1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

computer driving me crazy! need help! thanks- have hijackthis log :)

Discussion in 'Virus & Other Malware Removal' started by anarmywife, Apr 14, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. anarmywife

    anarmywife Thread Starter

    Joined:
    Apr 18, 2003
    Messages:
    34
    hi, my computer is driving me crazy!!! it keeps on getting hijacked all of the time (my dh thinks it is from our cable modem), and we are getting viruses like crazy. it continuiously freezes up. i have bought a firewall & virus scan program (defender pro?) but the computer freezes so i cant install the firewall... and it turns off the virus scan. i have ran bazooka, and am in the process of trying to fix all of the things it says- but i hope that i can get some help from the wonderful people here! thanks soooooo much, all of the help is appreciated!
    Logfile of HijackThis v1.97.7
    Scan saved at 7:12:14 PM, on 4/14/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://0-OL1OIZ-XOLXII1-OXLI10OZL1L...OL.COM/92671ac527/ac00krtyx_65v/ogsearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
    R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: com
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
    O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
    O3 - Toolbar: (no name) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - (no file)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AEHKN] C:\WINDOWS\AEHKN.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe
    O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYWORD.exe
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [PGStub.exe] C:\DP-B23011805.EXE
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
    O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
    O4 - HKLM\..\Run: [PJLRTV9W.EXE] C:\WINDOWS\PJLRTV9W.EXE /dk
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [PJLRTV9W.EXE] C:\WINDOWS\PJLRTV9W.EXE /dk
    O4 - Startup: NFVK40PH.lnk = C:\WINDOWS\nfvk40ph.exe
    O4 - Startup: 9AVLRD1A.lnk = C:\WINDOWS\9avlrd1a.exe
    O4 - Startup: 0IVT3H00.lnk = C:\WINDOWS\0ivt3h00.exe
    O4 - Startup: BE7T4DQH.lnk = C:\WINDOWS\be7t4dqh.exe
    O4 - Startup: JEG5HA7A.lnk = C:\WINDOWS\jeg5ha7a.exe
    O4 - Startup: PJLRTV9W.lnk = C:\WINDOWS\pjlrtv9w.exe
    O4 - Global Startup: 8WANMBMT.lnk = ?
    O4 - Global Startup: NFVK40PH.lnk = C:\WINDOWS\nfvk40ph.exe
    O4 - Global Startup: M1TR13EW.lnk = C:\WINDOWS\m1tr13ew.exe
    O4 - Global Startup: 2KFY1H4C.lnk = C:\WINDOWS\2kfy1h4c.exe
    O4 - Global Startup: X7TEXVX2.lnk = C:\WINDOWS\x7texvx2.exe
    O4 - Global Startup: O2OR00FD.lnk = C:\WINDOWS\o2or00fd.exe
    O4 - Global Startup: V8WHQ6R7.lnk = C:\WINDOWS\v8whq6r7.exe
    O4 - Global Startup: EC281N7L.lnk = C:\WINDOWS\ec281n7l.exe
    O4 - Global Startup: tbbnnxh8.lnk = ?
    O4 - Global Startup: 5RNUJPZ6.lnk = C:\WINDOWS\5rnujpz6.exe
    O4 - Global Startup: 8ZHU5LLE.lnk = C:\WINDOWS\8zhu5lle.exe
    O4 - Global Startup: ZA658QF6.lnk = C:\WINDOWS\za658qf6.exe
    O4 - Global Startup: D55XPABR.lnk = C:\WINDOWS\d55xpabr.exe
    O4 - Global Startup: DVWQL5YN.lnk = C:\WINDOWS\dvwql5yn.exe
    O4 - Global Startup: YV04YILM.lnk = ?
    O4 - Global Startup: PR533214.lnk = C:\WINDOWS\pr533214.exe
    O4 - Global Startup: YZRX6ULN.lnk = C:\WINDOWS\yzrx6uln.exe
    O4 - Global Startup: 1UOO0KRM.lnk = C:\WINDOWS\1uoo0krm.exe
    O4 - Global Startup: YNLE0GLN.lnk = C:\WINDOWS\ynle0gln.exe
    O4 - Global Startup: RBE3ZM3K.lnk = C:\WINDOWS\rbe3zm3k.exe
    O4 - Global Startup: BA0MX73Z.lnk = C:\WINDOWS\ba0mx73z.exe
    O4 - Global Startup: mpcx356d.lnk = ?
    O4 - Global Startup: 7ZJ7C61G.lnk = C:\WINDOWS\7zj7c61g.exe
    O4 - Global Startup: 9OYMA608.lnk = C:\WINDOWS\9oyma608.exe
    O4 - Global Startup: 5U2PRO07.lnk = C:\WINDOWS\5u2pro07.exe
    O4 - Global Startup: M7QYBYFT.lnk = C:\WINDOWS\m7qybyft.exe
    O4 - Global Startup: JX3EMLXU.lnk = C:\WINDOWS\jx3emlxu.exe
    O4 - Global Startup: UOLBIZE1.lnk = C:\WINDOWS\uolbize1.exe
    O4 - Global Startup: PDOHWRBK.lnk = C:\WINDOWS\pdohwrbk.exe
    O4 - Global Startup: 74OZBIAJ.lnk = C:\WINDOWS\74ozbiaj.exe
    O4 - Global Startup: EXGU5FNP.lnk = C:\WINDOWS\exgu5fnp.exe
    O4 - Global Startup: 0K8F5BP1.lnk = C:\WINDOWS\0k8f5bp1.exe
    O4 - Global Startup: IMI2QPU0.lnk = C:\WINDOWS\imi2qpu0.exe
    O4 - Global Startup: wujplqtp.lnk = ?
    O4 - Global Startup: J2UDWL21.lnk = C:\WINDOWS\j2udwl21.exe
    O4 - Global Startup: X4E153BI.lnk = C:\WINDOWS\x4e153bi.exe
    O4 - Global Startup: A21P4YQ1.lnk = C:\WINDOWS\a21p4yq1.exe
    O4 - Global Startup: A80VI7JT.lnk = C:\WINDOWS\a80vi7jt.exe
    O4 - Global Startup: 9AVLRD1A.lnk = C:\WINDOWS\9avlrd1a.exe
    O4 - Global Startup: 0IVT3H00.lnk = C:\WINDOWS\0ivt3h00.exe
    O4 - Global Startup: BE7T4DQH.lnk = C:\WINDOWS\be7t4dqh.exe
    O4 - Global Startup: JEG5HA7A.lnk = C:\WINDOWS\jeg5ha7a.exe
    O4 - Global Startup: PJLRTV9W.lnk = C:\WINDOWS\pjlrtv9w.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra 'Tools' menuitem: AV Home (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} - http://esupport.aol.com/engine/aolcoach.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
    O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38041.7687615741
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/flash.cab
    O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} (IEFeature Class) - http://www.popmonster.com/control/src/iefeatures.ocx
    O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.230.146.53/EPlugin_US.cab
    O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx
    O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedblaster3/SpeedBlasterT_3.0.7_B4.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/new/bridge.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4339/mcfscan.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = charter.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You have got a whole host of problems! :eek:

    For one you have the Adtomi parasite. To get rid of Adtomi run this script put together by Mosaic1:

    Click here to download 9xAdtomi Cleanup.zip.

    Unzip the files to a folder of your choice.

    Now see if there is an Adtomi or yahoo stocks icon in your system tray , it might be a red ?? and if so right click and select remove , you must be online for this part

    --A web page from Adtomi would appear "-uninstall was succesful!".

    *Note: Not all infections have this icon, so if you don't have it just proceed with the rest.


    Now go offline before proceeding with the rest of these instructions.


    If you have a Script Blocking Program enabled, disable it first so the scripts may run.

    Next press CTRL+ ALT+DEL to bring up task manager, look in applications for this file PJLRTV9W.EXE and End Task on it. Open Task Manager again and make sure it is gone.
    If it isn't listed in the applications, then look in processes tab.

    Close all open windows, open the Adtomi cleanup folder and Double Click Cleanup.bat then close the Adtomi cleanup folder while the cleanup.bat file runs.

    *NOTE: DO NOT Touch the VBS files. The bat file will run the scripts all by itself.

    It will:

    Remove the Adtomi Spyware files from the Windows Folder
    Clean the Startup Folders
    Create Backups of the Adtomi exe files it deletes and save them in this folder
    Create a list of all oddly named files deleted from the Windows Folder
    Uninstall the Browserhelper.dll browser plugin
    Start HijackThis and give you directions on what to remove.


    When you have finished please restart the computer.

    Go to the folder that you extracted the Adtomi cleanup files to and find the Adtomi.txt file. Copy and paste the contents of that text file here along with a fresh Hijack This log.


    After you have completed that please do the following:


    Go here and download Adaware 6 Build 181

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

    Make sure the following settings are made and on -------ON=GREEN

    From main window :Click Start then Activate in-depth scan (recommended)

    Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

    Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

    Click proceed to save your settings.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Restart your computer.


    Then go here and download Spybot Search & Destroy.

    Install the program and launch it.

    Before scanning press Online and Search for Updates .

    Put a check mark at and install all updates.

    Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

    Restart your computer.

    Come back here and post another Hijack This log and we'll get rid of what's left.
     
  3. anarmywife

    anarmywife Thread Starter

    Joined:
    Apr 18, 2003
    Messages:
    34
    sorry it took so long :)

    here is my first log--> going to finish other things now

    Logfile of HijackThis v1.97.7
    Scan saved at 9:38:36 PM, on 4/14/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
    C:\PROGRAM FILES\DEFENDER\DEFENDER PRO ANTI-VIRUS\AVPM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://0-OL1OIZ-XOLXII1-OXLI10OZL1L...OL.COM/92671ac527/ac00krtyx_65v/ogsearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
    R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: com
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O3 - Toolbar: (no name) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - (no file)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AEHKN] C:\WINDOWS\AEHKN.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe
    O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYWORD.exe
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [PGStub.exe] C:\DP-B23011805.EXE
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
    O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra 'Tools' menuitem: AV Home (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} - http://esupport.aol.com/engine/aolcoach.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
    O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38041.7687615741
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/flash.cab
    O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} (IEFeature Class) - http://www.popmonster.com/control/src/iefeatures.ocx
    O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.230.146.53/EPlugin_US.cab
    O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx
    O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedblaster3/SpeedBlasterT_3.0.7_B4.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/new/bridge.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4339/mcfscan.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = charter.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1

    thanks so much for the help so far!
     
  4. anarmywife

    anarmywife Thread Starter

    Joined:
    Apr 18, 2003
    Messages:
    34
    4/14/04 7:56:31 PM
    C:\WINDOWS\yv04yilm.exe
    C:\WINDOWS\pr533214.exe
    C:\WINDOWS\n3jlavqf.exe
    C:\WINDOWS\j2udwl21.exe
    C:\WINDOWS\615wt9kr.exe
    C:\WINDOWS\imi2qpu0.exe
    C:\WINDOWS\y0zqxo7u.exe
    C:\WINDOWS\ki1o5zx0.exe
    C:\WINDOWS\x4e153bi.exe
    C:\WINDOWS\za658qf6.exe
    C:\WINDOWS\qewj306g.exe
    C:\WINDOWS\0k8f5bp1.exe
    C:\WINDOWS\1j7knyd5.exe
    C:\WINDOWS\knx01f6o.exe
    C:\WINDOWS\a21p4yq1.exe
    C:\WINDOWS\5342da0x.exe
    C:\WINDOWS\mpcx356d.exe
    C:\WINDOWS\v8whq6r7.exe
    C:\WINDOWS\9p2ob07d.exe
    C:\WINDOWS\dvwql5yn.exe
    C:\WINDOWS\7e5mlxqz.exe
    C:\WINDOWS\d55xpabr.exe
    C:\WINDOWS\bettn68b.exe
    C:\WINDOWS\teqjhk6j.exe
    C:\WINDOWS\aannoqf4.exe
    C:\WINDOWS\rbe3zm3k.exe
    C:\WINDOWS\8wanmbmt.exe
    C:\WINDOWS\m1tr13ew.exe
    C:\WINDOWS\2kfy1h4c.exe
    C:\WINDOWS\x7texvx2.exe
    C:\WINDOWS\1uoo0krm.exe
    C:\WINDOWS\o2or00fd.exe
    C:\WINDOWS\5u2pro07.exe
    C:\WINDOWS\ec281n7l.exe
    C:\WINDOWS\dwihcc0j.exe
    C:\WINDOWS\tnejkapw.exe
    C:\WINDOWS\9oyma608.exe
    C:\WINDOWS\wujplqtp.exe
    C:\WINDOWS\ba0mx73z.exe
    C:\WINDOWS\1t07ycej.exe
    C:\WINDOWS\5rnujpz6.exe
    C:\WINDOWS\ynle0gln.exe
    C:\WINDOWS\0crkmyl1.exe
    C:\WINDOWS\m7qybyft.exe
    C:\WINDOWS\3o9afog6.exe
    C:\WINDOWS\61t4g5wi.exe
    C:\WINDOWS\ttmaw0r0.exe
    C:\WINDOWS\yzrx6uln.exe
    C:\WINDOWS\g05w1via.exe
    C:\WINDOWS\7zj7c61g.exe
    C:\WINDOWS\jhi376pw.exe
    C:\WINDOWS\i0w6in0b.exe
    C:\WINDOWS\exgu5fnp.exe
    C:\WINDOWS\uolbize1.exe
    C:\WINDOWS\xok50xor.exe
    C:\WINDOWS\pdohwrbk.exe
    C:\WINDOWS\74ozbiaj.exe
    C:\WINDOWS\tbbnnxh8.exe
    C:\WINDOWS\jx3emlxu.exe
    C:\WINDOWS\8zhu5lle.exe
    C:\WINDOWS\a80vi7jt.exe
    C:\WINDOWS\d2l22u17.exe
    C:\WINDOWS\fr0an0qe.exe


    4/14/04 9:35:04 PM
    No Smaller Files Found

    4/14/04 9:35:11 PM
    No Larger Files Found
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Have you run Adaware and Spybot yet?
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    One more thing you can go ahead and do after you have run Adaware and Spybot.

    Click here to download LspFix

    Launch the application, and click the "I know what I'm doing" checkbox.

    Check all instances of inetadpt.dll (and nothing else) , and move them to the "Remove" pane.
    Then click Finish.

    Now start your computer in Safe Mode and delete:

    The C:\windows\system\inetadpt.dll file

    How to start your computer in safe mode
     
  7. anarmywife

    anarmywife Thread Starter

    Joined:
    Apr 18, 2003
    Messages:
    34
    sorry it took so long- adaware took FOREVER to run :) thanks so much!! will go do the other thing now as well!
    Logfile of HijackThis v1.97.7
    Scan saved at 10:48:44 PM, on 4/14/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\WINDOWS\TPPALDR.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://0-OL1OIZ-XOLXII1-OXLI10OZL1L...OL.COM/92671ac527/ac00krtyx_65v/ogsearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
    R3 - Default URLSearchHook is missing
    O1 - Hosts: com
    O3 - Toolbar: (no name) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - (no file)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AEHKN] C:\WINDOWS\AEHKN.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe
    O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra 'Tools' menuitem: AV Home (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} - http://esupport.aol.com/engine/aolcoach.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
    O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38041.7687615741
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_US.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4339/mcfscan.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = charter.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1
     
  8. anarmywife

    anarmywife Thread Starter

    Joined:
    Apr 18, 2003
    Messages:
    34
    hi- i am now finished with everything so far- it is running better- but i know that some things are still wrong...

    is there any way i can prevent this from happening again? could it be from the cable modem?

    thanks so much!
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You need to post another Hijack This log. We're not finished yet.
     
  10. anarmywife

    anarmywife Thread Starter

    Joined:
    Apr 18, 2003
    Messages:
    34
    sorry it took so long... i havent been able to get the computer to work in a day (kept freezing)

    Logfile of HijackThis v1.97.7
    Scan saved at 4:42:30 PM, on 4/16/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\WINDOWS\TPPALDR.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\DEFENDER\DEFENDER PRO ANTI-VIRUS\AVPM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://0-OL1OIZ-XOLXII1-OXLI10OZL1L...OL.COM/92671ac527/ac00krtyx_65v/ogsearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - (no file)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AEHKN] C:\WINDOWS\AEHKN.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe
    O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra 'Tools' menuitem: AV Home (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} - http://esupport.aol.com/engine/aolcoach.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
    O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38041.7687615741
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_US.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4339/mcfscan.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = charter.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://0-OL1OIZ-XOLXII1-OXLI10OZL1L...v/ogsearch.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

    R3 - Default URLSearchHook is missing

    O3 - Toolbar: (no name) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - (no file)

    O4 - HKLM\..\Run: [AEHKN] C:\WINDOWS\AEHKN.exe

    O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe

    O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab

    O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_US.cab


    Restart to safe mode.

    How to start your computer in safe mode

    First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

    Now find and delete:

    The C:\WINDOWS\AEHKN.exe file
    The C:\WINDOWS\SYSTEM\MANAGE.exe file
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/220498

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice