I jLogfile of HijackThis v1.99.1 ((((( Just did a Hijack this file. Hope I did it right. )))))
Scan saved at 5:31:55 PM, on 2/13/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLLff
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\KOHMXBC.EXE
C:\PROGRAM FILES\CAUE\SMTB.EXE
C:\PROGRAM FILES\PROLOGX5 ACCELERATOR\PROPELAC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.websearch...spx?tb_id=50141R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.websearch...spx?tb_id=50141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.websearch...spx?tb_id=50141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL
O2 - BHO: (no name) - {A339E8BF-2505-5DA1-7D21-7DC2BE564191} - C:\WINDOWS\SYSTEM\HARJ.DLL (file missing)
O2 - BHO: (no name) - {E07AA323-37CA-4567-E0B8-34D6AF400191} - C:\WINDOWS\SYSTEM\RSTR.DLL (file missing)
O2 - BHO: (no name) - {DA50F702-32E1-4A46-910F-3FA688AF65C4} - C:\WINDOWS\SYSTEM\SXACCMDP.DLL (file missing)
O2 - BHO: (no name) - {68E30346-CDF2-B450-82FE-C06934FDD59E} - C:\WINDOWS\SYSTEM\HOTDSPYJ.DLL (file missing)
O2 - BHO: (no name) - {4C760775-93C5-B931-B7AD-C559A781F3C4} - C:\WINDOWS\SYSTEM\UQRV.DLL (file missing)
O2 - BHO: (no name) - {1E205122-9E93-B130-B7AD-C559A781F3C4} - C:\WINDOWS\SYSTEM\UQRV.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {705E14EE-8C57-F0AE-2DF4-D0F88D91CCCA} - C:\WINDOWS\SYSTEM\APLB.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {7A99AB28-6C9F-476E-EC68-692313CDC899} - C:\WINDOWS\SYSTEM\XGAMV.DLL (file missing)
O2 - BHO: (no name) - {5008953F-5C8C-7721-A1EC-01D58C25E398} - C:\WINDOWS\SYSTEM\WLTEZRTM.DLL (file missing)
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\PROLOGX5 ACCELERATOR\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: (no name) - {B32C73EA-B854-9EFD-7BE1-B19EF8310792} - C:\WINDOWS\SYSTEM\AUTPDOW.DLL (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\ProLogX5 Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [Jxjlbohv] C:\WINDOWS\SYSTEM\kohmxbc.exe
O4 - HKCU\..\Run: [Etem] "C:\Program Files\caue\smtb.exe" -vt rbnd
O4 - HKCU\..\RunServices: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\RunServices: [Jxjlbohv] C:\WINDOWS\SYSTEM\kohmxbc.exe
O4 - HKCU\..\RunServices: [Etem] "C:\Program Files\caue\smtb.exe" -vt rbnd
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &Search -
http://edits.mywebse...US_ZUxdm164YYUSO8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-image.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\MY DOCUMENTS\JJ'S STUFF\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} -
http://akamai.downlo...netslv32_EN.cabO16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windup...Bridge-c139.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/...ro.cab34246.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinn...ed/wwlaunch.cabO16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) -
http://www.worldwinn...ted/haunted.cabO16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) -
http://www.mt-downlo....cab?refid=1050O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://zone.msn.com/...me/ZAxRcMgr.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/...WebLauncher.cabO16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
http://sympatico.zon.../default/gf.cabO16 - DPF: Yahoo! MahJong Solitaire -
http://download.game...s/y/mjst4_x.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CABO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.s...rl/SymAData.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec....rl/LSSupCtl.cabO16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
http://www.symantec....trl/tgctlsr.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.co...tup1.0.0.15.cabO16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - [url=http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab]http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab[/ur
Thank-You,
John God
Edited by john god, 13 February 2006 - 06:16 PM.