1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

atiupdate - problems

Discussion in 'Virus & Other Malware Removal' started by java-hi, Apr 2, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. java-hi

    java-hi Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    18
    I seem to have atiupdate on my startup menu for Windows 98 and this is really slowing down my computer. I've tried to disable but it won't go away.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    go to http://www.thespykiller.co.uk/files/HijackThis.exe and download 'Hijack This!'.
    make sure it is placed into it's own folder, not a temporary folder. Then doubleclick the Hijackthis.exe.
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  3. java-hi

    java-hi Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    18
    I noticed that flrman1 had helped someone else out with this same problem earlier - I followed most of his instructions.

    Downloaded "Hijack This" to it's own folder in my documents.

    Then went to find the atiupdate folder - but there was no folder just an icon of a screen. That's where I started to get confused.
     
  4. java-hi

    java-hi Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    18
    Here is a copy of the log.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:10:36 PM, on 4/2/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\3CMLNKW.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\HPZTSB04.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\SPYHUNTER\POPUPBLOCKER\ENIGMAPOPUPSTOP.EXE
    C:\WINDOWS\ATIUPDATE5.EXE
    C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\ATIUPDATE5.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.tinybar.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server224.smartbotpro.net/7search/?002-nhp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server224.smartbotpro.net/7search/?003-nhp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ao.lop.com/passthrough/index.html?http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.rightfinder.net/search/
    R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL
    F1 - win.ini: run=C:\WINDOWS\svcpack.exe
    O1 - Hosts: 66.118.163.109 auto.search.msn.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {211BFEA0-0194-11D8-82C3-444553540000} - C:\WINDOWS\SYSTEM\JJAVAEE.DLL
    O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL
    O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\SYSTEM\DREPLACE.DLL
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ESSOLO] ESSOLO.EXE
    O4 - HKLM\..\Run: [3Cmlink] c:\windows\SYSTEM\3cmlnkW.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [[email protected]] C:\WINDOWS\SYSTEM\Jfm38U2.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [atiupdate] C:\WINDOWS\ATIUPDATE5.EXE
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O13 - WWW. Prefix: http://ehttp.cc/?
    O15 - Trusted Zone: http://chat.msn.com
    O15 - Trusted Zone: *.waitsex.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pot9_x.cab
    O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud2.sports.sc5.yahoo.com/java/y/nflgcst1008_x.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_27/QDow.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38076.4734722222
    O19 - User stylesheet: C:\WINDOWS\my.css
    O19 - User stylesheet: C:\WINDOWS\my.css (HKLM)
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    First download CWshredder from http://www.thespykiller.co.uk then Run it
    Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.

    and make sure you follow the advice about the security updates listed on the last page, in order to prevent re-infection, otherwise you will be continually reinfected
    the patches are :
    http://support.microsoft.com/default.aspx?kbid=828026
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-011.asp
    *Note: The simplest way to make sure you have all the security patches is to go to Windows update and install all "Critical Updates & service Packs"

    then reboot &

    then

    Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

    Spybot - Search & Destroy from http://security.kolla.de
    AdAware 6 from http://www.lavasoft.de/support/download


    Run Sybot S&D

    After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

    Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

    then reboot &

    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
    the current ref file should read at least 01R279 31.03.2004 or a higher number/later date

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

    reboot again

    then post a new hijackthis log to check what is left
     
  6. java-hi

    java-hi Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    18
    I have most of the software / virus scans you stated, and they are up to date as well as my MS which I updated on Tuesday, I just need to run CWshredder and then I will see what happens,

    Thank you - your information hopefully will solve this problem, but I will be back to see what happens.
     
  7. java-hi

    java-hi Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    18
    I followed the instructions given to me by Derek, only find that I now have a larger problem.

    The computer reboots itself every 15 minutes - so I have to make this quick.....

    I downloaded CWshredder as requested - but I got a message regarding 2 entries - and was told to ask before deleting those - which were: Windows\wcuninst.exe & Windows\uninstcc.exe

    Should I delete these?

    I then downloaded spybot - and there's where my problems started. It doesn't get even 1/3 of the way through the test before the computer crashes - totally shuts down.....

    Please help.
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I don't think the wcuninst.exe & uninstcc.exe files are a problem so leave those.

    We'll deal with the Spybot problem later.

    Let's see what your Hijack This log looks like now.
     
  9. java-hi

    java-hi Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    18
    Logfile of HijackThis v1.97.7
    Scan saved at 4:06:23 PM, on 4/2/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\3CMLNKW.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\HPZTSB04.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\SPYHUNTER\POPUPBLOCKER\ENIGMAPOPUPSTOP.EXE
    C:\WINDOWS\ATIUPDATE5.EXE
    C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ao.lop.com/passthrough/index.html?http://www.yahoo.com/
    R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL
    F1 - win.ini: run=C:\WINDOWS\svcpack.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {211BFEA0-0194-11D8-82C3-444553540000} - C:\WINDOWS\SYSTEM\JJAVAEE.DLL
    O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ESSOLO] ESSOLO.EXE
    O4 - HKLM\..\Run: [3Cmlink] c:\windows\SYSTEM\3cmlnkW.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [[email protected]] C:\WINDOWS\SYSTEM\Jfm38U2.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [atiupdate] C:\WINDOWS\ATIUPDATE5.EXE
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O15 - Trusted Zone: http://chat.msn.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pot9_x.cab
    O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud2.sports.sc5.yahoo.com/java/y/nflgcst1008_x.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_27/QDow.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38076.4734722222
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    This looks like the peper trojan so before I get to the rest in your log do this:

    Run this uninstaller to get rid of the peper.a trojan:

    http://www.zerosrealm.com/downloads/uninst.exe

    *Note: Just click on the uninst.exe and let it run. When it is finished it will just close. There will be no dialogue. Also you must be connected to the internet for the uninstaller to be effective.

    Then post another log.
     
  11. java-hi

    java-hi Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    18
    Ok - I'll try that and be right back. I've been running AVG and it seems that I now have quite a library of programs building.... I really appreciate your assistance and I'll be right back...

    Mahalo.....
     
  12. java-hi

    java-hi Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    18
    Ok - done.... and it was quick and quiet.
     
  13. java-hi

    java-hi Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    18
    Do I need to reboot?
     
  14. java-hi

    java-hi Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    18
    Copy of my log - but I did not reboot?

    Logfile of HijackThis v1.97.7
    Scan saved at 4:24:51 PM, on 4/2/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\3CMLNKW.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\HPZTSB04.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\SPYHUNTER\POPUPBLOCKER\ENIGMAPOPUPSTOP.EXE
    C:\WINDOWS\ATIUPDATE5.EXE
    C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ao.lop.com/passthrough/index.html?http://www.yahoo.com/
    R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL
    F1 - win.ini: run=C:\WINDOWS\svcpack.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {211BFEA0-0194-11D8-82C3-444553540000} - C:\WINDOWS\SYSTEM\JJAVAEE.DLL
    O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ESSOLO] ESSOLO.EXE
    O4 - HKLM\..\Run: [3Cmlink] c:\windows\SYSTEM\3cmlnkW.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [[email protected]] C:\WINDOWS\SYSTEM\Jfm38U2.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [atiupdate] C:\WINDOWS\ATIUPDATE5.EXE
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O15 - Trusted Zone: http://chat.msn.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pot9_x.cab
    O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud2.sports.sc5.yahoo.com/java/y/nflgcst1008_x.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_27/QDow.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38076.4734722222
     
  15. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    reboot then post another HiJackThis log
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/216917

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice