Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help w/ Trek Blue Error Nuker & various CoolWWWSearch [RESOLVED]


  • This topic is locked This topic is locked

#1
bloodyhell

bloodyhell

    New Member

  • Member
  • Pip
  • 8 posts
Hello, and thanks for any help in advance. I have read the "to-do" list and have followed it, but still have a bug on my computer. Spybot keeps finding Trek Blue & CoolWWWSearch problems and is unable to remove them. I have noticed that everytime I open IE, a handfull of files keep getting generated in my windows and windows/system dirs. They're mostly .EXE, and are usually 0Kbs. IE now always encounters errors and needs to close. As well, and this may be irrelevant but it sure is annoying, upon every re-boot my My Documents folder always opens. And whenever I connect to the internet my firewall asks if I would like to allow access to IE on port 53 DNS Domain Name Server, which it never used to before ( only asking to access the site on port 80). I've been grappling with this now for a few days, and thought I would ask for your assistance. Once again thanks for any and all help.

Here's my HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:00 PM, on 15/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\LEAD TECHNOLOGIES, INC\LEADTOOLS EPRINT IV\BIN\EPRINT4.EXE
C:\WINDOWS\SYSTEM\VNICMON.EXE
C:\PROGRAM FILES\THE CLEANER\TCA.EXE
C:\PROGRAM FILES\THE CLEANER\TCM.EXE
C:\PROGRAM FILES\LEAD TECHNOLOGIES, INC\LEADTOOLS EPRINT IV\BIN\LPSVS04N.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HJT APP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A3CBFECE-B369-7906-33A1-F2844A88D232} - (no file)
O2 - BHO: Class - {88F6BCD2-B9F7-4F89-8993-FC67C0821327} - C:\WINDOWS\SYSTEM\JAVAFG32.DLL__SpybotSDDisabled (file missing)
O2 - BHO: Class - {A427B795-B498-01D2-0E8D-3F5691575C0A} - C:\WINDOWS\ATLPA.DLL__SpybotSDDisabled (file missing)
O2 - BHO: Class - {BB37280E-3BA4-0CF4-3710-D1E7E658044E} - C:\WINDOWS\APIHV.DLL (disabled by BHODemon)
O2 - BHO: Class - {8A0A5ADF-7A8C-32FE-3C21-5F2346F51F00} - C:\WINDOWS\SYSTEM\ADDEF32.DLL (disabled by BHODemon)
O2 - BHO: Class - {DAA69B78-A5B5-4351-2EF0-1C8D02F02A82} - C:\WINDOWS\SYSTEM\IPAS32.DLL (disabled by BHODemon)
O2 - BHO: Class - {CF536988-EE50-E2B0-2D9E-8E95C2CE963D} - C:\WINDOWS\MFCPG.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {00000000-0008-5041-4354-0020e48020af} - (no file)
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [EXPLORER.EXE] C:\WINDOWS\EXPLORER.EXE
O4 - HKLM\..\Run: [ePrint 4.0 Service] C:\PROGRA~1\LEADTE~1\LEADTO~1\BIN\EPRINT4.EXE
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashserv.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: SpywareGuard Control Panel.lnk.disabled
O4 - Startup: SystemSuite.lnk.disabled
O4 - Startup: Screen Saver Control.lnk.disabled
O4 - Startup: Quicken Startup.lnk.disabled
O4 - Startup: Quicken Scheduled Updates.lnk.disabled
O4 - Startup: BHODemon 2.0.lnk.disabled
O4 - Startup: 12Ghosts Popup-Killer.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download by Net Transport - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTAddLink.html
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTAddList.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnview95.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.113.138,85.255.112.18
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Also if you have any programs that may prevent system changes (like Spybot's TeaTimer program, Ad-aware's Ad-Watch, and others), make sure you disable them before doing any of the fixes (or accept the changes for the fix we give you when asked by the programs).

Go to My Computer->Tools (or View)->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders (it's Show all files for Windows 98).
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure you downloaded, installed, updated and ran these programs (run in Safe Mode) already - Ad-aware, Spybot and Ewido (only if you have Windows 2000 or XP). If you didn't, do them now. For more information, go to http://www.greyknigh...com/spyware.htm

Download CWShredder at http://www.greyknigh.../CWShredder.exe and run it. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingc...howtutorial=61). Make sure to close any open browsers.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A3CBFECE-B369-7906-33A1-F2844A88D232} - (no file)
O2 - BHO: Class - {88F6BCD2-B9F7-4F89-8993-FC67C0821327} - C:\WINDOWS\SYSTEM\JAVAFG32.DLL__SpybotSDDisabled (file missing)
O2 - BHO: Class - {A427B795-B498-01D2-0E8D-3F5691575C0A} - C:\WINDOWS\ATLPA.DLL__SpybotSDDisabled (file missing)
O2 - BHO: Class - {BB37280E-3BA4-0CF4-3710-D1E7E658044E} - C:\WINDOWS\APIHV.DLL (disabled by BHODemon)
O2 - BHO: Class - {8A0A5ADF-7A8C-32FE-3C21-5F2346F51F00} - C:\WINDOWS\SYSTEM\ADDEF32.DLL (disabled by BHODemon)
O2 - BHO: Class - {DAA69B78-A5B5-4351-2EF0-1C8D02F02A82} - C:\WINDOWS\SYSTEM\IPAS32.DLL (disabled by BHODemon)
O2 - BHO: Class - {CF536988-EE50-E2B0-2D9E-8E95C2CE963D} - C:\WINDOWS\MFCPG.DLL
O3 - Toolbar: (no name) - {00000000-0008-5041-4354-0020e48020af} - (no file)
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.113.138,85.255.112.18


Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

c:\windows\system\javafg32.dll
c:\windows\atlpa.dll
c:\windows\apihv.dll
c:\windows\system\addef32.dll
c:\windows\system\ipas32.dll
c:\windows\mfcpg.dll


Restart and run a new HijackThis scan. Save the log file and post it here.
  • 0

#3
bloodyhell

bloodyhell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi GreyKnight17, and thanks for your help and prompt response. I did run Spybot, Ad-aware & CWShredder already, though not in safe mode ... and that is a wee bit of a problem! I forgot to mention my system is dual boot WinMe on my primary (where I have my problems), and XP Pro on a separate drive, partition 5. I've searched the internet (including your suggested site) for ways to boot into safe mode, followed all ways, yet neither O/S will boot into safe mode. If my problems weren't on ME I would use BartPE to boot with. Can I follow your instructions using my alternate O/S to delete files that would be in-accessible?


Thank you once again, your help is APPRECIATED VERY MUCH!!!
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
So you can't boot to Safe Mode? I just took a look at that link (hope you figured out the problem with the extra ) in the end. It's suppose to be:

http://www.bleepingc...showtutorial=61

It should work. Try again with F5 or F8 keys.
  • 0

#5
bloodyhell

bloodyhell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks ... it seems safe mode isn't quite the same on a dual boot, apparently (unless I'm stupid!!!!) it seems it's interleaved with MSCONFIG. I may have jumped a little ahead of the game, but I figured whatever I should delete after a full check, I should just as well do in the meantime, so I have deleted all files/folders (there were only files though), you recomended to delete ( using my alternate O/S), and deleted all you said to delete in HJT, as well as a few I know were poo-poo. I have restarted IE ... no more error problems! And so far, no more 0Kbs .EXE files have popped up in my windows or windows/system dirs, all definitely looks better, but I will run everything once more to see.


BTW: Have I told you lately that I love you? Your help has been incredible, THANK YOU SO VERY MUCH!!!!!!!!!!
  • 0

#6
bloodyhell

bloodyhell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi, I've run everything again, re-booted, and run HJT ( it seems everything is good), here's the log, but first ...;

1) A VERY SPECIAL Thank you to Greyknight17, you are a true gentleman and fixer of broken FREDS ([bleep]in' Rediculous Electronic Devices).

2) Thank you to this forum and all such forums for being, and all the kind souls that donate their time to help others such as myself.

3) Always pay respect & show gratitude to others that do their best to help you out, they do so for nothing other than your appreciation and their own generosity.



Logfile of HijackThis v1.99.1
Scan saved at 12:35:11 AM, on 16/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\LEAD TECHNOLOGIES, INC\LEADTOOLS EPRINT IV\BIN\EPRINT4.EXE
C:\WINDOWS\SYSTEM\VNICMON.EXE
C:\PROGRAM FILES\LEAD TECHNOLOGIES, INC\LEADTOOLS EPRINT IV\BIN\LPSVS04N.EXE
C:\PROGRAM FILES\THE CLEANER\TCA.EXE
C:\PROGRAM FILES\THE CLEANER\TCM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HJT APP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [EXPLORER.EXE] C:\WINDOWS\EXPLORER.EXE
O4 - HKLM\..\Run: [ePrint 4.0 Service] C:\PROGRA~1\LEADTE~1\LEADTO~1\BIN\EPRINT4.EXE
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashserv.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: SpywareGuard Control Panel.lnk.disabled
O4 - Startup: SystemSuite.lnk.disabled
O4 - Startup: Screen Saver Control.lnk.disabled
O4 - Startup: Quicken Startup.lnk.disabled
O4 - Startup: Quicken Scheduled Updates.lnk.disabled
O4 - Startup: BHODemon 2.0.lnk.disabled
O4 - Startup: 12Ghosts Popup-Killer.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download by Net Transport - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTAddLink.html
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTAddList.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnview95.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

... once again, THANK YOU

The Vinman
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Amen to that Vinman :tazz:

We're all here to help and glad to do it. It can be frustrating at times, but if we hang on we can usually fix up any spyware/virus infected computer :)

Basically all clear now. Just fix these in HijackThis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


No need for a new log.

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#8
bloodyhell

bloodyhell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I'm good to go ... and once again, MY SINCEREST THANKS!!!!
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP