Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I need help getting rid of winfixer 2005..on windows 98


  • This topic is locked This topic is locked
33 replies to this topic

#16 clueless123

clueless123

    Authentic Member

  • Authentic Member
  • PipPip
  • 58 posts

Posted 16 November 2005 - 02:11 PM

1:48 PM: hp authorized customer@adlegend[1].txt (ID = 2074) 1:48 PM: hp authorized customer@abcnews.go[2].txt (ID = 2729) 1:48 PM: Found Spy Cookie: tracking cookie 1:48 PM: hp authorized customer@tracking[2].txt (ID = 3571) 1:48 PM: hp authorized customer@magic.about[2].txt (ID = 2038) 1:48 PM: hp authorized customer@adopt.specificclick[2].txt (ID = 3400) 1:48 PM: Found Spy Cookie: banners cookie 1:48 PM: hp authorized customer@banners[1].txt (ID = 2282) 1:48 PM: hp authorized customer@tracking[3].txt (ID = 3571) 1:48 PM: hp authorized customer@autism.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@uproar[2].txt (ID = 3612) 1:48 PM: hp authorized customer@rightmedia[4].txt (ID = 3259) 1:48 PM: hp authorized customer@uproar[4].txt (ID = 3612) 1:48 PM: hp authorized customer@www2.nextag[2].txt (ID = 5015) 1:48 PM: hp authorized customer@atwola[5].txt (ID = 2255) 1:48 PM: hp authorized customer@pricegrabber[3].txt (ID = 3185) 1:48 PM: hp authorized customer@stat.dealtime[1].txt (ID = 2506) 1:48 PM: hp authorized customer@www.burstbeacon[2].txt (ID = 2335) 1:48 PM: hp authorized customer@go[3].txt (ID = 2728) 1:48 PM: hp authorized customer@atwola[2].txt (ID = 2255) 1:48 PM: hp authorized customer@heavy.etv.go[2].txt (ID = 2729) 1:48 PM: Found Spy Cookie: burstnet cookie 1:48 PM: hp authorized customer@burstnet[1].txt (ID = 2336) 1:48 PM: hp authorized customer@bizrate[2].txt (ID = 2308) 1:48 PM: Found Spy Cookie: xzoomy cookie 1:48 PM: hp authorized customer@www.xzoomy[1].txt (ID = 3742) 1:48 PM: Found Spy Cookie: spywarelabs install cookie 1:48 PM: hp authorized customer@install.spywarelabs[1].txt (ID = 3421) 1:48 PM: hp authorized customer@a[3].txt (ID = 2027) 1:48 PM: Found Spy Cookie: offeroptimizer cookie 1:48 PM: hp authorized customer@offeroptimizer[1].txt (ID = 3087) 1:48 PM: hp authorized customer@rightmedia[2].txt (ID = 3259) 1:48 PM: hp authorized customer@abetterinternet[3].txt (ID = 2035) 1:48 PM: Found Spy Cookie: localnrd cookie 1:48 PM: hp authorized customer@drk.localnrd[2].txt (ID = 2933) 1:48 PM: hp authorized customer@servlet[2].txt (ID = 3345) 1:48 PM: hp authorized customer@about[5].txt (ID = 2037) 1:48 PM: hp authorized customer@go2net[4].txt (ID = 2730) 1:48 PM: Found Spy Cookie: dcskqeg2voifwznnd6alhtnei_8f3u cookie 1:48 PM: hp authorized customer@dcskqeg2voifwznnd6alhtnei_8f3u[2].txt (ID = 2501) 1:48 PM: hp authorized customer@adopt.specificclick[3].txt (ID = 3400) 1:48 PM: hp authorized customer@a.websponsors[1].txt (ID = 3665) 1:48 PM: hp authorized customer@boston.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@southernfood.about[1].txt (ID = 2038) 1:48 PM: Found Spy Cookie: howstuffworks cookie 1:48 PM: hp authorized customer@howstuffworks[2].txt (ID = 2805) 1:48 PM: hp authorized customer@hometheater.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@angelfire[1].txt (ID = 2221) 1:48 PM: hp authorized customer@wb11.trb[1].txt (ID = 3588) 1:48 PM: hp authorized customer@rightmedia[5].txt (ID = 3259) 1:48 PM: Found Spy Cookie: tickle cookie 1:48 PM: hp authorized customer@cookie.tickle[1].txt (ID = 3530) 1:48 PM: hp authorized customer@infospace[4].txt (ID = 2865) 1:48 PM: Found Spy Cookie: exitfuel cookie 1:48 PM: hp authorized customer@exitfuel[1].txt (ID = 2635) 1:48 PM: hp authorized customer@adknowledge[2].txt (ID = 2072) 1:48 PM: hp authorized customer@www.web-stat[3].txt (ID = 3649) 1:48 PM: hp authorized customer@did-it[1].txt (ID = 2523) 1:48 PM: hp authorized customer@nextag[2].txt (ID = 5014) 1:48 PM: hp authorized customer@tracking[4].txt (ID = 3571) 1:48 PM: hp authorized customer@kount[4].txt (ID = 2911) 1:48 PM: hp authorized customer@customer[2].txt (ID = 2481) 1:48 PM: hp authorized customer@bizrate[3].txt (ID = 2308) 1:48 PM: hp authorized customer@wb4.trb[3].txt (ID = 3588) 1:48 PM: hp authorized customer@trb[3].txt (ID = 3587) 1:48 PM: hp authorized customer@wgntv.trb[1].txt (ID = 3588) 1:48 PM: hp authorized customer@ask[2].txt (ID = 2245) 1:48 PM: hp authorized customer@autism.about[2].txt (ID = 2038) 1:48 PM: Found Spy Cookie: partypoker cookie 1:48 PM: hp authorized customer@partypoker[2].txt (ID = 3111) 1:48 PM: hp authorized customer@burstnet[3].txt (ID = 2336) 1:48 PM: Found Spy Cookie: e.spyspotter cookie 1:48 PM: hp authorized customer@e.spyspotter[2].txt (ID = 2553) 1:48 PM: hp authorized customer@dist.belnk[2].txt (ID = 2293) 1:48 PM: hp authorized customer@atwola[6].txt (ID = 2255) 1:48 PM: hp authorized customer@sideshow.directtrack[2].txt (ID = 2528) 1:48 PM: hp authorized customer@www.burstbeacon[5].txt (ID = 2335) 1:48 PM: hp authorized customer@contests.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@bizrate[4].txt (ID = 2308) 1:48 PM: hp authorized customer@atwola[8].txt (ID = 2255) 1:48 PM: hp authorized customer@atwola[7].txt (ID = 2255) 1:48 PM: hp authorized customer@tracking[1].txt (ID = 3571) 1:48 PM: hp authorized customer@bizrate[5].txt (ID = 2308) 1:48 PM: hp authorized customer@go2net[1].txt (ID = 2730) 1:48 PM: Found Spy Cookie: seeq cookie 1:48 PM: hp authorized customer@www.seeq[1].txt (ID = 3332) 1:48 PM: hp authorized customer@stat.dealtime[4].txt (ID = 2506) 1:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:39 1:48 PM: Starting File Sweep 1:49 PM: Warning: Failed to open file "c:\windows\pfpjobpr.{pb". The process cannot access

    Advertisements

Register to Remove


#17 clueless123

clueless123

    Authentic Member

  • Authentic Member
  • PipPip
  • 58 posts

Posted 16 November 2005 - 02:12 PM

the file because it is being used by another process 1:49 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process 1:53 PM: Found Adware: 180search assistant/zango 1:53 PM: c:\windows\temp\fleok (ID = -2147480558) 1:53 PM: Found Adware: broadcastpc 1:53 PM: c:\windows\temp\64.exe (ID = -2147481328) 1:53 PM: c:\windows\temp\autoupdate0 (ID = -2147481415) 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11a1-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11a2-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11a3-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11a4-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11a5-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11a6-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11a7-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11a8-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11a9-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11aa-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11ab-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11ac-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11ad-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11ae-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11af-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11b0-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11b1-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11b2-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11b3-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11b4-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11b5-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11b6-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11b7-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11b8-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11b9-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11ba-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11bb-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11bc-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11bd-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11be-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11bf-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11c0-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11c1-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11c2-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11c3-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 1:53 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf21b11c4-569f-11da-9e86-0008a18891ae.tmp". The process cannot access the file because it is being used by another process 2:42 PM: Traces Found: 1968

#18 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 16 November 2005 - 02:37 PM

Ok, found quite a few things there. You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

#19 clueless123

clueless123

    Authentic Member

  • Authentic Member
  • PipPip
  • 58 posts

Posted 16 November 2005 - 04:18 PM

It says I have to have Windows XP or windows 2000 to run this.

#20 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 16 November 2005 - 09:35 PM

Ok, let's try a different set of scans next then. Please run full scans with Ad-Aware SE and Spybot-S&D as follows:
(If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)

Full Ad-Aware Scan
Please download Ad-Aware SE from here:
http://www.majorgeek...ownload506.html
Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file.

Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)

Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file

Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only

Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring

Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)

Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom right side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer.


Spybot Full Scan
Next, please download Spybot-S&D from here:
http://www.majorgeek...ad.php?det=2471
Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again.

Let me know how the scans go and if anything cannot be removed.

#21 clueless123

clueless123

    Authentic Member

  • Authentic Member
  • PipPip
  • 58 posts

Posted 17 November 2005 - 03:22 PM

I did everything here is a new hijack log
Logfile of HijackThis v1.99.1
Scan saved at 4:19:15 PM, on 11/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\VERIZON ONLINE\BIN\MPBTN.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...://hp.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com...://hp.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [2iNXA5] "C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE" /PC=CP.IST2 /SHUN /UNAR="/CTUN"
O4 - HKLM\..\Run: [rs2g36i] CRYWPROP.EXE
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\PROGRAM FILES\SPYSPOTTER3\Defender.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [aBtmRWGmh] CABFAX08.EXE
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824YYUS
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PEOPLEPC\BIN\PAYMEN~1.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - c:\windows\system\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - c:\windows\PeoplePC\hta\peopledialer.hta
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rcabinstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

#22 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 18 November 2005 - 11:39 AM

Ok, were those programs able to remove everything they found?

#23 clueless123

clueless123

    Authentic Member

  • Authentic Member
  • PipPip
  • 58 posts

Posted 18 November 2005 - 12:26 PM

Yes

#24 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 18 November 2005 - 04:00 PM

Ok, let's keep going. Please download the trial version of Ewido Security Suite here. Install it, and update the definitions to the newest files. Run the scan and allow it fix what it finds. Please post the log from Ewido for me to review.

#25 clueless123

clueless123

    Authentic Member

  • Authentic Member
  • PipPip
  • 58 posts

Posted 18 November 2005 - 11:02 PM

Sorry to be a pain but you have to have windows 2000 to run this program.

    Advertisements

Register to Remove


#26 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 19 November 2005 - 01:26 AM

Oops! Sorry about that! Please download a free trial of Trojan Hunter here and run a scan to clean up anything it finds.

#27 clueless123

clueless123

    Authentic Member

  • Authentic Member
  • PipPip
  • 58 posts

Posted 19 November 2005 - 04:30 PM

Ran the Trojan Hunter. Here is a new hijack log

Logfile of HijackThis v1.99.1
Scan saved at 5:27:35 PM, on 11/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\VERIZON ONLINE\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...://hp.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com...://hp.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [2iNXA5] "C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE" /PC=CP.IST2 /SHUN /UNAR="/CTUN"
O4 - HKLM\..\Run: [rs2g36i] CRYWPROP.EXE
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\PROGRAM FILES\SPYSPOTTER3\Defender.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [aBtmRWGmh] CABFAX08.EXE
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824YYUS
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PEOPLEPC\BIN\PAYMEN~1.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - c:\windows\system\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - c:\windows\PeoplePC\hta\peopledialer.hta
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rcabinstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

#28 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 20 November 2005 - 10:12 PM

Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable SpySweeper:
  • Open it click >Options over to the left then >Program Options >Uncheck "load at windows startup".
  • Over to the left click "shields" and uncheck all there.
  • Uncheck "home page shield".
  • Uncheck "automatically restore default without notification".
Please run HijackThis and click "Scan." Place checks next to the following entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O4 - HKLM\..\Run: [2iNXA5] "C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE" /PC=CP.IST2 /SHUN /UNAR="/CTUN"
O4 - HKLM\..\Run: [rs2g36i] CRYWPROP.EXE
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\PROGRAM FILES\SPYSPOTTER3\Defender.exe -startup
O4 - HKCU\..\Run: [aBtmRWGmh] CABFAX08.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824YYUS
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - c:\windows\system\shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rcabinstall.cab


Close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Next, please enable viewing of hidden files as follows:
  • Go to My Computer, and click on the "Tools" menu
  • Click "Folder options"
  • Select the "View" tab
  • Make sure "Show hidden files and folders" is selected
  • Make sure "Hide extensions for known file types" is unchecked
  • Make sure "Hide protected operating system files (recommended)" is unchecked
Delete the following files and folders (if present):
C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE <--This file
C:\Program Files\CxtPls <--This folder and its contents
C:\Program Files\AutoUpdate <--This folder and its contents
CRYWPROP.EXE <--This file. I am not sure where it is located, so you will have to search for it.
C:\PROGRAM FILES\SPYSPOTTER3 <--This folder and its contents
CABFAX08.EXE <--This file. I am not sure where it is located, so you will have to search for it.

Reboot your computer and post a new HJT log.

#29 clueless123

clueless123

    Authentic Member

  • Authentic Member
  • PipPip
  • 58 posts

Posted 21 November 2005 - 01:16 AM

New hijack log
Logfile of HijackThis v1.99.1
Scan saved at 2:14:31 AM, on 11/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\VERIZON ONLINE\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...://hp.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com...://hp.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PEOPLEPC\BIN\PAYMEN~1.DLL
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - c:\windows\PeoplePC\hta\peopledialer.hta
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

#30 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 21 November 2005 - 12:38 PM

Ok, that log looks clean. How are things running?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users