Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My HiJackThis Log- Please help me! [RESOLVED]


  • This topic is locked This topic is locked

#1
maggiemay92

maggiemay92

    Member

  • Member
  • PipPip
  • 10 posts
:tazz:

Oh dear. I'm not new to computers, but seem to be rather ignorant about these things. I did a hijackthis scan and well, I'm NOT impressed with myself or my computer. Can anyone help me? Here is my scan:

Spyware Doctor Activity Report
Generated on 8/10/2005 10:34:54 AM Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 8/10/2005 10:35:30 AM
scan stop: 8/10/2005 11:02:11 AM
scanned items: 152484
found items: 365
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Disk Scanner



Infection Name Location Risk
iWon multiple Medium
MyPointsPointAlert multiple Elevated
NavHelper NAVAPP.EXE (C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.4D\NAVAPP.EXE) Info
2nd-thought.com HKCR\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95} Medium
2nd-thought.com HKCR\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}## Medium
2nd-thought.com HKCR\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}\ProxyStubClsid Medium
2nd-thought.com HKCR\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}\ProxyStubClsid## Medium
2nd-thought.com HKCR\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}\ProxyStubClsid32 Medium
2nd-thought.com HKCR\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}\ProxyStubClsid32## Medium
2nd-thought.com HKCR\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}\TypeLib Medium
2nd-thought.com HKCR\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}\TypeLib## Medium
2nd-thought.com HKCR\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}\TypeLib##Version Medium
Comet Cursor HKCR\appid\dmserver.exe High
Comet Cursor HKCR\appid\dmserver.exe## High
Comet Cursor HKCR\appid\dmserver.exe##AppID High
Common Components for 180Solutions items HKLM\Software\180solutions Elevated
Common Components for 180Solutions items HKLM\Software\180solutions## Elevated
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Search Page_bak Medium
Flingstone Infamous Downloader HKLM\SOFTWARE\Microsoft\Windows##infamous High
Flingstone Infamous Downloader HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##mswspl High
Flingstone Infamous Downloader HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##stcinstaller High
InternetOptimizer HKLM\software\fci High
InternetOptimizer HKLM\software\fci## High
InternetOptimizer HKLM\software\fci\DyFuCA Software Installer High
InternetOptimizer HKLM\software\fci\DyFuCA Software Installer## High
InternetOptimizer HKLM\software\fci\DyFuCA Software Installer##Version High
InternetOptimizer HKLM\software\fci\DyFuCA Software Installer##Target High
InternetOptimizer HKLM\Software\Microsoft\Internet Explorer\Main##BandRest High
MyPointsPointAlert HKCU\Software\Microsoft\Internet Explorer\MenuExt\MyPoints Elevated
MyPointsPointAlert HKCU\Software\Microsoft\Internet Explorer\MenuExt\MyPoints## Elevated
MyPointsPointAlert HKCU\Software\Microsoft\Internet Explorer\MenuExt\MyPoints##Contexts Elevated
MyPointsPointAlert HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping##{67B50696-04BA-48ea-A697-28AA0EAA9C26} Elevated
MyPointsPointAlert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##MyPointsPointAlert0 Elevated
MyPointsPointAlert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\unmypt800 Elevated
MyPointsPointAlert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\unmypt800## Elevated
MyPointsPointAlert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\unmypt800##DisplayName Elevated
MyPointsPointAlert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\unmypt800##UninstallString Elevated
NavHelper HKLM\Software\Microsoft\Windows\CurrentVersion\Run##navapp Info
Overpro.com HKLM\SOFTWARE\MiniGolf High
Overpro.com HKLM\SOFTWARE\MiniGolf## High
Overpro.com HKLM\SOFTWARE\MiniGolf##Install_Dir High
WebSearch Toolbar HKCU\SOFTWARE\Toolbar Elevated
WebSearch Toolbar HKCU\SOFTWARE\Toolbar## Elevated
WebSearch Toolbar HKCU\SOFTWARE\Toolbar##POPUPBLOCKER Elevated
WebSearch Toolbar HKLM\SOFTWARE\Toolbar Elevated
WebSearch Toolbar HKLM\SOFTWARE\Toolbar## Elevated
WebSearch Toolbar HKLM\SOFTWARE\Toolbar##POPUPBLOCKER Elevated
WebSearch Toolbar HKU\.DEFAULT\SOFTWARE\Toolbar Elevated
WebSearch Toolbar HKU\.DEFAULT\SOFTWARE\Toolbar## Elevated
WebSearch Toolbar HKU\.DEFAULT\SOFTWARE\Toolbar##POPUPBLOCKER Elevated
WildTangent HKCR\WildTangent.ActiveLauncher Info
WildTangent HKCR\WildTangent.ActiveLauncher## Info
WildTangent HKCR\WildTangent.ActiveLauncher\CLSID Info
WildTangent HKCR\WildTangent.ActiveLauncher\CLSID## Info
WildTangent HKCR\WildTangent.ActiveLauncher\CurVer Info
WildTangent HKCR\WildTangent.ActiveLauncher\CurVer## Info
WildTangent HKCR\WildTangent.ActiveLauncher\Insertable Info
WildTangent HKCR\WildTangent.ActiveLauncher\Insertable## Info
WildTangent HKCR\WildTangent.ActiveLauncher.1 Info
WildTangent HKCR\WildTangent.ActiveLauncher.1## Info
WildTangent HKCR\WildTangent.ActiveLauncher.1\CLSID Info
WildTangent HKCR\WildTangent.ActiveLauncher.1\CLSID## Info
WildTangent HKCR\WildTangent.ActiveLauncher.1\Insertable Info
WildTangent HKCR\WildTangent.ActiveLauncher.1\Insertable## Info
WildTangent HKCR\WildTangent.ActiveLauncher.2 Info
WildTangent HKCR\WildTangent.ActiveLauncher.2## Info
WildTangent HKCR\WildTangent.ActiveLauncher.2\CLSID Info
WildTangent HKCR\WildTangent.ActiveLauncher.2\CLSID## Info
WildTangent HKCR\WildTangent.ActiveLauncher.2\Insertable Info
WildTangent HKCR\WildTangent.ActiveLauncher.2\Insertable## Info
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14} Info
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}## Info
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid Info
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid## Info
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid32 Info
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\ProxyStubClsid32## Info
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib Info
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib## Info
WildTangent HKCR\Interface\{1DE680D4-84B7-4239-A887-9482A29DBE14}\TypeLib##Version Info
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF} Info
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}## Info
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid Info
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid## Info
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid32 Info
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\ProxyStubClsid32## Info
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib Info
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib## Info
WildTangent HKCR\Interface\{25F53F41-0C37-40FA-AE9F-A260DB2D64CF}\TypeLib##Version Info
WildTangent HKCR\Interface\{519794FA-B932-410A-8322-1445B958C1B1} Info
WildTangent HKCR\Interface\{519794FA-B932-410A-8322-1445B958C1B1}## Info
WildTangent HKCR\Interface\{519794FA-B932-410A-8322-1445B958C1B1}\ProxyStubClsid Info
WildTangent HKCR\Interface\{519794FA-B932-410A-8322-1445B958C1B1}\ProxyStubClsid## Info
WildTangent HKCR\Interface\{519794FA-B932-410A-8322-1445B958C1B1}\ProxyStubClsid32 Info
WildTangent HKCR\Interface\{519794FA-B932-410A-8322-1445B958C1B1}\ProxyStubClsid32## Info
WildTangent HKCR\Interface\{519794FA-B932-410A-8322-1445B958C1B1}\TypeLib Info
WildTangent HKCR\Interface\{519794FA-B932-410A-8322-1445B958C1B1}\TypeLib## Info
WildTangent HKCR\Interface\{519794FA-B932-410A-8322-1445B958C1B1}\TypeLib##Version Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E} Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}## Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0 Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0## Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\FLAGS Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\FLAGS## Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0 Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0## Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0\win32 Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\0\win32## Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\HELPDIR Info
WildTangent HKCR\TypeLib\{4A165BD0-165F-474F-AF66-40CD5AC4613E}\1.0\HELPDIR## Info
WildTangent HKCU\Software\WildTangent Info
WildTangent HKCU\Software\WildTangent## Info
WildTangent HKCU\Software\WildTangent\CDA Info
WildTangent HKCU\Software\WildTangent\CDA## Info
WildTangent HKCU\Software\WildTangent\CDA##CacheDirectory Info
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA Info
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA## Info
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA##DisplayName Info
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA##UninstallString Info
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA##DisplayIcon Info
WildTangent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##WildTangent CDA Info
WildTangent HKLM\SOFTWARE\Microsoft\Java VM##ClassPath Info
Xupiter HKLM\software\classes\appid\{bac984c9-78c8-4105-9e97-1675a4052686} Elevated
Xupiter HKLM\software\classes\appid\{bac984c9-78c8-4105-9e97-1675a4052686}## Elevated
Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd} Elevated
Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}## Elevated
Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\ProxyStubClsid Elevated
Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\ProxyStubClsid## Elevated
Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\ProxyStubClsid32 Elevated
Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\ProxyStubClsid32## Elevated
Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\TypeLib Elevated
Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\TypeLib## Elevated
Xupiter HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\TypeLib##Version Elevated
Xupiter HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d} Elevated
Xupiter HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}## Elevated
Xupiter HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\ProxyStubClsid Elevated
Xupiter HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\ProxyStubClsid## Elevated
Xupiter HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\ProxyStubClsid32 Elevated
Xupiter HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\ProxyStubClsid32## Elevated
Xupiter HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\TypeLib Elevated
Xupiter HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\TypeLib## Elevated
Xupiter HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\TypeLib##Version Elevated
Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956} Elevated
Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}## Elevated
Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\ProxyStubClsid Elevated
Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\ProxyStubClsid## Elevated
Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\ProxyStubClsid32 Elevated
Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\ProxyStubClsid32## Elevated
Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\TypeLib Elevated
Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\TypeLib## Elevated
Xupiter HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\TypeLib##Version Elevated
Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370} Elevated
Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}## Elevated
Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ProxyStubClsid Elevated
Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ProxyStubClsid## Elevated
Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ProxyStubClsid32 Elevated
Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ProxyStubClsid32## Elevated
Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\TypeLib Elevated
Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\TypeLib## Elevated
Xupiter HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\TypeLib##Version Elevated
Xupiter HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544} Elevated
Xupiter HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}## Elevated
Xupiter HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\ProxyStubClsid Elevated
Xupiter HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\ProxyStubClsid## Elevated
Xupiter HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\ProxyStubClsid32 Elevated
Xupiter HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\ProxyStubClsid32## Elevated
Xupiter HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\TypeLib Elevated
Xupiter HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\TypeLib## Elevated
Xupiter HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\TypeLib##Version Elevated
Tracking Cookie(s) default@S137568[1].txt Medium
Tracking Cookie(s) default@www.crayola[1].txt Medium
Tracking Cookie(s) default@atwola[2].txt Medium
Tracking Cookie(s) default@atdmt[1].txt Medium
2nd-thought.com default@as-us.falkag[1].txt Medium
Tracking Cookie(s) default@blingo[2].txt Medium
Common Components for GAIN default@dist.belnk[2].txt Elevated
Tracking Cookie(s) default@crayola[1].txt Medium
Tracking Cookie(s) default@go[2].txt Medium
2nd-thought.com default@sel.as-us.falkag[2].txt Medium
Common Components for GAIN default@belnk[1].txt Elevated
eBates HKCU\Software\Microsoft\Internet Explorer\Extensions\{16BF42FD-CA0A-4F48-819D-B0343254DD67} Elevated
eBates HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping##{16BF42FD-CA0A-4F48-819D-B0343254DD67} Elevated
MyPointsPointAlert HKCU\Software\Microsoft\Internet Explorer\Extensions\{67B50696-04BA-48EA-A697-28AA0EAA9C26} Elevated
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D} Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ProgID Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\VersionIndependentProgID Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\InprocServer32 Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Programmable Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Control Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Insertable Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ToolboxBitmap32 Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\MiscStatus Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\MiscStatus\1 Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\TypeLib Info
WildTangent HKCR\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Version Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D} Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ProgID Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\VersionIndependentProgID Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\InprocServer32 Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Programmable Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Control Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Insertable Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ToolboxBitmap32 Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\MiscStatus Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\MiscStatus\1 Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\TypeLib Info
WildTangent HKLM\Software\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\Version Info
DelfinProject C:\Program Files\Common Files\Dpi High
DelfinProject C:\Program Files\Common Files\remove_tools.html High
AproposMedia C:\Program Files\CxtPls Medium
AproposMedia C:\Program Files\CxtPls\CxtPls.dll Medium
AproposMedia C:\Program Files\CxtPls\CxtPls.exe Medium
AproposMedia C:\Program Files\CxtPls\ProxyStub.dll Medium
AproposMedia C:\Program Files\CxtPls\WinGenerics.dll Medium
AproposMedia C:\Program Files\CxtPls\uninstaller.exe Medium
AproposMedia C:\Program Files\CxtPls\atl.dll Medium
AproposMedia C:\Program Files\CxtPls\AI_29-09-2004.log Medium
AproposMedia C:\Program Files\CxtPls\AI_30-09-2004.log Medium
AproposMedia C:\Program Files\CxtPls\AI_04-10-2004.log Medium
AproposMedia C:\Program Files\CxtPls\AI_02-10-2004.log Medium
AproposMedia C:\Program Files\CxtPls\AI_03-10-2004.log Medium
AproposMedia C:\Program Files\CxtPls\AI_05-10-2004.log Medium
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Ap800 Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Ap800\mypt800.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Ap800\psid800.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Ap800\mercexcl.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Ap800\cmpt70000.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Ap800\merc70000.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Ap800\d72000.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800 Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\411ae3169f0.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\default Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\default\411ae3202e56.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\default\411ae31f6a9b.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\default\411ae31e3a49.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\800sh.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\411ae3192501.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\administrator Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\administrator\411ae3202e56.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\administrator\411ae31f6a9b.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\administrator\411ae31e3a49.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Da800\42f51c3829ec.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\disp800.exe Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert1.exe Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\README.txt Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800 Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Sy800 Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Sy800\800_0.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Sy800\800_1.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Sy800\800_2.dat Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\misc800a.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\popo800a.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\pref800a.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\pref800a_dis.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\pref800a_ena.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\scri800a.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\spec800a.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\myptc03.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\myptp03.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\myptp03_dis.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\myptp03_ena.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\myptrpms03.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Html\myptrpmp03.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt.ico Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_alert_four_top.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_alert_one_top.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_alert_three_top.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_alert_two_top.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_bttn_gothere.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_bttn_no.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_bttn_yes.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_gothere.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_hot.ico Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_left_swoosh.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_left_swoosh2.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_logo_topmoxie.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_no.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_otherGimgClear.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_submit.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\mypt_yes.gif Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Images\logtime.log Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Tp800 Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\log.txt Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\myptC03.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\myptp03.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\myptp03_dis.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\myptp03_ena.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\myptrpmp03.htm Elevated
MyPointsPointAlert C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\myptrpms03.htm Elevated
NavHelper C:\Program Files\NavExcel Info
NavHelper C:\Program Files\NavExcel\NavHelper Info
NavHelper C:\Program Files\NavExcel\NavHelper\v2.0.4d Info
NavHelper C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe Info
DelfinProject C:\WINDOWS\All Users\Application Data\Dpi High
DelfinProject C:\WINDOWS\All Users\Application Data\Dpi\dpi.inf High
DelfinProject C:\WINDOWS\All Users\Application Data\Dpi\dpih.inf High
TV Media Display C:\WINDOWS\Application Data\tvmcwrd.dll Elevated
Coulomb Dialer C:\WINDOWS\Application Data\tvmcwrd.dll Elevated
TV Media Display C:\WINDOWS\Application Data\tvmknwrd.dll Elevated
WildTangent C:\WINDOWS\Application Data\Wildtangent Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\cdacache.odds Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00 Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00 Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\01.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\02.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\03.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\04.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\05.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\06.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\07.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\08.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\09.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\0A.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\0B.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\0C.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\0D.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\0E.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\0F.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\10.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\11.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\12.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\13.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\14.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\15.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\16.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\17.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\18.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\19.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\1A.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\1B.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\1C.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\1D.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\1E.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\1F.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\20.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\21.dat Info
WildTangent C:\WINDOWS\Application Data\Wildtangent\Cdacache\00\00\22.dat Info
Bargain Buddy C:\WINDOWS\bargain3.exe High
IEPlugin C:\WINDOWS\clipg.exe High
Common Components for GAIN C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll Elevated
Common Components for GAIN C:\WINDOWS\Downloaded Program Files\HDPlugin1018.inf Elevated
Bargain Buddy C:\WINDOWS\dwcg2.exe High
IEPlugin C:\WINDOWS\dwcg2.exe High
Transponder.MXTarget C:\WINDOWS\MXTARGET.DLL High
IEPlugin C:\WINDOWS\rgrt.exe High
CWS C:\WINDOWS\SYSTEM\IEHost.EXE High
Marketscore Netsetter C:\WINDOWS\SYSTEM\osmim.dll Medium
24T Toolbar C:\WINDOWS\system\unPPC.exe High
TV Media Display C:\WINDOWS\Temporary Internet Files\Tvm.log Elevated
Lop.com C:\WINDOWS\Twunk001.MTX High
Common Components Unrelated C:\WINDOWS\Application Data\tvmcwrd.dll Medium
Transponder.Twain-tech C:\WINDOWS\BDL24126.EXE High
WildTangent C:\Program Files\Java\j2re1.4.2_04\bin\jDRM0302.dll Info
WildTangent C:\Program Files\Java\j2re1.4.2_04\bin\wtdmmp.dll Info
WildTangent C:\Program Files\Java\j2re1.4.2_04\bin\wtdmmpv.dll Info
WildTangent C:\Program Files\Java\j2re1.4.2_04\lib\ext\wtdmmpi.jar Info
WildTangent C:\Program Files\Java\j2re1.4.2_04\lib\ext\wildtangent.jar Info
WildTangent C:\Program Files\mozilla.org\Mozilla\components\nsiwthostplugin.xpt Info
ClearSearch C:\Program Files\Lycos\IEagent\CSIEINST.DLL Medium
ClearSearch C:\Program Files\Lycos\IEagent\CSSSINST.DLL Medium
ClearSearch C:\Program Files\Lycos\IEagent\CSIE.DLL Medium


Other Sections:








Copyright ? 2003-2005. Distributed by PC Tools. Legal Notice



sigs



Click to go back
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi maggiemay92 and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

a. Click on My Controls at the top right hand corner of the window.
b. In the left hand column, click "View Topics"
c. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
maggiemay92

maggiemay92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:20:48 AM, on 8/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.4D\NAVAPP.EXE
C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ARCSOFT\MEDIA CARD COMPANION\MCC MONITOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.herhealth.../sidelines/?p=n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [iCn] C:\PROGRAM FILES\ICHOOSE\NAG.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [W6] C:\WINDOWS\TEMP\W6.EXE
O4 - HKLM\..\Run: [F] C:\WINDOWS\TEMP\F.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [pE8Q36R] DMSAL.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [RealJukeboxSystray] "C:\PROGRAM FILES\REAL\REALJUKEBOX\tsystray.exe"
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\SYSTEM\wcpsu.exe
O4 - HKCU\..\Run: [Ypr4RWdmP] MPGAPP.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\RunServices: [RealJukeboxSystray] "C:\PROGRAM FILES\REAL\REALJUKEBOX\tsystray.exe"
O4 - HKCU\..\RunServices: [WINT] C:\WINDOWS\SYSTEM\wcpsu.exe
O4 - HKCU\..\RunServices: [Ypr4RWdmP] MPGAPP.EXE
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: MyPoints - file://C:\PROGRAM FILES\MYPOINTS_POINTALERT\Sy800\Tp800\myptC03.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (file missing) (HKCU)
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\PROGRAM FILES\MYPOINTS_POINTALERT\Sy800\Tp800\myptC03.htm (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

We need to make sure all hidden files are showing so please:
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
* Click Start, Programs and Accessories and open Windows Explorer.
* Select a hard drive from the left hand side of the Windows Explorer window.
* Select View the Entire contents of this drive



Please RUN HijackThis.
. Click the SCAN button to produce a log.

Place a check mark beside each one of the following items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [W6] C:\WINDOWS\TEMP\W6.EXE
O4 - HKLM\..\Run: [F] C:\WINDOWS\TEMP\F.EXE
O4 - HKLM\..\Run: [pE8Q36R] DMSAL.EXE
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\SYSTEM\wcpsu.exe
O4 - HKCU\..\Run: [Ypr4RWdmP] MPGAPP.EXE
O4 - HKCU\..\RunServices: [WINT] C:\WINDOWS\SYSTEM\wcpsu.exe
O4 - HKCU\..\RunServices: [Ypr4RWdmP] MPGAPP.EXE
O8 - Extra context menu item: MyPoints - file://C:\PROGRAM FILES\MYPOINTS_POINTALERT\Sy800\Tp800\myptC03.htm
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (file missing) (HKCU)
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\PROGRAM FILES\MYPOINTS_POINTALERT\Sy800\Tp800\myptC03.htm (HKCU)




Now with all the items selected and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System in Safe Mode

How to Start To Safe Mode Using the F8 method in Windows 98/98SE/ME

To start your computer in Safe Mode:
*turn the computer on
*as the computer restarts, press and hold down the Ctrl key until the Windows 98 startup menu appears. (This also works with the F8 key following the same steps)
*Choose Safe mode from the startup menu,
*press Enter
*Windows starts in Safe mode.
*Restart your computer when finished troubleshooting

Using Windows Explorer, locate the following files/folders (with all their content), and DELETE them (if they are present):

C:\WINDOWS\TEMP\(Contents of Folder, Nor Folder itself)
DMSAL.EXE<===You will have to Search for this one
C:\WINDOWS\SYSTEM\wcpsu.exe
MPGAPP.EXE<==Please Search for it
C:\PROGRAM FILES\MYPOINTS_POINTALERT<===Folder

Exit Explorer, and REBOOT BACK INTO NORMAL MODE

Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everytjhing looks now.

Regards,

Trevuren

  • 0

#5
maggiemay92

maggiemay92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I did the removal of suggested files and when I logged on, I'm still getting the C:\
Program~\WILDTA~\......DLL error. Here is my new hijackthis log.

thanks in advance for any help!



Logfile of HijackThis v1.99.1
Scan saved at 6:02:19 PM, on 8/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ARCSOFT\MEDIA CARD COMPANION\MCC MONITOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.herhealth.../sidelines/?p=n
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [iCn] C:\PROGRAM FILES\ICHOOSE\NAG.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [RealJukeboxSystray] "C:\PROGRAM FILES\REAL\REALJUKEBOX\tsystray.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
  • 0

#6
Bugbatter

Bugbatter

    Malware Expert

  • Expert
  • 341 posts
  • MVP
(Merged Topics -- Deleted my reply.)
Carry on, Trevuren! :tazz:

Edited by Bugbatter, 10 August 2005 - 06:22 PM.

  • 0

#7
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

We need to make sure all hidden files are showing so please:
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
* Click Start, Programs and Accessories and open Windows Explorer.
* Select a hard drive from the left hand side of the Windows Explorer window.
* Select View the Entire contents of this drive



Please RUN HijackThis.
. Click the SCAN button to produce a log.

Place a check mark beside each one of the following items:

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain



Now with all the items selected and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System in Safe Mode

How to Start To Safe Mode Using the F8 method in Windows 98/98SE/ME

To start your computer in Safe Mode:
*turn the computer on
*as the computer restarts, press and hold down the Ctrl key until the Windows 98 startup menu appears. (This also works with the F8 key following the same steps)
*Choose Safe mode from the startup menu,
*press Enter
*Windows starts in Safe mode.
*Restart your computer when finished troubleshooting

Using Windows Explorer, locate the following files/folders (with all their content), and DELETE them (if they are present):

C:\PROGRAM FILES\WILDTANGENT<===Folder

Exit Explorer, and REBOOT BACK INTO NORMAL MODE

Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.

Regards,

Trevuren

  • 0

#8
maggiemay92

maggiemay92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:49:59 AM, on 8/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ARCSOFT\MEDIA CARD COMPANION\MCC MONITOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.herhealth.../sidelines/?p=n
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [iCn] C:\PROGRAM FILES\ICHOOSE\NAG.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [RealJukeboxSystray] "C:\PROGRAM FILES\REAL\REALJUKEBOX\tsystray.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
  • 0

#9
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Is the message still appearing?

2. Did you purposely set restrictions as to whom can access your internet Explorer and Control Panel settings?


Trevuren
  • 0

#10
maggiemay92

maggiemay92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I did not knowingly restrict access. The last time I rebooted (after the last set of instructions) the message did not appear! :-)

Thank you!
  • 0

#11
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please RUN HijackThis.
. Click the SCAN button to produce a log.

Place a check mark beside each one of the following items:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Now with all the items selected and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System


Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.

Regards,

Trevuren

  • 0

#12
maggiemay92

maggiemay92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:30:07 PM, on 8/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ARCSOFT\MEDIA CARD COMPANION\MCC MONITOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKSCAL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.herhealth.../sidelines/?p=n
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [iCn] C:\PROGRAM FILES\ICHOOSE\NAG.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [RealJukeboxSystray] "C:\PROGRAM FILES\REAL\REALJUKEBOX\tsystray.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
  • 0

#13
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

2. Cleanup the leftovers. Download CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

3. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0

#14
maggiemay92

maggiemay92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you so much!!! I appreciate all of your help. You guys are the best!

M
  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP