Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

psgaurd [CLOSED]


  • This topic is locked This topic is locked

#16
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Run Hijack This and click on scan. The following items need to be fixed -

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo.../nethv32_EN.cab


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Delete the files -

C:\WINDOWS\scanregw.exe
C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE


Reboot the PC and post a fresh HJT log.

I will try and locate a wininet.dll file for you in the meantime. In case you know somebody with Windows 98, go ahead and copy the wininet.dll file from C:\WINDOWS\SYSTEM folder into the same dfolder on your PC.
  • 0

Advertisements


#17
rickcole

rickcole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:05:00 PM, on 9/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Status Monitor.lnk = C:\Program Files\XEROX_XD\ENGSS.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Sims\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Sims\PartyPoker.exe
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateu...com/java/cr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: WebMaster ChatNow Client - http://68.16.242.2:8...ava/chatnow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab



if you can find a wininet.dll file that would be great. i have a friend who thinks he has one, but if you could save me the money I would have to pay him that would be great.
  • 0

#18
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Lets try this -


go to Start>Run box. Type in MSINFO32
then <enter> In the Tools menu, choose IE Repair. Run the repair procedure,
then check to see if McAfee still flags the file. If so, do the same
procedure, except that after pulling up the IE Repair dialogue, choose Add
Components. Put a check mark in every item that is bolded (you want to
reinstall the items that are already installed--the bolded ones.)

If you have any problems with either Repair or the forced reinstall (Add
Components procedure), then go here and download the IE Setup program.
http://tinyurl.com/6n3w and simply reinstall.

Let me know how it goes !! check the folder C:\WINDOWS\SYSTEM for wininet.dll file.

Make sure the system and hidden files are visible. For more info read this page - http://www.bleepingc...tutorial62.html
  • 0

#19
rickcole

rickcole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
YAY!!!!!!!!!!!!!!!!!!!!!!

I AM POSTING THIS ON MY COMPUTER!!!!!!!!!!!
MY COMPUTER!!!!!!!!!!!


YAY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

want my hjt file?
  • 0

#20
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Sure post it !!!

I have never seen anybody more excited on this forum !!!!
  • 0

#21
rickcole

rickcole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:04:39 PM, on 9/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mlb.mlb.com/N...p/mlb/index.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Status Monitor.lnk = C:\Program Files\XEROX_XD\ENGSS.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Sims\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Sims\PartyPoker.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateu...com/java/cr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: WebMaster ChatNow Client - http://68.16.242.2:8...ava/chatnow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab



I'm just thrilled my computer is back up. My life depends on it.
  • 0

#22
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,


I am not sure why the wininet.dll file got deleted in the first place.

Please visit Panda and do an online scan. Save the scan report and post it back here.
  • 0

#23
rickcole

rickcole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
here it is
  • 0

#24
rickcole

rickcole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sry didn't press right button earlier
Incident Status Location

Adware:adware/psguard No disinfected C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\PSGuard spyware remover.lnk
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM\ide21201.vxd
Adware:adware/iedriver No disinfected C:\WINDOWS\SYSTEM\Searchx.htm
Spyware:spyware/linkreplacer No disinfected C:\WINDOWS\SYSTEM\lmdv.bin
Adware:adware/midaddle No disinfected C:\WINDOWS\SYSTEM\PreUninstall.exe
Dialer:dialer.b No disinfected C:\WINDOWS\SYSTEM\eglivecam_1028.dll
Adware:adware/ezula No disinfected C:\WINDOWS\SYSTEM\ezPopStub.exe
Spyware:spyware/smitfraud No disinfected C:\WINDOWS\SYSTEM\oleext.dll
Adware:adware/memorywatcher No disinfected C:\MemoryWatcher_b.exe
Adware:adware/sidesearch No disinfected C:\SEPinst.exe
Adware:adware/purityscan No disinfected C:\Buddy.exe
Adware:adware/gator No disinfected C:\WINDOWS\GatorPdpPlugin.log
Adware:adware/statblaster No disinfected C:\WINDOWS\minigolf_affiliate.exe
Adware:adware/ncase No disinfected C:\PROGRAM FILES\nCase
Adware:adware/mediatickets No disinfected Windows Registry
Adware:Adware/IEDriver No disinfected C:\WINDOWS\SYSTEM\ACTXPRXY.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\SYSTEM\Searchx.htm
Adware:Adware/IEDriver No disinfected C:\WINDOWS\SYSTEM\DSOUND3D.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\SYSTEM\SearchBar.htm
Spyware:Spyware/LinkReplacer No disinfected C:\WINDOWS\SYSTEM\PreUninstall.exe
Spyware:Spyware/LinkReplacer No disinfected C:\WINDOWS\SYSTEM\uninst.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\ezPopStub.exe
Adware:Adware/Surebar No disinfected C:\WINDOWS\SYSTEM\surebar.dll
Adware:Adware/Winstat No disinfected C:\WINDOWS\SYSTEM\WinStat11.dll
Adware:Adware/AdultLink No disinfected C:\WINDOWS\Downloaded Program Files\QaBar.dll
Adware:Adware/Zango No disinfected C:\WINDOWS\Downloaded Program Files\ZangoLib.dll
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\minigolf_affiliate.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\eZinstall.exe
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\CMEII\CMEIIAPI.dll
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\CMEII\GStore.dll
Adware:Adware/WUpd No disinfected C:\Program Files\WindowsUpdate\Windows SyncroAd\WinSync.exe
Adware:Adware/WUpd No disinfected C:\Program Files\WindowsUpdate\Windows SyncroAd\CComm.dll
Adware:Adware/WUpd No disinfected C:\Program Files\WindowsUpdate\Windows SyncroAd\SyncroAd.exe
Adware:Adware/nCase No disinfected C:\Program Files\nCase\msbb.exe
Adware:Adware/nCase No disinfected C:\Program Files\nCase\ncmyb.dll
Possible Virus. No disinfected C:\Program Files\SBITPlugin\113448.dlr
Adware:Adware/MemoryWatcher No disinfected C:\Program Files\MemoryWatcher\MemoryWatcher.exe
Adware:Adware/MemoryWatcher No disinfected C:\Program Files\MemoryWatcher\TrayIcon.ocx
Adware:Adware/MemoryWatcher No disinfected C:\Program Files\MemoryWatcher\uninst.exe
Adware:Adware/SideSearch No disinfected C:\Downloads\backups\backup-20050830-212409-256.dll
Adware:Adware/ESyndicate No disinfected C:\Downloads\backups\backup-20050830-212409-687.dll
Spyware:Spyware/LinkReplacer No disinfected C:\Downloads\backups\backup-20050830-212409-996.dll
Adware:Adware/MediaTickets No disinfected C:\Downloads\backups\backup-20050830-212411-115.inf
Adware:Adware/MediaTickets No disinfected C:\Downloads\backups\backup-20050830-212411-115.dll
Adware:Adware/MediaTickets No disinfected C:\Downloads\backups\backup-20050830-212411-115
Dialer:Dialer.B No disinfected C:\Downloads\backups\backup-20050830-212412-829.inf
Adware:Adware/Zango No disinfected C:\Downloads\backups\backup-20050830-212413-188.dll
Dialer:Dialer.CE No disinfected C:\Downloads\backups\backup-20050830-212413-840.inf
Adware:Adware/WUpd No disinfected C:\Downloads\backups\backup-20050830-212414-504.inf
Adware:Adware/WUpd No disinfected C:\Downloads\backups\backup-20050830-212414-504.dll
Adware:Adware Program No disinfected C:\Downloads\backups\backup-20050830-212414-956.inf
Spyware:Spyware/Overpro No disinfected C:\Downloads\backups\backup-20050830-212414-956.dll
Adware:Adware/MemoryWatcher No disinfected C:\SuiteInstall.exe
Adware:Adware/Beginto No disinfected C:\449166.exe
Adware:Adware/BookedSpace No disinfected C:\newdevin.exe
Adware:Adware/MemoryWatcher No disinfected C:\MemoryWatcher_b.exe
Adware:Adware/SideSearch No disinfected C:\SEPinst.exe
Adware:Adware/eZula No disinfected C:\ezStub.exe
Adware:Adware/PurityScan No disinfected C:\Buddy.exe
Adware:Adware/IEDriver No disinfected C:\Overpro-401.exe
  • 0

#25
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
What have you done with your PC on the net ???????

I have neve seen so many install files for so many infections at one place in my whole life ????

Please post a fresh HJT log
  • 0

Advertisements


#26
rickcole

rickcole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:59:14 PM, on 9/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mlb.mlb.com/N...p/mlb/index.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Status Monitor.lnk = C:\Program Files\XEROX_XD\ENGSS.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Sims\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Sims\PartyPoker.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateu...com/java/cr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: WebMaster ChatNow Client - http://68.16.242.2:8...ava/chatnow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab



To be honest, I think this one site I used to go to just installed most of them...
  • 0

#27
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

Run CleanUp and delete all temp files including temporary internet files

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -


Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\PROGRAM FILES\WINDOWS SYNCROAD\
C:\Program Files\Common Files\CMEII
C:\Program Files\MemoryWatcher
C:\PROGRAM FILES\nCase
C:\Program Files\SBITPlugin
C:\Program Files\WindowsUpdate\Windows SyncroAd

Files
C:\449166.exe
C:\Buddy.exe
C:\ezStub.exe
C:\MemoryWatcher_b.exe
C:\newdevin.exe
C:\Overpro-401.exe
C:\SEPinst.exe
C:\SuiteInstall.exe
C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\PSGuard spyware remover.lnk
C:\WINDOWS\Downloaded Program Files\QaBar.dll
C:\WINDOWS\Downloaded Program Files\ZangoLib.dll
C:\WINDOWS\eZinstall.exe
C:\WINDOWS\GatorPdpPlugin.log
C:\WINDOWS\minigolf_affiliate.exe
C:\WINDOWS\SYSTEM\ACTXPRXY.exe
C:\WINDOWS\SYSTEM\DSOUND3D.exe
C:\WINDOWS\SYSTEM\eglivecam_1028.dll
C:\WINDOWS\SYSTEM\ezPopStub.exe
C:\WINDOWS\SYSTEM\ide21201.vxd
C:\WINDOWS\SYSTEM\lmdv.bin
C:\WINDOWS\SYSTEM\PreUninstall.exe
C:\WINDOWS\SYSTEM\SearchBar.htm
C:\WINDOWS\SYSTEM\Searchx.htm
C:\WINDOWS\SYSTEM\surebar.dll
C:\WINDOWS\SYSTEM\uninst.exe
C:\WINDOWS\SYSTEM\WinStat11.dll



Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Reboot the PC in Normal Mode.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report and the contents of the file C:\smitfiles.txt.
  • 0

#28
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP