Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus and Spyware problems


  • This topic is locked This topic is locked

#1
beaniethegenie

beaniethegenie

    Member

  • Member
  • PipPip
  • 23 posts
Hi There,
I am trying to fix my daughter's computer. Her two sons thought that it was great to download free games. As you know free is not free. The computer got so bad that they couldn' even go on line. They didn' use any anti-virus programs.
I have cleaned up a lot of stuff. I have to disable a lot of stuff on the startup page, to get on line. I used Normal mode to run the Highjack this scan but had to go back to selective startup to get on line. I have scaned the computer with Ad-aware, Spy-Bot, CW Shredder, F-PROT ANTIVIRUS, I also have The Ultimate Troubleshooter by Answersthatwork.com.
I am sure that there are still a lot of troubles lurking in the computer.
beaniethegenie
  • 0

Advertisements


#2
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
beaniethegenie,

Hello and welcome to GTG. :tazz:

In order to get a better idea of whats happening with your computer:
  • Please download the latest version of HiJackThis from either Site 1 or Site 2
  • Copy it into its own folder, doubleclick HijackThis.exe, and hit "Do a system scan and save a logfile"
  • When the scan is finished, it will ask you to save the log. Just save it anywhere that you will remember like your desktop.
  • After you save it, the log will open in notepad. In notepad, press Ctrl-A to Select All, and copy its contents in a reply to this post.
  • Most of what it lists will be harmless or even essential
  • Don't Fix Anything Yet
Good Luck

ScHwErV ;)
  • 0

#3
beaniethegenie

beaniethegenie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi ScHwErV'
Thanks for answering my call for help. I appreciate it.
I have already done the things you suggested. I ran the scan several days ago.
Here is the post.

Logfile of HijackThis v1.99.1
Scan saved at 4:12:16 PM, on 3/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\KEYBOARD\IKEYMAIN.EXE
C:\DOWNLOADS\18WHEELS_OF_STEEL-DM[1].EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\FSI\F-PROT\F-STOPW.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sxqzlkuji...FgvXPu7HxRd.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vnyyxkswc...LpXI8a4lVKY.jsp
R3 - Default URLSearchHook is missing
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {C4A71B46-B87B-EE21-5B6A-C59DFE2F9BF7} - (no file)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [KenKeybd] C:\PROGRA~1\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [F-STOPW.EXE] "C:\Program Files\FSI\F-Prot\F-STOPW.EXE"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [18Wheels_of_Steel.exe] C:\DOWNLO~1\18WHEE~1.EXE /r
O4 - HKLM\..\Run: [USER ERROR WINDOW TRUST] C:\WINDOWS\Application Data\compdatausererror\Flawmulti.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart QB_SEQUENCE first
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [The Ping] C:\WINDOWS\APPLIC~1\LOCKSI~1\Pure Bias Poll.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: Dell Home - {B2A3DFE0-60A9-11D3-B1FD-C03A4FC10000} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {C7932801-AF0C-11D6-8137-0050DA5F0293} (RdxIE Class) - http://www.grokster.com/rdx/RdxIE.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...IE601Arcade.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab

It looks like I got it.
Thanks for helping a 78 year old gezzer.
  • 0

#4
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
beaniethegenie

Congratulations! You have the latest version of LOP. Lets get started and we can get rid of this problem.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sxqzlkuji...FgvXPu7HxRd.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vnyyxkswc...LpXI8a4lVKY.jsp
R3 - Default URLSearchHook is missing
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {C4A71B46-B87B-EE21-5B6A-C59DFE2F9BF7} - (no file)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - (no file)
O3 - Toolbar: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O4 - HKLM\..\Run: [USER ERROR WINDOW TRUST] C:\WINDOWS\Application Data\compdatausererror\Flawmulti.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...IE601Arcade.cab

Now close all windows other than HiJackThis, then click Fix Checked. Then close HiJackThis.

Please delete these folders using Windows Explorer(if present):

C:\WINDOWS\Application Data\compdatausererror\

Please delete these files using Windows Explorer(if present):

c:\windows\180ax.exe

After that, Reboot.

With all that done, please post another HiJackThis log so that we can continue. Please don't forget to post back and let us know how everything is going.

Good Luck

ScHwErV :tazz:
  • 0

#5
beaniethegenie

beaniethegenie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ScHwErV
Hi I've got good news and bad news.
First the good news I completed the tasks you gave me, they seem to be alright except that when I tried to remove 180ax.exe it isn't there I even tried te FIND function no match. I probably deleted it before I got in touch with Geek to Go. That is pobably not serious.
I am sending this from my computer rather then my daughter's computer.
The bad news is I tried to uninstall F-PROT-Antivirus because the 30 day trial had expired and was going to install AVG Anti-Virus. Unfortunately the uninstall did not work correctly. Some of the Program is gone but A box on the screen says that Real time Protector is still active. So what do you think I should do. I could buy the F-PROT ANTIVIRUS program and try to install it. It's only $29 which is reasonable and it worked good except for the uninstall. If I install AVG will it be confused with the remnants of F-PROT ANTIVIRUS.
Do you have any ideas about what I should do. I do not want to go on line with my daughters computer until I can solve this problem.
Thanks fo your help. beaniethegenie
  • 0

#6
Hemal

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
Dont buy anything you dont want to :tazz: Sometimes even after running the uninstaller correctly, programs are made so that reminemts are left on the computer...in the add/remove programs, make sure all parts of the programs have been uninstalled, it might have been split,- for example the Real Time Protecter might still be somewhere left in the add/remove programs, see if this helps and post back!
  • 0

#7
anderkn

anderkn

    New Member

  • Member
  • Pip
  • 2 posts
Edited by Geeks To Go Mod. Please post your HijackThis log in your own thread, and someone will come along and help you. :tazz:
  • 0

#8
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
anderkn

Please do not hijack someone elses thread. Start your own thread and someone will be along to help you out.

beaniethegenie

Not a problem, we have ways to deal with that.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

ScHwErV :tazz:
  • 0

#9
anderkn

anderkn

    New Member

  • Member
  • Pip
  • 2 posts
Thanks for the input. I think i took care of my problems. SOrry about the thread confusion, this isn't exactly user friendly for posting and replying.

anderkn
  • 0

#10
beaniethegenie

beaniethegenie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ScHwErV
Hi,
I looked in the add/remove programs it contains F-Prot for Windows. When I try to remove it , it goes to install uninstall program, but when all is done it is still there.
I used the find utility and found a number of files for F-Prot Antivirus, these appeared to be all for the DOS version. They are located at C:\Program Files\FSI\F-Prot.
I am running the Startup page in Normal mode. When I do this I occasionaly get a box on the screen that says.
Work off line No connection to the internet is currently available.
To view Internet content that has been saved on your computer Click work off line Click Try again to attempt to connect Work offline Try again
This is not quite the same as when you press Internet Exlorer when you are not online. It is in a box about 2" X 3".
Below is the uninstall_list.txt that you asked for.
Thanks again for your Help, beaniethegenie

Ad-Aware SE Personal
Adobe Acrobat 5.0
America Online
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Toolbar
AOL You've Got Pictures Screensaver
Creative PCI Audio Drivers
EA.COM
EPSON Printer Software
EPSON Status Monitor 2
F-Prot for Windows
GT Interactive - Driver
HijackThis 1.99.1
Internet Explorer Q867282
Kensington KB 6.12
Lexmark Z600 Series
MDP3880 PCI Modem
Microsoft Data Access Components KB870669
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Outlook Express 6
Microsoft Word 97
Microsoft Works 4.5
Microsoft Works Calendar 1.0
Microsoft Works Setup Launcher
Modem Test
MouseWare
NetStorm
Outlook Express Q837009
PhoneTools
QuickTime
Search Plugin
Spybot - Search & Destroy 1.3.1 TX
Survivor ™
The Ultimate Troubleshooter
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows 98 Q890175 Update
Windows Media Player system update (9 Series)
  • 0

Advertisements


#11
beaniethegenie

beaniethegenie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi ScHwErV
I found where the Real time Protector was getting loaded. On the startup page(F-STOPW.EXE)Path (C:\Program Files\FSI\F-Prot\F-STOPW.EXE). I diabled it on the Start Up Page. That takes care of the problem of the antivirus program running in the background. I think I will go ahead and download the AVG Antivirus program.
beaniethegenie
  • 0

#12
beaniethegenie

beaniethegenie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi ScHwErV
I down loaded AVG Anti-virus and ran it. It got 7 Trojan Horses. It looks pretty good.
What is our next line of attack.
The Computer is running pretty good.
It probably needs some more cleaning out
beaniethegenie
  • 0

#13
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Please post a new HiJackThis log and well see what we have left.

ScHwErV :tazz:
  • 0

#14
beaniethegenie

beaniethegenie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hellow again ScHwErV

I am still getting that mystery box I mentioned a couple of post ago.
Do you want me to try to remove the F-Prot Antivirus startup item?

Here is the latest Highjackthis log. This is with a normal Startup page

Logfile of HijackThis v1.99.1
Scan saved at 9:49:39 PM, on 3/13/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\KEYBOARD\IKEYMAIN.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\FSI\F-PROT\F-STOPW.EXE
C:\DOWNLOADS\18WHEELS_OF_STEEL-DM[1].EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bhiwthwtwpklx...1gvXPu7HxRd.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [KenKeybd] C:\PROGRA~1\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [F-STOPW.EXE] "C:\Program Files\FSI\F-Prot\F-STOPW.EXE"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [18Wheels_of_Steel.exe] C:\DOWNLO~1\18WHEE~1.EXE /r
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart QB_SEQUENCE first
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [The Ping] C:\WINDOWS\APPLIC~1\LOCKSI~1\Pure Bias Poll.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: Dell Home - {B2A3DFE0-60A9-11D3-B1FD-C03A4FC10000} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {C7932801-AF0C-11D6-8137-0050DA5F0293} (RdxIE Class) - http://www.grokster.com/rdx/RdxIE.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab

Thanks for your continued help. beaniethegenie
  • 0

#15
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
beaniethegenie

You have been re-infected with LOP. I can tell that this is different from the first time, so we have something hindering our ability to clean your computer. Lets see if we cant tackle this fprot antivirus issue and then move on from there.

Please boot into safe mode.

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

F-Prot for Windows

After that, reboot into normal windows and report back with how things went and with a fresh HijackThis log so that we can continue.

ScHwErV :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP