1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HELP!!! HJT log for review

Discussion in 'Virus & Other Malware Removal' started by SuzanS, Apr 17, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. SuzanS

    SuzanS Thread Starter

    Joined:
    Oct 30, 2003
    Messages:
    88
    My sons computer is really messed up will you get me started on clean up. I already ran spybot and adaware6.

    Thanks, Suzan


    Logfile of HijackThis v1.97.6
    Scan saved at 7:39:08 PM, on 4/17/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\WINDOWS\SNCOXCUIL.EXE
    C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
    C:\WINDOWS\WAST.EXE
    C:\WINDOWS\TEMP\WZGYFI.EXE
    C:\WINDOWS\TEMP\A49BUU.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\TEMP\YLYU.EXE
    C:\WINDOWS\SYSTEM\IEDRIVER\IEDRIVER.EXE
    C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
    C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
    C:\WINDOWS\APPLICATION DATA\SEUR.EXE
    C:\WINDOWS\SYSTEM\WNSTSSV.EXE
    C:\PROGRAM FILES\EZULA\MMOD.EXE
    C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
    C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
    C:\WINDOWS\SYSTEM\LVFN.EXE
    C:\WINDOWS\SYSTEM\SOA8P.EXE
    C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS.EXE
    C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://defaultsearching.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://defaultsearching.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://defaultsearching.com
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {61B9B07D-2B62-4C12-8A01-6530F5F7F3F9} - C:\WINDOWS\PSTFGEBN.DLL
    O2 - BHO: (no name) - {21ACB0DB-2380-4AF5-9DF4-2FFF43706BCD} - C:\WINDOWS\MYGDGD.DLL
    O2 - BHO: (no name) - {0066B2B4-5787-4D4A-82D3-D5492CB1DCAE} - C:\WINDOWS\EDWR.DLL
    O2 - BHO: (no name) - {14CAAADB-6C59-448C-99B8-B7FE923DBCA4} - C:\WINDOWS\OHIP.DLL
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [@prostus-htm] RunDll32 UDConn.dll,RunAsIcon @prostus
    O4 - HKLM\..\Run: [barcdy] C:\WINDOWS\sncoxcuil.exe
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
    O4 - HKLM\..\Run: [WZGYFI] C:\WINDOWS\TEMP\WZGYFI.EXE
    O4 - HKLM\..\Run: [A49BUU] C:\WINDOWS\TEMP\A49BUU.EXE
    O4 - HKLM\..\Run: [pivil] C:\WINDOWS\pivil.exe
    O4 - HKLM\..\Run: [YLYU] C:\WINDOWS\TEMP\YLYU.EXE
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [ydqdsp] C:\WINDOWS\ydqdsp.exe
    O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-K13W13.EXE
    O4 - HKLM\..\Run: [524JE6F2WSER6Z] C:\WINDOWS\SYSTEM\Xej7.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [aquicken] C:\WINDOWS\waol.exe
    O4 - HKCU\..\Run: [HDSPlus] C:\PROGRAM FILES\HDESKSTOPPLUS\HDSTOPPLUS.EXE
    O4 - HKCU\..\Run: [Lssr] C:\WINDOWS\Application Data\seur.exe
    O4 - HKCU\..\Run: [WNSA] C:\WINDOWS\SYSTEM\wnstssv.exe
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - HKCU\..\RunOnce: [sounddrv] C:\WINDOWS\SYSTEM\SNDBDRV3104.EXE
    O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm
    O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
    O12 - Plugin for .qcp: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npqtplugin8.dll
    O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://01.sharedsource.org/html/TriacomUD_1.0.0.1ie.cab?
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/chedownzip.cab
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
     
  2. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    You have a couple of things there ...

    First, we need to get rid of the Peper.A infection.

    Download and run this tool (you must remain online while running it):

    http://zerosrealm.com/downloads/uninst.exe

    There'll be no window nor any dialogue ... it will just run and quit. You must restart your computer afterwards.

    Then post a fresh HJT log, and we'll move to the next step.
     
  3. SuzanS

    SuzanS Thread Starter

    Joined:
    Oct 30, 2003
    Messages:
    88
    Okay, did that - new log:

    Logfile of HijackThis v1.97.6
    Scan saved at 8:01:52 PM, on 4/17/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\WINDOWS\SNCOXCUIL.EXE
    C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
    C:\WINDOWS\WAST.EXE
    C:\WINDOWS\TEMP\WZGYFI.EXE
    C:\WINDOWS\TEMP\A49BUU.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\TEMP\YLYU.EXE
    C:\WINDOWS\SYSTEM\IEDRIVER\IEDRIVER.EXE
    C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
    C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
    C:\WINDOWS\APPLICATION DATA\SEUR.EXE
    C:\WINDOWS\SYSTEM\WNSTSSV.EXE
    C:\PROGRAM FILES\EZULA\MMOD.EXE
    C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
    C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
    C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS.EXE
    C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://defaultsearching.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://defaultsearching.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://defaultsearching.com
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {61B9B07D-2B62-4C12-8A01-6530F5F7F3F9} - C:\WINDOWS\PSTFGEBN.DLL
    O2 - BHO: (no name) - {21ACB0DB-2380-4AF5-9DF4-2FFF43706BCD} - C:\WINDOWS\MYGDGD.DLL
    O2 - BHO: (no name) - {0066B2B4-5787-4D4A-82D3-D5492CB1DCAE} - C:\WINDOWS\EDWR.DLL
    O2 - BHO: (no name) - {14CAAADB-6C59-448C-99B8-B7FE923DBCA4} - C:\WINDOWS\OHIP.DLL
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [@prostus-htm] RunDll32 UDConn.dll,RunAsIcon @prostus
    O4 - HKLM\..\Run: [barcdy] C:\WINDOWS\sncoxcuil.exe
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
    O4 - HKLM\..\Run: [WZGYFI] C:\WINDOWS\TEMP\WZGYFI.EXE
    O4 - HKLM\..\Run: [A49BUU] C:\WINDOWS\TEMP\A49BUU.EXE
    O4 - HKLM\..\Run: [pivil] C:\WINDOWS\pivil.exe
    O4 - HKLM\..\Run: [YLYU] C:\WINDOWS\TEMP\YLYU.EXE
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [ydqdsp] C:\WINDOWS\ydqdsp.exe
    O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-K13W13.EXE
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [aquicken] C:\WINDOWS\waol.exe
    O4 - HKCU\..\Run: [HDSPlus] C:\PROGRAM FILES\HDESKSTOPPLUS\HDSTOPPLUS.EXE
    O4 - HKCU\..\Run: [Lssr] C:\WINDOWS\Application Data\seur.exe
    O4 - HKCU\..\Run: [WNSA] C:\WINDOWS\SYSTEM\wnstssv.exe
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - HKCU\..\RunOnce: [sounddrv] C:\WINDOWS\SYSTEM\SNDBDRV3104.EXE
    O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm
    O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
    O12 - Plugin for .qcp: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npqtplugin8.dll
    O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://01.sharedsource.org/html/TriacomUD_1.0.0.1ie.cab?
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/chedownzip.cab
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
     
  4. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Did you run Ad-Aware build 181, with reference file 01R296 16.04.2004 ??

    If not, that would save us a bunch of time here.
     
  5. SuzanS

    SuzanS Thread Starter

    Joined:
    Oct 30, 2003
    Messages:
    88
    I'll go double check and get back to you.

    Thanks!
     
  6. SuzanS

    SuzanS Thread Starter

    Joined:
    Oct 30, 2003
    Messages:
    88
    I did have the outdated adware and after i got the new one this is what showed up.
    Suzan


    Logfile of HijackThis v1.97.6
    Scan saved at 9:07:48 PM, on 4/17/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\WINDOWS\SNCOXCUIL.EXE
    C:\WINDOWS\WAST.EXE
    C:\WINDOWS\TEMP\WZGYFI.EXE
    C:\WINDOWS\TEMP\A49BUU.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
    C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
    C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNUPDATE.EXE
    C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS.EXE

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {61B9B07D-2B62-4C12-8A01-6530F5F7F3F9} - C:\WINDOWS\PSTFGEBN.DLL
    O2 - BHO: (no name) - {21ACB0DB-2380-4AF5-9DF4-2FFF43706BCD} - C:\WINDOWS\MYGDGD.DLL
    O2 - BHO: (no name) - {0066B2B4-5787-4D4A-82D3-D5492CB1DCAE} - C:\WINDOWS\EDWR.DLL
    O2 - BHO: (no name) - {14CAAADB-6C59-448C-99B8-B7FE923DBCA4} - C:\WINDOWS\OHIP.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [@prostus-htm] RunDll32 UDConn.dll,RunAsIcon @prostus
    O4 - HKLM\..\Run: [barcdy] C:\WINDOWS\sncoxcuil.exe
    O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
    O4 - HKLM\..\Run: [WZGYFI] C:\WINDOWS\TEMP\WZGYFI.EXE
    O4 - HKLM\..\Run: [A49BUU] C:\WINDOWS\TEMP\A49BUU.EXE
    O4 - HKLM\..\Run: [pivil] C:\WINDOWS\pivil.exe
    O4 - HKLM\..\Run: [YLYU] C:\WINDOWS\TEMP\YLYU.EXE
    O4 - HKLM\..\Run: [ydqdsp] C:\WINDOWS\ydqdsp.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-K13W13.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [aquicken] C:\WINDOWS\waol.exe
    O4 - HKCU\..\Run: [HDSPlus] C:\PROGRAM FILES\HDESKSTOPPLUS\HDSTOPPLUS.EXE
    O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
    O12 - Plugin for .qcp: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npqtplugin8.dll
    O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://01.sharedsource.org/html/TriacomUD_1.0.0.1ie.cab?
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/chedownzip.cab
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
     
  7. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Do you recognize this item?

    O4 - HKCU\..\Run: [HDSPlus] C:\PROGRAM FILES\HDESKSTOPPLUS\HDSTOPPLUS.EXE

    Please submit the following for evaluation to: http://submit.lavahelp.com

    Simply copy/paste the following one at a time into the box that reads "Submission File". Click "Submit new or updated target". Wait for it to upload. Repeat with the next one.

    C:\WINDOWS\svchost.exe
    C:\WINDOWS\waol.exe
    C:\WINDOWS\SYSTEM\DP-K13W13.EXE



    Run a remote on-line anti-virus scan from both of these:

    http://www.pandasoftware.com/activescan/

    http://housecall.trendmicro.com/

    Kill anything they find ...

    Then, run HJT again, close all open windows, put a checkmark next to the following items (some may not appear after the virus scan), and press "Fix Checked":

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {61B9B07D-2B62-4C12-8A01-6530F5F7F3F9} - C:\WINDOWS\PSTFGEBN.DLL
    O2 - BHO: (no name) - {21ACB0DB-2380-4AF5-9DF4-2FFF43706BCD} - C:\WINDOWS\MYGDGD.DLL
    O2 - BHO: (no name) - {0066B2B4-5787-4D4A-82D3-D5492CB1DCAE} - C:\WINDOWS\EDWR.DLL
    O2 - BHO: (no name) - {14CAAADB-6C59-448C-99B8-B7FE923DBCA4} - C:\WINDOWS\OHIP.DLL
    O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
    O4 - HKLM\..\Run: [@prostus-htm] RunDll32 UDConn.dll,RunAsIcon @prostus
    O4 - HKLM\..\Run: [barcdy] C:\WINDOWS\sncoxcuil.exe
    O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
    O4 - HKLM\..\Run: [WZGYFI] C:\WINDOWS\TEMP\WZGYFI.EXE
    O4 - HKLM\..\Run: [A49BUU] C:\WINDOWS\TEMP\A49BUU.EXE
    O4 - HKLM\..\Run: [pivil] C:\WINDOWS\pivil.exe
    O4 - HKLM\..\Run: [YLYU] C:\WINDOWS\TEMP\YLYU.EXE
    O4 - HKLM\..\Run: [ydqdsp] C:\WINDOWS\ydqdsp.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-K13W13.EXE
    O4 - HKCU\..\Run: [aquicken] C:\WINDOWS\waol.exe
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/chedownzip.cab


    Restart your computer ... and post a fresh HJT log. We'll have some manual cleanup to do if that log looks OK.

    I should think a lot of this junk came courtesy of the P2P ...
     
  8. SuzanS

    SuzanS Thread Starter

    Joined:
    Oct 30, 2003
    Messages:
    88
    No we don't know what this is, my son said it just started showing up:

    O4 - HKCU\..\Run: [HDSPlus] C:\PROGRAM FILES\HDESKSTOPPLUS\HDSTOPPLUS.EXE

    This is the error message we gotwhen trying to submit the three links:

    The file failed to upload. Here's why:
    No files were selected for uploading

    Please use your browser's back button to go back and try again.


    Will run HJT and tick the noted entries.

    Suzan
     
  9. SuzanS

    SuzanS Thread Starter

    Joined:
    Oct 30, 2003
    Messages:
    88
    New log:

    Logfile of HijackThis v1.97.6
    Scan saved at 8:31:53 AM, on 4/19/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\WINDOWS\SNCOXCUIL.EXE
    C:\WINDOWS\WAST.EXE
    C:\WINDOWS\TEMP\A49BUU.EXE
    C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
    C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] C:\Program Files\support.com\client\lserver\server.vbs
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [HDSPlus] C:\PROGRAM FILES\HDESKSTOPPLUS\HDSTOPPLUS.EXE
    O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
    O12 - Plugin for .qcp: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npqtplugin8.dll
    O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://01.sharedsource.org/html/TriacomUD_1.0.0.1ie.cab?
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221412

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice