F-DABB-A3E6-D044-F99125738982} - C:\WINDOWS\SYSTEM\MFCVU.DLL (file missing)

O2 - BHO: Class - {2622A7EE-A486-8EBC-94F7-84B63486BC92} - C:\WINDOWS\SYSTEM\MSNM.DLL (file missing)

O2 - BHO: Class - {4B034615-6EB7-64E3-324F-7E2D83C47C51} - C:\WINDOWS\SYSTEM\IPAL.DLL (file missing)

O2 - BHO: Class - {72A39AEF-DD4E-4E16-F75A-38EC18D3FF84} - C:\WINDOWS\SYSTEM\APPCH32.DLL (file missing)

O2 - BHO: Class - {055BB011-24C0-044F-1AC2-0DD6BE5F0059} - C:\WINDOWS\WINJK.DLL (file missing)

O2 - BHO: Class - {8008A5E4-E7E0-D626-819E-2CABC19B791F} - C:\WINDOWS\SYSXL32.DLL (file missing)

O2 - BHO: Class - {4A515210-1CD0-C708-D58B-235E88247714} - C:\WINDOWS\SYSXL32.DLL (file missing)

O2 - BHO: Class - {180FCABA-EF31-938C-9338-3DC66EBCF1D1} - C:\WINDOWS\SYSXL32.DLL (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)

O2 - BHO: Class - {199374E3-93D9-A3DC-ECFD-83B509626878} - C:\WINDOWS\SYSXL32.DLL (file missing)

O2 - BHO: Class - {FF1366ED-9E07-B33B-4476-0FAE65FC41AE} - C:\WINDOWS\SYSXL32.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Ad-watch] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\Ad-watch.exe"

O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MFCEE32.EXE] C:\WINDOWS\MFCEE32.EXE

O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Startup: hp instant support.lnk = c:\Program Files\Hewlett-Packard\hpis\bin\mpbtn.exe

O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}\NewShortcut1.exe

O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O18 - Protocol: pcn - {D540F040-F3D9-11D0-95BE-00C04FD93CA5} - C:\PROGRAM FILES\ENCOMPASS\V1MK.DLL

Share this post


Link to post
Share on other sites

hey, open hijackthis, and fix the following with no browser windows open:

 

R3 - Default URLSearchHook is missing

O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL (file missing)

O2 - BHO: Invisible Class - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C:\WINDOWS\SYSTEM\VEG32.DLL (file missing)

O2 - BHO: (no name) - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - (no file)

O2 - BHO: Anonymizer Core Browser Helper Object - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\PROGRAM FILES\ANONYMIZER\CORE\ANONYMIZER.DLL (file missing)

O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRAM FILES\ALADDIN SYSTEMS\INTERNET CLEANUP\POPFILTR.DLL (file missing)

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\APPLICATION DATA\IEQI\IEQI.DLL (file missing)

O2 - BHO: Class - {FC8FA69B-FBF5-C176-1082-0905AB77E3AF} - C:\WINDOWS\SYSTEM\WINYR.DLL (file missing)

O2 - BHO: ì6Ë’7=9?ë>+ÚðÎ@ - Data - (no file)

O2 - BHO: Class - {CC0CF1A3-63B9-E911-72FC-7746570414B2} - C:\WINDOWS\SYSTEM\MFCGG.DLL (file missing)

O2 - BHO: Class - {1CBAA6B1-D64E-A9DE-F1C9-853D1F9FC732} - C:\WINDOWS\SYSTEM\APPJK32.DLL (file missing)

O2 - BHO: Class - {FA991F0E-1BD9-6EAD-EFEC-2317207D5E37} - C:\WINDOWS\APIVF32.DLL (file missing)

O2 - BHO: Class - {75C0CE90-77B0-474A-9042-569FE1520654} - C:\WINDOWS\SYSTEM\WINBV.DLL (file missing)

O2 - BHO: Class - {E436CD32-AE4D-738A-E06E-D227AC75B577} - C:\WINDOWS\APIKB32.DLL (file missing)

O2 - BHO: Class - {EC2CF18F-71F2-5369-7AA5-B038B7715F1A} - C:\WINDOWS\SYSTEM\ADDYO.DLL (file missing)

O2 - BHO: Class - {877B338B-0B25-FB35-72B8-272EF3FF6CDC} - C:\WINDOWS\WINMW32.DLL (file missing)

O2 - BHO: Class - {587707A9-FC34-782E-821D-EE35D04D6F9D} - C:\WINDOWS\ADDCT.DLL (file missing)

O2 - BHO: Class - {A36795B7-C66F-30E1-24FB-CE2A8EB3E7E1} - C:\WINDOWS\SYSTEM\SDKSH32.DLL (file missing)

O2 - BHO: Class - {06C29B2B-EEBB-14DC-0A66-F0ED8226BB00} - C:\WINDOWS\SYSTEM\MFCWB.DLL (file missing)

O2 - BHO: Class - {AAF49E2D-5238-7996-454E-F46EB882598D} - C:\WINDOWS\SYSTEM\D3SC.DLL (file missing)

O2 - BHO: Class - {617458C6-6E17-07E1-3E8F-4F74E109BF8F} - C:\WINDOWS\NETGZ32.DLL (file missing)

O2 - BHO: Class - {848DC661-460C-1759-2257-AF74EE2D55E8} - C:\WINDOWS\SYSTEM\WINIP32.DLL (file missing)

O2 - BHO: Class - {99DA5AB8-7087-E065-9435-7E1E655BB58E} - C:\WINDOWS\SYSTEM\APIZU.DLL (file missing)

O2 - BHO: Class - {1E8A5464-4ACA-194D-5E29-E07DCDD5972E} - C:\WINDOWS\SYSTEM\D3SB.DLL (file missing)

O2 - BHO: Class - {0CFC42C2-E994-BF8E-9D53-9FBECF61038E} - C:\WINDOWS\SYSTEM\D3QW32.DLL (file missing)

O2 - BHO: Class - {FA4788F1-4822-A986-4D3E-44B435C19A9C} - C:\WINDOWS\WINAQ32.DLL (file missing)

O2 - BHO: Class - {A460D84A-E7E5-234E-7E11-AFF0CC22C181} - C:\WINDOWS\SYSTEM\MFCDL.DLL (file missing)

O2 - BHO: Class - {4F50B7F2-A038-D4A8-1978-9247661F76F7} - C:\WINDOWS\SYSTEM\ADDCZ32.DLL (file missing)

O2 - BHO: Class - {5B571395-D542-0087-653F-7C09A44F7F9B} - C:\WINDOWS\APPIO32.DLL (file missing)

O2 - BHO: Class - {B1EC0AC1-B601-E3C9-0088-A958BCC19DD7} - C:\WINDOWS\ATLGS.DLL (file missing)

O2 - BHO: Class - {5C0DA137-C7E7-0030-01E6-36822B1A2293} - C:\WINDOWS\SYSTEM\APPKA32.DLL (file missing)

O2 - BHO: Class - {8A5F0FCE-B4C7-C116-D92B-0B255A0B1010} - C:\WINDOWS\NTZX32.DLL (file missing)

O2 - BHO: Class - {0A8CC5AD-6CB8-94A8-FEF2-BEB1C9592B9F} - C:\WINDOWS\ADDDE.DLL (file missing)

O2 - BHO: Class - {46BCC53C-16A6-B232-32BE-A6A734001028} - C:\WINDOWS\SYSTEM\SDKNO.DLL (file missing)

O2 - BHO: Class - {319AAF29-5AF7-424D-A2BF-652F766BFD22} - C:\WINDOWS\MSEF.DLL (file missing)

O2 - BHO: Class - {A18BBD1A-155E-061F-CEC3-1D1D0FD001AD} - C:\WINDOWS\SYSXL32.DLL (file missing)

O2 - BHO: Class - {014AA13A-49F9-5D06-3090-AFE8A6A99EB3} - C:\WINDOWS\SYSTEM\D3UW.DLL (file missing)

O2 - BHO: Class - {58A3B827-E558-6A95-E4CB-C1818FB35C24} - C:\WINDOWS\SYSTEM\D3OY.DLL (file missing)

O2 - BHO: Class - {0E04E44F-DABB-A3E6-D044-F99125738982} - C:\WINDOWS\SYSTEM\MFCVU.DLL (file missing)

O2 - BHO: Class - {2622A7EE-A486-8EBC-94F7-84B63486BC92} - C:\WINDOWS\SYSTEM\MSNM.DLL (file missing)

O2 - BHO: Class - {4B034615-6EB7-64E3-324F-7E2D83C47C51} - C:\WINDOWS\SYSTEM\IPAL.DLL (file missing)

O2 - BHO: Class - {72A39AEF-DD4E-4E16-F75A-38EC18D3FF84} - C:\WINDOWS\SYSTEM\APPCH32.DLL (file missing)

O2 - BHO: Class - {055BB011-24C0-044F-1AC2-0DD6BE5F0059} - C:\WINDOWS\WINJK.DLL (file missing)

O2 - BHO: Class - {8008A5E4-E7E0-D626-819E-2CABC19B791F} - C:\WINDOWS\SYSXL32.DLL (file missing)

O2 - BHO: Class - {4A515210-1CD0-C708-D58B-235E88247714} - C:\WINDOWS\SYSXL32.DLL (file missing)

O2 - BHO: Class - {180FCABA-EF31-938C-9338-3DC66EBCF1D1} - C:\WINDOWS\SYSXL32.DLL (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)

O2 - BHO: Class - {199374E3-93D9-A3DC-ECFD-83B509626878} - C:\WINDOWS\SYSXL32.DLL (file missing)

O2 - BHO: Class - {FF1366ED-9E07-B33B-4476-0FAE65FC41AE} - C:\WINDOWS\SYSXL32.DLL (file missing)

 

reboot your computer.

 

Post a new log.

Share this post


Link to post
Share on other sites

THanks

 

Here you go:

 

Logfile of HijackThis v1.98.0

Scan saved at 12:32:07 PM, on 7/30/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE

C:\WINDOWS\SYSTEM\HPZIPM12.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\IE UTILITIES\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;;localhost;<local>

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Ad-watch] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\Ad-watch.exe"

O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MFCEE32.EXE] C:\WINDOWS\MFCEE32.EXE

O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Startup: hp instant support.lnk = c:\Program Files\Hewlett-Packard\hpis\bin\mpbtn.exe

O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}\NewShortcut1.exe

O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O18 - Protocol: pcn - {D540F040-F3D9-11D0-95BE-00C04FD93CA5} - C:\PROGRAM FILES\ENCOMPASS\V1MK.DLL

Share this post


Link to post
Share on other sites

have hijackthis fix the following with no browser windows open:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

O4 - HKLM\..\RunServices: [MFCEE32.EXE] C:\WINDOWS\MFCEE32.EXE

 

reboot into safe mode.

 

find and delete:

 

C:\WINDOWS\MFCEE32.EXE

 

empty recycling bin and post a new log.

Share this post


Link to post
Share on other sites

Thanks all is done. C\WINDOWS\MFCEE32.EXE. To be sure, I scanned for it elswher and did not find it.

 

Logfile of HijackThis v1.98.0

Scan saved at 1:37:13 PM, on 7/30/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE

C:\WINDOWS\SYSTEM\HPZIPM12.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\IE UTILITIES\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;;localhost;<local>

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Ad-watch] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\Ad-watch.exe"

O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MFCEE32.EXE] C:\WINDOWS\MFCEE32.EXE

O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Startup: hp instant support.lnk = c:\Program Files\Hewlett-Packard\hpis\bin\mpbtn.exe

O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}\NewShortcut1.exe

O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O18 - Protocol: pcn - {D540F040-F3D9-11D0-95BE-00C04FD93CA5} - C:\PROGRAM FILES\ENCOMPASS\V1MK.DLL

Share this post


Link to post
Share on other sites

fix the following with hijackthis, no browser windows open:

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gump.net/search/index.html

O4 - HKLM\..\RunServices: [MFCEE32.EXE] C:\WINDOWS\MFCEE32.EXE

 

reboot your computer and post a new log.

Share this post


Link to post
Share on other sites

Done- Interesting that the hcoa.dll and MDCEE32.EXE keep coming back?

 

Logfile of HijackThis v1.98.0

Scan saved at 2:19:21 PM, on 7/30/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE

C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE

C:\WINDOWS\SYSTEM\HPZIPM12.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\IE UTILITIES\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;;localhost;<local>

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Ad-watch] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\Ad-watch.exe"

O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MFCEE32.EXE] C:\WINDOWS\MFCEE32.EXE

O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Startup: hp instant support.lnk = c:\Program Files\Hewlett-Packard\hpis\bin\mpbtn.exe

O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}\NewShortcut1.exe

O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O18 - Protocol: pcn - {D540F040-F3D9-11D0-95BE-00C04FD93CA5} - C:\PROGRAM FILES\ENCOMPASS\V1MK.DLL

Share this post


Link to post
Share on other sites

hey, boot into safe mode by tapipng F8 while its booting up... have hijackthis fix the following with nothing open, except hijackthis:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gump.net/search/index.html

O4 - HKLM\..\RunServices: [MFCEE32.EXE] C:\WINDOWS\MFCEE32.EXE

 

reboot your computer back into normal mode and post a new log.

Share this post


Link to post
Share on other sites

Did it. If I look at the log after the fix but before I reboot from safe mode the changes were done. However, once I reboot the entries are back!. I have inlcuded both logs

 

While still in safe mode but after the fix:

 

Logfile of HijackThis v1.98.0

Scan saved at 3:03:26 PM, on 7/30/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\IE UTILITIES\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;;localhost;<local>

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Ad-watch] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\Ad-watch.exe"

O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Startup: hp instant support.lnk = c:\Program Files\Hewlett-Packard\hpis\bin\mpbtn.exe

O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}\NewShortcut1.exe

O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O18 - Protocol: pcn - {D540F040-F3D9-11D0-95BE-00C04FD93CA5} - C:\PROGRAM FILES\ENCOMPASS\V1MK.DLL

 

Log after reboot to normal mode:

 

Logfile of HijackThis v1.98.0

Scan saved at 3:11:09 PM, on 7/30/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE

C:\WINDOWS\SYSTEM\HPZIPM12.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE

C:\IE UTILITIES\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hchoa.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gump.net/search/index.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;;localhost;<local>

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Ad-watch] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\Ad-watch.exe"

O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MFCEE32.EXE] C:\WINDOWS\MFCEE32.EXE

O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Startup: hp instant support.lnk = c:\Program Files\Hewlett-Packard\hpis\bin\mpbtn.exe

O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O4 - Startup: Billminder.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}\NewShortcut1.exe

O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

O18 - Protocol: pcn - {D540F040-F3D9-11D0-95BE-00C04FD93CA5} - C:\PROGRAM FILES\ENCOMPASS\V1MK.DLL

Share this post


Link to post
Share on other sites

Hello

 

Do this:

 

Download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe

 

Install the program and launch it.

 

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

 

Next, we need to configure Ad-aware for a full scan.

 

icon11.gif Click on the Gear icon (second from the left) to access the preferences/settings window

 

1. In the General window make sure the following are selected:

  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives

icon11.gif Click on the Advanced button on the left and select:

  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details

icon11.gif Click the Tweak button and select:

  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile

    [*]Under the Cleaning Engine:

    • Let Windows remove files in use at next reboot

icon11.gif Click on Proceed to save the settings.

 

icon11.gif Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

  • Use Custom Scanning Options

icon11.gif Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

 

icon11.gif When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

 

icon11.gifReboot your computer.

 

post a new log.

Share this post


Link to post
Share on other sites

Did it. FYI i have been using ad-aware for awhile, however, without all of the options you had suggested.

 

Below is a new Hijack log. Below that is the adaware log

 

--------------------------------------------------

Lavasoft Ad-aware Professional Build 6.181

Logfile created on :Friday, July 30, 2004 4:33:23 PM

Using reference-file :01R334 24.07.2004

______________________________________________________

 

Reffile status:

=========================

Reference file loaded:

Reference Number : 01R334 24.07.2004

Internal build : 268

File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref

Total size : 1316091 Bytes

Signature data size : 1295051 Bytes

Reference data size : 20976 Bytes

Signatures total : 28648

Target categories : 10

Target families : 528

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium II

Memory available:22 %

Total physical memory:130200 kb

Available physical memory:22332 kb

Total page file size:956448 kb

Available on page file:838256 kb

Total virtual memory:2093056 kb

Available virtual memory:2044992 kb

OS:Windows (98)

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-aware Settings

=========================

Set : Unload recognized processes during scanning

Set : Include basic Ad-aware settings in logfile

Set : Include additional Ad-aware settings in logfile

Set : Automatically mark all objects in result list

Set : Automatically try to unregister objects prior to deletion

Set : Let windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Completely reanalyze processes on change

Set : Block ActiveX installations

Set : Block IE save operations

Set : Block Popups and banned sites

Set : Log Ad-aware events

Set : Show splash screen

Set : Always back up reference file, before updating

Set : Play sound if scan produced a result

 

 

7-30-04 4:33:23 PM - Scan started. (Custom mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [kernel32.dll]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4279211853

Threads : 8

Priority : High

FileSize : 460 KB

FileVersion : 4.10.1998

ProductVersion : 4.10.1998

Copyright : Copyright © Microsoft Corp. 1991-1998

CompanyName : Microsoft Corporation

FileDescription : Win32 Kernel core component

InternalName : KERNEL32

OriginalFilename : KERNEL32.DLL

ProductName : Microsoft® Windows® Operating System

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:2 [msgsrv32.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294956821

Threads : 1

Priority : Normal

FileSize : 11 KB

FileVersion : 4.10.1998

ProductVersion : 4.10.1998

Copyright : Copyright © Microsoft Corp. 1992-1998

CompanyName : Microsoft Corporation

FileDescription : Windows 32-bit VxD Message Server

InternalName : MSGSRV32

OriginalFilename : MSGSRV32.EXE

ProductName : Microsoft® Windows® Operating System

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:3 [mprexe.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294957733

Threads : 1

Priority : Normal

FileSize : 28 KB

FileVersion : 4.10.1998

ProductVersion : 4.10.1998

Copyright : Copyright © Microsoft Corp. 1993-1998

CompanyName : Microsoft Corporation

FileDescription : WIN32 Network Interface Service Process

InternalName : MPREXE

OriginalFilename : MPREXE.EXE

ProductName : Microsoft® Windows® Operating System

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:4 [vsmon.exe]

FilePath : C:\WINDOWS\SYSTEM\ZONELABS\

ProcessID : 4294884469

Threads : 17

Priority : Normal

FileSize : 893 KB

FileVersion : 5.0.590.015

ProductVersion : 5.0.590.015

Copyright : Copyright

CompanyName : Zone Labs Inc.

FileDescription : TrueVector Service

InternalName : vsmon

OriginalFilename : vsmon.exe

ProductName : TrueVector Service

Created on : 6/3/04 7:55:16 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/17/04 8:55:26 AM

 

#:5 [mstask.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294893969

Threads : 2

Priority : Normal

FileSize : 109 KB

FileVersion : 4.71.1972.1

ProductVersion : 4.71.1972.1

Copyright : Copyright © Microsoft Corp. 2000

CompanyName : Microsoft Corporation

FileDescription : Task Scheduler Engine

InternalName : TaskScheduler

OriginalFilename : mstask.exe

ProductName : Microsoft

Created on : 6/18/01 4:33:20 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 6/18/01 4:33:20 PM

 

#:6 [spool32.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294860469

Threads : 3

Priority : Normal

FileSize : 44 KB

FileVersion : 4.10.1998

ProductVersion : 4.10.1998

Copyright : Copyright © Microsoft Corp. 1994 - 1998

CompanyName : Microsoft Corporation

FileDescription : Spooler Sub System Process

InternalName : spool32

OriginalFilename : spool32.exe

ProductName : Microsoft® Windows® Operating System

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:7 [mmtask.tsk]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294860737

Threads : 1

Priority : Normal

FileSize : 1 KB

FileVersion : 4.03.1998

ProductVersion : 4.03.1998

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Multimedia background task support module

InternalName : mmtask.tsk

OriginalFilename : mmtask.tsk

ProductName : Microsoft Windows

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:8 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 4294844049

Threads : 13

Priority : Normal

FileSize : 176 KB

FileVersion : 4.72.3110.1

ProductVersion : 4.72.3110.1

Copyright : Copyright © Microsoft Corp. 1981-1997

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft® Windows NT® Operating System

Created on : 5/12/98 12:01:00 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:9 [systray.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294034285

Threads : 1

Priority : Normal

FileSize : 36 KB

FileVersion : 4.10.1998

ProductVersion : 4.10.1998

Copyright : Copyright © Microsoft Corp. 1993-1998

CompanyName : Microsoft Corporation

FileDescription : System Tray Applet

InternalName : SYSTRAY

OriginalFilename : SYSTRAY.EXE

ProductName : Microsoft® Windows® Operating System

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:10 [em_exec.exe]

FilePath : C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\

ProcessID : 4293989381

Threads : 1

Priority : Normal

FileSize : 28 KB

FileVersion : 9.70.216

ProductVersion : 9.70

Copyright : Copyright

CompanyName : Logitech Inc.

FileDescription : Control Center

InternalName : EM_EXEC

OriginalFilename : EM_EXEC.CPP

ProductName : MouseWare

Created on : 2/1/03 6:45:07 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/1/02 1:50:00 PM

 

#:11 [zlclient.exe]

FilePath : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\

ProcessID : 4294001797

Threads : 7

Priority : Normal

FileSize : 681 KB

FileVersion : 5.0.590.015

ProductVersion : 5.0.590.015

Copyright : Copyright

CompanyName : Zone Labs Inc.

FileDescription : Zone Labs Client

InternalName : zlclient

OriginalFilename : zlclient.exe

ProductName : Zone Labs Client

Created on : 6/3/04 7:55:20 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/17/04 8:56:14 AM

 

#:12 [wcmdmgr.exe]

FilePath : C:\WINDOWS\WT\UPDATER\

ProcessID : 4294003581

Threads : 4

Priority : Idle

FileSize : 148 KB

FileVersion : 1.6.2.3

ProductVersion : 1.6.2.3

Copyright : Copyright

CompanyName : WildTangent, Inc.

FileDescription : wcmdmgr

InternalName : WildTangent Updater Service

OriginalFilename : wcmdmgr.exe

ProductName : WildTangent Updater Service

Created on : 5/28/04 9:42:39 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 3/12/04 7:53:48 PM

 

#:13 [evntsvc.exe]

FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\

ProcessID : 4294001757

Threads : 2

Priority : Normal

FileSize : 143 KB

FileVersion : 0.1.0.880

ProductVersion : 0.1.0.880

Copyright : Copyright

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

OriginalFilename : evntsvc.EXE

ProductName : RealOne Player (32-bit)

Created on : 7/1/02 4:10:59 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/1/02 4:11:00 PM

 

#:14 [ad-watch.exe]

FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\

ProcessID : 4294013669

Threads : 3

Priority : Normal

FileSize : 383 KB

FileVersion : 3.1.2.17

ProductVersion : 3.0

Copyright : 2001-2003 Team Lavasoft

CompanyName : Lavasoft Sweden

FileDescription : Ad-watch Monitor

InternalName : Ad-watch.exe

OriginalFilename : Ad-watch.exe

ProductName : Ad-aware 6

Created on : 7/20/04 1:21:39 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 2/13/03 2:04:42 AM

 

#:15 [hpotdd01.exe]

FilePath : C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\

ProcessID : 4293975873

Threads : 3

Priority : Normal

FileSize : 28 KB

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

Copyright : Copyright

CompanyName : Hewlett-Packard

FileDescription : hpotdd01

InternalName : hpotdd01

OriginalFilename : hpotdd01.exe

ProductName : Hewlett-Packard hpotdd01

Created on : 4/9/03 10:11:12 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 4/9/03 10:11:12 PM

 

#:16 [hposol08.exe]

FilePath : C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\

ProcessID : 4294047557

Threads : 3

Priority : Normal

FileSize : 144 KB

FileVersion : 4.2.0.021

ProductVersion : 2.4.1.021

Copyright : Copyright © Hewlett-Packard Co. 1995-2001

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet COM Device Objects

InternalName : HPOSOL08

OriginalFilename : HPOSOL08.EXE

ProductName : hp digital imaging - hp all-in-one series

Created on : 4/9/03 9:42:06 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 4/9/03 9:42:06 PM

 

#:17 [hpoevm08.exe]

FilePath : C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\

ProcessID : 4294050221

Threads : 9

Priority : Normal

FileSize : 280 KB

FileVersion : 4.2.0.021

ProductVersion : 2.4.1.021

Copyright : Copyright © Hewlett-Packard Co. 1995-2001

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet COM Event Manager

InternalName : HPOEVM08

OriginalFilename : HPOEVM08.EXE

ProductName : hp digital imaging - hp all-in-one series

Created on : 4/9/03 9:49:36 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 4/9/03 9:49:36 PM

 

#:18 [hpzipm12.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294058489

Threads : 1

Priority : Normal

FileSize : 64 KB

FileVersion : 6, 0, 0, 0

ProductVersion : 6, 0, 0, 0

Copyright : Copyright

CompanyName : HP

FileDescription : PML Driver

InternalName : PmlDrv

OriginalFilename : PmlDrv.exe

ProductName : HP PML

Created on : 2/7/03 2:38:52 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 2/7/03 2:38:52 AM

 

#:19 [hposts08.exe]

FilePath : C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\

ProcessID : 4294207133

Threads : 2

Priority : Normal

FileSize : 304 KB

FileVersion : 4.2.0.021

ProductVersion : 2.4.1.021

Copyright : Copyright © Hewlett-Packard Co. 1995-2001

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet Status

InternalName : HPOSTS08

OriginalFilename : HPOSTS08.EXE

ProductName : hp digital imaging - hp all-in-one series

Created on : 4/9/03 9:59:24 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 4/9/03 9:59:24 PM

 

#:20 [internat.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294216777

Threads : 1

Priority : Normal

FileSize : 39 KB

FileVersion : 4.80.3008.1

ProductVersion : 4.80.3008.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Internat

InternalName : Internat - exe

OriginalFilename : INTERNAT.EXE

ProductName : Microsoft® Windows NT® Operating System

Created on : 1/31/00 4:20:54 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 1/31/00 4:20:54 PM

 

#:21 [ddhelp.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294413461

Threads : 2

Priority : Realtime

FileSize : 32 KB

FileVersion : 4.09.00.0900

ProductVersion : 4.09.00.0900

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Microsoft DirectX Helper

InternalName : DDHelp.exe

OriginalFilename : DDHelp.exe

ProductName : Microsoft

Created on : 8/11/03 1:26:13 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 12/12/02 4:14:32 AM

 

#:22 [pstores.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294316193

Threads : 3

Priority : Normal

FileSize : 79 KB

FileVersion : 5.00.1877.3

ProductVersion : 5.00.1877.3

Copyright : Copyright © Microsoft Corp. 1981-1998

CompanyName : Microsoft Corporation

FileDescription : Protected storage server

InternalName : Protected storage server

OriginalFilename : Protected storage server

ProductName : Microsoft® Windows NT® Operating System

Created on : 3/18/99 4:00:00 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 3/18/99 4:00:00 AM

 

#:23 [ad-aware.exe]

FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\

ProcessID : 4294101885

Threads : 3

Priority : Normal

FileSize : 724 KB

FileVersion : 6.0.1.183

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 7/13/04 12:53:41 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/13/03 2:01:58 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Tracking Cookie Object recognized!

Type : File

Data : bill@overture[1].txt

Category : Data Miner

Comment :

Object : C:\WINDOWS\Cookies\

 

Created on : 7/30/04 1:00:31 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/30/04 1:00:32 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : bill@2o7[1].txt

Category : Data Miner

Comment :

Object : C:\WINDOWS\Cookies\

 

Created on : 7/30/04 4:39:08 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/30/04 4:39:10 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : bill@questionmarket[2].txt

Category : Data Miner

Comment :

Object : C:\WINDOWS\Cookies\

 

Created on : 7/30/04 1:01:38 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/30/04 1:01:40 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : bill@zedo[1].txt

Category : Data Miner

Comment :

Object : C:\WINDOWS\Cookies\

 

Created on : 7/30/04 1:16:06 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/30/04 1:16:08 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : bill@realmedia[1].txt

Category : Data Miner

Comment :

Object : C:\WINDOWS\Cookies\

 

Created on : 7/30/04 1:56:09 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/30/04 1:56:10 PM

 

 

 

Disk scan result for C:\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 5

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 5

 

 

5:17:10 PM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:43:47:640

Objects scanned :260241

Objects identified :5

Objects ignored :0

New objects :5

 

--------------------------------------------------------

Lavasoft Ad-aware Professional Build 6.181

Logfile created on :Friday, July 30, 2004 4:33:23 PM

Using reference-file :01R334 24.07.2004

______________________________________________________

 

Reffile status:

=========================

Reference file loaded:

Reference Number : 01R334 24.07.2004

Internal build : 268

File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref

Total size : 1316091 Bytes

Signature data size : 1295051 Bytes

Reference data size : 20976 Bytes

Signatures total : 28648

Target categories : 10

Target families : 528

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium II

Memory available:22 %

Total physical memory:130200 kb

Available physical memory:22332 kb

Total page file size:956448 kb

Available on page file:838256 kb

Total virtual memory:2093056 kb

Available virtual memory:2044992 kb

OS:Windows (98)

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-aware Settings

=========================

Set : Unload recognized processes during scanning

Set : Include basic Ad-aware settings in logfile

Set : Include additional Ad-aware settings in logfile

Set : Automatically mark all objects in result list

Set : Automatically try to unregister objects prior to deletion

Set : Let windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Completely reanalyze processes on change

Set : Block ActiveX installations

Set : Block IE save operations

Set : Block Popups and banned sites

Set : Log Ad-aware events

Set : Show splash screen

Set : Always back up reference file, before updating

Set : Play sound if scan produced a result

 

 

7-30-04 4:33:23 PM - Scan started. (Custom mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [kernel32.dll]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4279211853

Threads : 8

Priority : High

FileSize : 460 KB

FileVersion : 4.10.1998

ProductVersion : 4.10.1998

Copyright : Copyright © Microsoft Corp. 1991-1998

CompanyName : Microsoft Corporation

FileDescription : Win32 Kernel core component

InternalName : KERNEL32

OriginalFilename : KERNEL32.DLL

ProductName : Microsoft® Windows® Operating System

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:2 [msgsrv32.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294956821

Threads : 1

Priority : Normal

FileSize : 11 KB

FileVersion : 4.10.1998

ProductVersion : 4.10.1998

Copyright : Copyright © Microsoft Corp. 1992-1998

CompanyName : Microsoft Corporation

FileDescription : Windows 32-bit VxD Message Server

InternalName : MSGSRV32

OriginalFilename : MSGSRV32.EXE

ProductName : Microsoft® Windows® Operating System

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:3 [mprexe.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294957733

Threads : 1

Priority : Normal

FileSize : 28 KB

FileVersion : 4.10.1998

ProductVersion : 4.10.1998

Copyright : Copyright © Microsoft Corp. 1993-1998

CompanyName : Microsoft Corporation

FileDescription : WIN32 Network Interface Service Process

InternalName : MPREXE

OriginalFilename : MPREXE.EXE

ProductName : Microsoft® Windows® Operating System

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:4 [vsmon.exe]

FilePath : C:\WINDOWS\SYSTEM\ZONELABS\

ProcessID : 4294884469

Threads : 17

Priority : Normal

FileSize : 893 KB

FileVersion : 5.0.590.015

ProductVersion : 5.0.590.015

Copyright : Copyright

CompanyName : Zone Labs Inc.

FileDescription : TrueVector Service

InternalName : vsmon

OriginalFilename : vsmon.exe

ProductName : TrueVector Service

Created on : 6/3/04 7:55:16 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/17/04 8:55:26 AM

 

#:5 [mstask.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294893969

Threads : 2

Priority : Normal

FileSize : 109 KB

FileVersion : 4.71.1972.1

ProductVersion : 4.71.1972.1

Copyright : Copyright © Microsoft Corp. 2000

CompanyName : Microsoft Corporation

FileDescription : Task Scheduler Engine

InternalName : TaskScheduler

OriginalFilename : mstask.exe

ProductName : Microsoft

Created on : 6/18/01 4:33:20 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 6/18/01 4:33:20 PM

 

#:6 [spool32.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294860469

Threads : 3

Priority : Normal

FileSize : 44 KB

FileVersion : 4.10.1998

ProductVersion : 4.10.1998

Copyright : Copyright © Microsoft Corp. 1994 - 1998

CompanyName : Microsoft Corporation

FileDescription : Spooler Sub System Process

InternalName : spool32

OriginalFilename : spool32.exe

ProductName : Microsoft® Windows® Operating System

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:7 [mmtask.tsk]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294860737

Threads : 1

Priority : Normal

FileSize : 1 KB

FileVersion : 4.03.1998

ProductVersion : 4.03.1998

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Multimedia background task support module

InternalName : mmtask.tsk

OriginalFilename : mmtask.tsk

ProductName : Microsoft Windows

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:8 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 4294844049

Threads : 13

Priority : Normal

FileSize : 176 KB

FileVersion : 4.72.3110.1

ProductVersion : 4.72.3110.1

Copyright : Copyright © Microsoft Corp. 1981-1997

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft® Windows NT® Operating System

Created on : 5/12/98 12:01:00 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:9 [systray.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294034285

Threads : 1

Priority : Normal

FileSize : 36 KB

FileVersion : 4.10.1998

ProductVersion : 4.10.1998

Copyright : Copyright © Microsoft Corp. 1993-1998

CompanyName : Microsoft Corporation

FileDescription : System Tray Applet

InternalName : SYSTRAY

OriginalFilename : SYSTRAY.EXE

ProductName : Microsoft® Windows® Operating System

Created on : 1/1/01

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/12/98 12:01:00 AM

 

#:10 [em_exec.exe]

FilePath : C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\

ProcessID : 4293989381

Threads : 1

Priority : Normal

FileSize : 28 KB

FileVersion : 9.70.216

ProductVersion : 9.70

Copyright : Copyright

CompanyName : Logitech Inc.

FileDescription : Control Center

InternalName : EM_EXEC

OriginalFilename : EM_EXEC.CPP

ProductName : MouseWare

Created on : 2/1/03 6:45:07 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/1/02 1:50:00 PM

 

#:11 [zlclient.exe]

FilePath : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\

ProcessID : 4294001797

Threads : 7

Priority : Normal

FileSize : 681 KB

FileVersion : 5.0.590.015

ProductVersion : 5.0.590.015

Copyright : Copyright

CompanyName : Zone Labs Inc.

FileDescription : Zone Labs Client

InternalName : zlclient

OriginalFilename : zlclient.exe

ProductName : Zone Labs Client

Created on : 6/3/04 7:55:20 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 5/17/04 8:56:14 AM

 

#:12 [wcmdmgr.exe]

FilePath : C:\WINDOWS\WT\UPDATER\

ProcessID : 4294003581

Threads : 4

Priority : Idle

FileSize : 148 KB

FileVersion : 1.6.2.3

ProductVersion : 1.6.2.3

Copyright : Copyright

CompanyName : WildTangent, Inc.

FileDescription : wcmdmgr

InternalName : WildTangent Updater Service

OriginalFilename : wcmdmgr.exe

ProductName : WildTangent Updater Service

Created on : 5/28/04 9:42:39 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 3/12/04 7:53:48 PM

 

#:13 [evntsvc.exe]

FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\

ProcessID : 4294001757

Threads : 2

Priority : Normal

FileSize : 143 KB

FileVersion : 0.1.0.880

ProductVersion : 0.1.0.880

Copyright : Copyright

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

OriginalFilename : evntsvc.EXE

ProductName : RealOne Player (32-bit)

Created on : 7/1/02 4:10:59 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/1/02 4:11:00 PM

 

#:14 [ad-watch.exe]

FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\

ProcessID : 4294013669

Threads : 3

Priority : Normal

FileSize : 383 KB

FileVersion : 3.1.2.17

ProductVersion : 3.0

Copyright : 2001-2003 Team Lavasoft

CompanyName : Lavasoft Sweden

FileDescription : Ad-watch Monitor

InternalName : Ad-watch.exe

OriginalFilename : Ad-watch.exe

ProductName : Ad-aware 6

Created on : 7/20/04 1:21:39 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 2/13/03 2:04:42 AM

 

#:15 [hpotdd01.exe]

FilePath : C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\

ProcessID : 4293975873

Threads : 3

Priority : Normal

FileSize : 28 KB

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

Copyright : Copyright

CompanyName : Hewlett-Packard

FileDescription : hpotdd01

InternalName : hpotdd01

OriginalFilename : hpotdd01.exe

ProductName : Hewlett-Packard hpotdd01

Created on : 4/9/03 10:11:12 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 4/9/03 10:11:12 PM

 

#:16 [hposol08.exe]

FilePath : C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\

ProcessID : 4294047557

Threads : 3

Priority : Normal

FileSize : 144 KB

FileVersion : 4.2.0.021

ProductVersion : 2.4.1.021

Copyright : Copyright © Hewlett-Packard Co. 1995-2001

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet COM Device Objects

InternalName : HPOSOL08

OriginalFilename : HPOSOL08.EXE

ProductName : hp digital imaging - hp all-in-one series

Created on : 4/9/03 9:42:06 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 4/9/03 9:42:06 PM

 

#:17 [hpoevm08.exe]

FilePath : C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\

ProcessID : 4294050221

Threads : 9

Priority : Normal

FileSize : 280 KB

FileVersion : 4.2.0.021

ProductVersion : 2.4.1.021

Copyright : Copyright © Hewlett-Packard Co. 1995-2001

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet COM Event Manager

InternalName : HPOEVM08

OriginalFilename : HPOEVM08.EXE

ProductName : hp digital imaging - hp all-in-one series

Created on : 4/9/03 9:49:36 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 4/9/03 9:49:36 PM

 

#:18 [hpzipm12.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294058489

Threads : 1

Priority : Normal

FileSize : 64 KB

FileVersion : 6, 0, 0, 0

ProductVersion : 6, 0, 0, 0

Copyright : Copyright

CompanyName : HP

FileDescription : PML Driver

InternalName : PmlDrv

OriginalFilename : PmlDrv.exe

ProductName : HP PML

Created on : 2/7/03 2:38:52 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 2/7/03 2:38:52 AM

 

#:19 [hposts08.exe]

FilePath : C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\

ProcessID : 4294207133

Threads : 2

Priority : Normal

FileSize : 304 KB

FileVersion : 4.2.0.021

ProductVersion : 2.4.1.021

Copyright : Copyright © Hewlett-Packard Co. 1995-2001

CompanyName : Hewlett-Packard Co.

FileDescription : HP OfficeJet Status

InternalName : HPOSTS08

OriginalFilename : HPOSTS08.EXE

ProductName : hp digital imaging - hp all-in-one series

Created on : 4/9/03 9:59:24 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 4/9/03 9:59:24 PM

 

#:20 [internat.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294216777

Threads : 1

Priority : Normal

FileSize : 39 KB

FileVersion : 4.80.3008.1

ProductVersion : 4.80.3008.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Internat

InternalName : Internat - exe

OriginalFilename : INTERNAT.EXE

ProductName : Microsoft® Windows NT® Operating System

Created on : 1/31/00 4:20:54 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 1/31/00 4:20:54 PM

 

#:21 [ddhelp.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294413461

Threads : 2

Priority : Realtime

FileSize : 32 KB

FileVersion : 4.09.00.0900

ProductVersion : 4.09.00.0900

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Microsoft DirectX Helper

InternalName : DDHelp.exe

OriginalFilename : DDHelp.exe

ProductName : Microsoft

Created on : 8/11/03 1:26:13 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 12/12/02 4:14:32 AM

 

#:22 [pstores.exe]

FilePath : C:\WINDOWS\SYSTEM\

ProcessID : 4294316193

Threads : 3

Priority : Normal

FileSize : 79 KB

FileVersion : 5.00.1877.3

ProductVersion : 5.00.1877.3

Copyright : Copyright © Microsoft Corp. 1981-1998

CompanyName : Microsoft Corporation

FileDescription : Protected storage server

InternalName : Protected storage server

OriginalFilename : Protected storage server

ProductName : Microsoft® Windows NT® Operating System

Created on : 3/18/99 4:00:00 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 3/18/99 4:00:00 AM

 

#:23 [ad-aware.exe]

FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\

ProcessID : 4294101885

Threads : 3

Priority : Normal

FileSize : 724 KB

FileVersion : 6.0.1.183

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 7/13/04 12:53:41 AM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/13/03 2:01:58 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Tracking Cookie Object recognized!

Type : File

Data : bill@overture[1].txt

Category : Data Miner

Comment :

Object : C:\WINDOWS\Cookies\

 

Created on : 7/30/04 1:00:31 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/30/04 1:00:32 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : bill@2o7[1].txt

Category : Data Miner

Comment :

Object : C:\WINDOWS\Cookies\

 

Created on : 7/30/04 4:39:08 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/30/04 4:39:10 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : bill@questionmarket[2].txt

Category : Data Miner

Comment :

Object : C:\WINDOWS\Cookies\

 

Created on : 7/30/04 1:01:38 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/30/04 1:01:40 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : bill@zedo[1].txt

Category : Data Miner

Comment :

Object : C:\WINDOWS\Cookies\

 

Created on : 7/30/04 1:16:06 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/30/04 1:16:08 PM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : bill@realmedia[1].txt

Category : Data Miner

Comment :

Object : C:\WINDOWS\Cookies\

 

Created on : 7/30/04 1:56:09 PM

Last accessed : 7/30/04 4:00:00 AM

Last modified : 7/30/04 1:56:10 PM

 

 

 

Disk scan result for C:\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 5

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 5

 

 

5:17:10 PM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:43:47:640

Objects scanned :260241

Objects identified :5

Objects ignored :0

New objects :5

Share this post


Link to post
Share on other sites

Ok, well just fix whatever adaware finds.

 

And post a new hijackthis log.

Share this post


Link to post
Share on other sites

All seems to be working OK!! There does seem to be something trying to reset the hchoa and MFCEE32.EXE stanza in the registry. But it is not consistant and ad-watch is catching it when it does happen. I also installed IE 6 security update KB867801. This also seemed to help a lot.

 

Consider this one closed!

 

Again, many thanks.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0