can't get rid of spotsresults

heraser · 13-Nov-2004, 03:43 PM #1

Help! I am running windows 98 and have added adware, Zonealert Pro 5 spysweeper after becoming infected. I get errors trying to load Norton Antivirus 5

and I have been infected with the spotresults.com trogan and cannot get rid of lookatme and tvmedia and other hidden files. I read that others have been helped to rid their machines and I have downloaded hijack to show my files.

Logfile of HijackThis v1.98.2
Scan saved at 3:15:23 PM, on 11/13/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\PROGRAM FILES\SYMANTEC\GHOST\NGSERVER.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYMANTEC\GHOST\BIN\RTENG6.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\ASISTAT.EXE
C:\WINDOWS\SYSTEM\ASISERVE.EXE
C:\AMAPRT\MAINSRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\AUTOMATIC UPDATE\AUTOUPDATE.EXE
C:\AMAPRT\AMAPRT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\AMAPRT\COMADAPT.EXE
C:\PROGRAM FILES\BROTHER\BRMFL03A\BRSTDVPT.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS1982.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...LC=0409&c=1c00
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...rchbar&LC=0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\TV MEDIA\TVMBHO.DLL
F1 - win.ini: load=ASISTAT
F1 - win.ini: run=C:\AMAPRT\MAINSRV.EXE
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [AutoUpdate] C:\Program Files\Automatic Update\AutoUpdate.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IndexSearch] c:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "c:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "c:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [Create A Monster] C:\Program Files\Kudd.com\createAMonster.exe -run
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [NGServer] C:\PROGRAM FILES\SYMANTEC\GHOST\NGSERVER.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: Netnews - {3917F6B6-C2C3-43E7-A3B2-FC1851FF6FF8} - news:worldnet.help.new-users (file missing) (HKCU)
O15 - Trusted Zone: http://1a.mia.farm2.software.amadeuscruise.com
O15 - Trusted Zone: http://1a.mia.farm2.transport.amadeuscruise.com
O15 - Trusted Zone: http://1a.us.amadeuscruise.com
O15 - Trusted Zone: http://mia.farm1.software.amadeuscruise.com
O15 - Trusted Zone: http://mia.farm1.transport.amadeuscruise.com
O15 - Trusted Zone: http://us.amadeuscruise.com
O15 - Trusted Zone: http://1a.mia.farm2.software.amadeusvista.com
O15 - Trusted Zone: http://1a.mia.farm2.transport.amadeusvista.com
O15 - Trusted Zone: http://1a.us.amadeusvista.com
O15 - Trusted Zone: http://mia.farm1.software.amadeusvista.com
O15 - Trusted Zone: http://mia.farm1.transport.amadeusvista.com
O15 - Trusted Zone: http://us.amadeusvista.com
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://us.amadeusvista.com/common/cabs/MSIInspect.CAB
O16 - DPF: {D387ABA7-ABBC-11D3-BE8F-0000832BD4E5} (Certificates Class) - http://us.amadeusvista.com/common/ca...ficateinfo.CAB
O16 - DPF: {B956D137-675A-11D3-8F91-00008321C804} (VistaPatchControl.PatchVersion) - http://mia.farm1.software.amadeusvis...pdate_3400.cab
O16 - DPF: {47850BF2-27DB-11D3-8F86-00008321C804} (CCLib24.ComCore) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\CCLib24.CAB
O16 - DPF: {1F660407-A709-11D3-929C-000083262DFF} (Macro_API12.Macro) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\Macro_API12.CAB
O16 - DPF: {4703BE39-7264-11D3-929C-000083262DFF} (EvtCatcher Class) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\EventCatcher1.CAB
O16 - DPF: {B6A232E4-DB12-11D1-9A09-0000832F03C7} (Version Class) - http://us.amadeusprintservices.com/p...r/PrtVista.CAB
O16 - DPF: {018CB5B6-732B-11D2-BE7F-0000832F03C7} (AmadeusProPrinter Class) - http://us.amadeusvista.com/proprinter/PrtVista.CAB
O16 - DPF: {814D8336-939B-11D3-8C90-10005A78235D} (AmadeusAppShell.clsAppShell) - https://www.us.e-amadeus.net/AAppShell.CAB
O16 - DPF: {47F591A1-8783-11D2-8343-00A0C945A819} - http://download.richfx.com/player/release/vpsetup.cab
O16 - DPF: {0922DF95-45E3-11D4-8FB3-0000832316A3} (CCLib27.ComCore) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\CCLib27.CAB
O16 - DPF: {A163A5E7-4CDE-11D4-929C-000083262DFF} (Macro_API16.Macro) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\Macro_API16.CAB
O16 - DPF: {1F98B4A1-B950-11D3-929C-000083262DFF} (EvtCatcher Class) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\EventCatcher2.CAB
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://bs.amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {47111E68-BF8A-11D3-BE9C-000083231733} (PS Class) - file://C:\Program Files\Amadeus Vista\EmulatorV2\HaWpSession.CAB
O16 - DPF: {E939825E-C766-11D3-BE9F-00008321B79B} (MultiUIContainer Class) - file://C:\Program Files\Amadeus Vista\EmulatorV2\HaWpContainer.CAB
O16 - DPF: {42DA5844-5403-11D4-A837-00008321B7D9} (Amadeus SessionManager Object) - file://C:\Program Files\Amadeus Vista\EmulatorV2\s1aHaSessionManager.CAB
O16 - DPF: {6BD852FB-95C6-11D3-BE77-000083262E27} (Amadeus ComCore Emulator) - file://C:\Program Files\Amadeus Vista\EmulatorV2\s1aHaPsComCoreCnx.CAB
O16 - DPF: {7D0D2FBD-2BCB-11D4-8FB3-0000832316A3} (CruisePatchControl.PatchVersion) - http://mia.farm1.software.amadeuscru...Patch_3322.cab
O16 - DPF: {47ACF15A-A449-11D4-8FB8-0000832316A3} (CCLib28.ComCore) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\CCLib28.CAB
O16 - DPF: {E037FC50-FE36-11D3-BEEB-00008322EEB5} (PPUpdate Class) - http://us.amadeusvista.com/proprinter/PPUpdateATL.CAB
O16 - DPF: {9C067552-A98D-11D3-BE8E-0000832BD4E5} (CCCertInfo4 Class) - http://bs.amadeusvista.com/common/ca...ficateinfo.CAB
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://bs.amadeusvista.com/Automatic...oUpdateATL.CAB
O16 - DPF: {66307575-235E-11D5-8FC2-000102A31C71} (CCLib29.ComCore) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\CCLib29.CAB
O16 - DPF: {3C7BFF10-245A-11D5-A8B3-000102A7C93C} (EvtCatcher Class) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\EventCatcher3.CAB
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://bs.amadeusvista.com/common/cabs/AmadeusInit.CAB
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - http://h30155.www3.hp.com/ediags/gs/install/hpxml.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/...dsolutions.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab

**cybertech** · 14-Nov-2004, 01:44 PM #2

Hi heraser, Welcome to TSG!!

Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Restart your computer and post another log.

heraser · 17-Nov-2004, 06:12 PM #3

Thank you for the response. I will not be able to follow up until this weekend. I will post my results then.

heraser

**cybertech** · 17-Nov-2004, 06:19 PM #4

OK

heraser · 27-Nov-2004, 04:53 PM #5

I installed, updated and then ran adware. My computer screen is now looking faded and I cannot adjust it back to normal. Here is the log.
Logfile of HijackThis v1.98.2
Scan saved at 4:49:18 PM, on 11/27/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\PROGRAM FILES\SYMANTEC\GHOST\NGSERVER.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYMANTEC\GHOST\BIN\RTENG6.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\ASISTAT.EXE
C:\WINDOWS\SYSTEM\ASISERVE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\AUTOMATIC UPDATE\AUTOUPDATE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\BROTHER\BRMFL03A\BRSTDVPT.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE
C:\MY DOCUMENTS\A HIGHJACK THIS\HIJACKTHIS1982.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...LC=0409&c=1c00
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...rchbar&LC=0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
F1 - win.ini: load=ASISTAT
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [AutoUpdate] C:\Program Files\Automatic Update\AutoUpdate.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IndexSearch] c:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "c:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "c:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [Create A Monster] C:\Program Files\Kudd.com\createAMonster.exe -run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [NGServer] C:\PROGRAM FILES\SYMANTEC\GHOST\NGSERVER.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: Netnews - {3917F6B6-C2C3-43E7-A3B2-FC1851FF6FF8} - news:worldnet.help.new-users (file missing) (HKCU)
O15 - Trusted Zone: http://1a.mia.farm2.software.amadeuscruise.com
O15 - Trusted Zone: http://1a.mia.farm2.transport.amadeuscruise.com
O15 - Trusted Zone: http://1a.us.amadeuscruise.com
O15 - Trusted Zone: http://mia.farm1.software.amadeuscruise.com
O15 - Trusted Zone: http://mia.farm1.transport.amadeuscruise.com
O15 - Trusted Zone: http://us.amadeuscruise.com
O15 - Trusted Zone: http://1a.mia.farm2.software.amadeusvista.com
O15 - Trusted Zone: http://1a.mia.farm2.transport.amadeusvista.com
O15 - Trusted Zone: http://1a.us.amadeusvista.com
O15 - Trusted Zone: http://mia.farm1.software.amadeusvista.com
O15 - Trusted Zone: http://mia.farm1.transport.amadeusvista.com
O15 - Trusted Zone: http://us.amadeusvista.com
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://us.amadeusvista.com/common/cabs/MSIInspect.CAB
O16 - DPF: {D387ABA7-ABBC-11D3-BE8F-0000832BD4E5} (Certificates Class) - http://us.amadeusvista.com/common/ca...ficateinfo.CAB
O16 - DPF: {B956D137-675A-11D3-8F91-00008321C804} (VistaPatchControl.PatchVersion) - http://mia.farm1.software.amadeusvis...pdate_3400.cab
O16 - DPF: {47850BF2-27DB-11D3-8F86-00008321C804} (CCLib24.ComCore) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\CCLib24.CAB
O16 - DPF: {1F660407-A709-11D3-929C-000083262DFF} (Macro_API12.Macro) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\Macro_API12.CAB
O16 - DPF: {4703BE39-7264-11D3-929C-000083262DFF} (EvtCatcher Class) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\EventCatcher1.CAB
O16 - DPF: {B6A232E4-DB12-11D1-9A09-0000832F03C7} (Version Class) - http://us.amadeusprintservices.com/p...r/PrtVista.CAB
O16 - DPF: {018CB5B6-732B-11D2-BE7F-0000832F03C7} (AmadeusProPrinter Class) - http://us.amadeusvista.com/proprinter/PrtVista.CAB
O16 - DPF: {814D8336-939B-11D3-8C90-10005A78235D} (AmadeusAppShell.clsAppShell) - https://www.us.e-amadeus.net/AAppShell.CAB
O16 - DPF: {47F591A1-8783-11D2-8343-00A0C945A819} - http://download.richfx.com/player/release/vpsetup.cab
O16 - DPF: {0922DF95-45E3-11D4-8FB3-0000832316A3} (CCLib27.ComCore) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\CCLib27.CAB
O16 - DPF: {A163A5E7-4CDE-11D4-929C-000083262DFF} (Macro_API16.Macro) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\Macro_API16.CAB
O16 - DPF: {1F98B4A1-B950-11D3-929C-000083262DFF} (EvtCatcher Class) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\EventCatcher2.CAB
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://bs.amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {47111E68-BF8A-11D3-BE9C-000083231733} (PS Class) - file://C:\Program Files\Amadeus Vista\EmulatorV2\HaWpSession.CAB
O16 - DPF: {E939825E-C766-11D3-BE9F-00008321B79B} (MultiUIContainer Class) - file://C:\Program Files\Amadeus Vista\EmulatorV2\HaWpContainer.CAB
O16 - DPF: {42DA5844-5403-11D4-A837-00008321B7D9} (Amadeus SessionManager Object) - file://C:\Program Files\Amadeus Vista\EmulatorV2\s1aHaSessionManager.CAB
O16 - DPF: {6BD852FB-95C6-11D3-BE77-000083262E27} (Amadeus ComCore Emulator) - file://C:\Program Files\Amadeus Vista\EmulatorV2\s1aHaPsComCoreCnx.CAB
O16 - DPF: {7D0D2FBD-2BCB-11D4-8FB3-0000832316A3} (CruisePatchControl.PatchVersion) - http://mia.farm1.software.amadeuscru...Patch_3322.cab
O16 - DPF: {47ACF15A-A449-11D4-8FB8-0000832316A3} (CCLib28.ComCore) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\CCLib28.CAB
O16 - DPF: {E037FC50-FE36-11D3-BEEB-00008322EEB5} (PPUpdate Class) - http://us.amadeusvista.com/proprinter/PPUpdateATL.CAB
O16 - DPF: {9C067552-A98D-11D3-BE8E-0000832BD4E5} (CCCertInfo4 Class) - http://bs.amadeusvista.com/common/ca...ficateinfo.CAB
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://bs.amadeusvista.com/Automatic...oUpdateATL.CAB
O16 - DPF: {66307575-235E-11D5-8FC2-000102A31C71} (CCLib29.ComCore) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\CCLib29.CAB
O16 - DPF: {3C7BFF10-245A-11D5-A8B3-000102A7C93C} (EvtCatcher Class) - file://C:\Program Files\Amadeus Vista\ComCoreDownload\EventCatcher3.CAB
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://bs.amadeusvista.com/common/cabs/AmadeusInit.CAB
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - http://h30155.www3.hp.com/ediags/gs/install/hpxml.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/...dsolutions.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab

**cybertech** · 28-Nov-2004, 04:05 PM #6

Run HJT again and put a check in the following:

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [AutoUpdate] C:\Program Files\Automatic Update\AutoUpdate.exe
O4 - Startup: PowerReg SchedulerV2.exe

Close all applications and browser windows before you click "fix checked".

Reboot.

Delete this folder: C:\Program Files\Automatic Update

What is all the Amadeus stuff?

Tag Cloud
alureon.h audio bios blue screen broken bsod computer connection cpu crash dell driver drivers dvd error ethernet excel firefox google graphics card hardware install internet internet explorer itunes keyboard lan laptop mac malware monitor network outlook password power printer problem router screen sound spyware trojan video virus vista windows windows 7 windows 7 32-bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!