Jump to content


Photo

REPOST!!! STUBORN BHO'S AND DPF'S....


  • Please log in to reply
5 replies to this topic

#1 mtnmum

mtnmum

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 12 June 2004 - 01:40 PM

I have tried spybot, adaware, Hijack this and others I cannot think of.
I was (at first) getting tons of pop-ups every 5 seconds and I apparently have tons of adware cookies and adware still installed after numerous attemps to get rid of them. I have been receiving help from another forum and it seems we are at a dead end. So any insight would be appreciated. You guys are wonderful.
Hope you can help. Lots of thanks on my end here for your time.
mtnmum


Logfile of HijackThis v1.97.7
Scan saved at 3:51:09 PM, on 6/9/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\BELLSOUTH\APPLICATION CENTER\BSNAPPCENTER.EXE
C:\PROGRAM FILES\CLEANMYPC\REGISTRY CLEANER\RCSCHEDULER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://care2.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://bellsouth.net"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\fce6hm5u.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\fce6hm5u.slt\prefs.js)
O2 - BHO: (no name) - {EFD440C0-0943-11d3-9D65-00A0CC22CBC4} - C:\WINDOWS\QPHELPER.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSPC.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - (no file)
O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638DB} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - (no file)
O2 - BHO: (no name) - {00000000-0000-41a3-98CF-00000000168B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BellSouthSyn] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Synchronize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BellSouthScheduler] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Scheduler
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra 'Tools' menuitem: &AltaVista Home (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fasta...oad/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8023.8065740741
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp...er/SysQuery.cab
O16 - DPF: {9AF6E7AE-D248-11D2-BFAA-00805F2392C0} (Smi Class) - http://ipgweb.cce.hp...er/SysQuery.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://tech-a.mhi.ao...s/custappx2.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -

<><><><><><><><><><><><><><><><><><><><><><><
These are the stubborn guys that I was talking about:

O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - (no file)
O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638DB} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - (no file)
O2 - BHO: (no name) - {00000000-0000-41a3-98CF-00000000168B} - (no file)
--------- ------------ ---------- --------- -------------
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
<><><><><><><><><><><><><><><><><><><><><><><><><><
I have tried to kill these guys in safe mode and normal mode . always making sure no programs were running.
Thanks for your help!


Would I be doing any damage to get rid of the following? (keeping in mind I never use/used "altivista", Live 365 was my husband listening to new wave music):
And what is WKUFIND.exe?

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://bellsouth.net"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\fce6hm5u.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\fce6hm5u.slt\prefs.js)

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavist...avie5/babelfish

O9 - Extra 'Tools' menuitem: &AltaVista Home (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)

oh,yea- most importantly - thank you.
2nd most importantly- I have used ad-aware and spybot, and others and read the F&Q's.

#2 mtnmum

mtnmum

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 13 June 2004 - 03:22 PM

bumping myself up to TRY and GET HELP
!!!!!!!!!!!!!!!!!?????????????????????!!!!!!!!!!!!!
it has been dddddddaaaaaaaayyyyyyyssssssss since I FIRST posted!!!!!!

#3 mtnmum

mtnmum

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 13 June 2004 - 03:50 PM

Help Needed. Please read previous post.

#4 mtnmum

mtnmum

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 June 2004 - 03:24 PM

Hello,............Is there anybody out there?............... :wtf:

#5 lansalot

lansalot

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 20 June 2004 - 03:46 PM

qphelper.dll appears to be on the known shitlist.

Try my tutorial here, replacing aajje.dll with qphelper.dll (and "del c:\windows\qphelper.dll") instead.

Incidentally, there's a pinned post about not bumping if you read above..

http://www.spywarein...st=0#entry32871

#6 mtnmum

mtnmum

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 June 2004 - 07:12 PM

Thankyou so much for a reply. :cool: I did not even expect one. It really had been awhile and what can one do who has a business and relies on their computer. Funds are limited and it is great to get help on issues when possible without spending cash. So I thank you so very much. :hyper:
Even if I can't fix my problems.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button