.ink problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

scatc2

Thread Starter
Joined
Mar 30, 2004
Messages
3
Every time I turn my computer on I receive a message telling me that I'm missing a shortcut to MORZE5.ink. I ran hijack this and here is what came up. Can you tell me what to do from this point to remedy myp problem? Thank you.


Scan saved at 11:19:02 PM, on 3/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LYCOS\IEAGENT\LOADER.EXE
C:\WINDOWS\MSBB.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\WINDOWS\R1JB61GF.EXE
C:\PALTALK\PNETAWARE.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\JOHNNYBRAVO1022\RECEIVE\HIJACKTHIS.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/indexa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://itseasy.us/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://itseasy.us/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yourbookmarks.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://itseasy.us/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://itseasy.us/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/indexa.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*;
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.boredlife.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50039
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\CALSDR.DLL
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRAM FILES\LYCOS\IEAGENT\CSIE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [rirod] C:\WINDOWS\rirod.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\MSBB.EXE
O4 - HKLM\..\Run: [R1JB61GF.EXE] C:\WINDOWS\R1JB61GF.EXE /dk
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [R1JB61GF.EXE] C:\WINDOWS\R1JB61GF.EXE /dk
O4 - HKCU\..\RunServices: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\RunServices: [R1JB61GF.EXE] C:\WINDOWS\R1JB61GF.EXE /dk
O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: 65JEEZBL.lnk = C:\WINDOWS\65jeezbl.exe
O4 - Startup: LO0RD2I5.lnk = C:\WINDOWS\lo0rd2i5.exe
O4 - Startup: NPVYWAN2.lnk = C:\WINDOWS\npvywan2.exe
O4 - Startup: 01AXYOKR.lnk = C:\WINDOWS\01axyokr.exe
O4 - Startup: VDMN0OCF.lnk = C:\WINDOWS\vdmn0ocf.exe
O4 - Startup: FGE202QJ.lnk = C:\WINDOWS\fge202qj.exe
O4 - Startup: GWFY4GMM.lnk = C:\WINDOWS\gwfy4gmm.exe
O4 - Startup: 3MQI77Q5.lnk = C:\WINDOWS\3mqi77q5.exe
O4 - Startup: XIO2OB4O.lnk = C:\WINDOWS\xio2ob4o.exe
O4 - Startup: T7LVM4NX.lnk = C:\WINDOWS\t7lvm4nx.exe
O4 - Startup: R1JB61GF.lnk = C:\WINDOWS\r1jb61gf.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: 65JEEZBL.lnk = C:\WINDOWS\65jeezbl.exe
O4 - Global Startup: LO0RD2I5.lnk = C:\WINDOWS\lo0rd2i5.exe
O4 - Global Startup: NPVYWAN2.lnk = C:\WINDOWS\npvywan2.exe
O4 - Global Startup: 01AXYOKR.lnk = C:\WINDOWS\01axyokr.exe
O4 - Global Startup: VDMN0OCF.lnk = C:\WINDOWS\vdmn0ocf.exe
O4 - Global Startup: FGE202QJ.lnk = C:\WINDOWS\fge202qj.exe
O4 - Global Startup: GWFY4GMM.lnk = C:\WINDOWS\gwfy4gmm.exe
O4 - Global Startup: 3MQI77Q5.lnk = C:\WINDOWS\3mqi77q5.exe
O4 - Global Startup: XIO2OB4O.lnk = C:\WINDOWS\xio2ob4o.exe
O4 - Global Startup: T7LVM4NX.lnk = C:\WINDOWS\t7lvm4nx.exe
O4 - Global Startup: R1JB61GF.lnk = C:\WINDOWS\r1jb61gf.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O15 - Trusted Zone: *.coolwwwsearch.com
O15 - Trusted Zone: *.msn.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_0.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37594.507662037
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab
O16 - DPF: ConferenceRoom Java Client - http://www.camzchat.com:8000/java/cr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25334243f512af76f218/netzip/RdxIE601.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50039/QDow.cab
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
 
Joined
Mar 12, 2002
Messages
5,520
Well...

First go hereSpyBot, download and install Spybot, once installed, open it and click on "Check for updates", once updates are installed, close all browsers, and click on "Check for problems", and let it fix all in red, then reboot the pc...

And then repost a new hijack log...
 

scatc2

Thread Starter
Joined
Mar 30, 2004
Messages
3
I updated spybot and here is the log that i got from hijackthis after re-running it... can you please help??


Scan saved at 8:41:34 PM, on 3/31/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LYCOS\IEAGENT\LOADER.EXE
C:\WINDOWS\BFQY86QH.EXE
C:\PALTALK\PNETAWARE.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\MSBB.EXE
C:\MY DOCUMENTS\JOHNNYBRAVO1022\RECEIVE\HIJACKTHIS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/indexa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://itseasy.us/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://itseasy.us/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yourbookmarks.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://itseasy.us/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://itseasy.us/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/indexa.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*;
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.boredlife.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50039
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\CALSDR.DLL
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRAM FILES\LYCOS\IEAGENT\CSIE.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [rirod] C:\WINDOWS\rirod.exe
O4 - HKLM\..\Run: [BFQY86QH.EXE] C:\WINDOWS\BFQY86QH.EXE /dk
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\MSBB.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [BFQY86QH.EXE] C:\WINDOWS\BFQY86QH.EXE /dk
O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: 65JEEZBL.lnk = C:\WINDOWS\65jeezbl.exe
O4 - Startup: LO0RD2I5.lnk = C:\WINDOWS\lo0rd2i5.exe
O4 - Startup: NPVYWAN2.lnk = C:\WINDOWS\npvywan2.exe
O4 - Startup: 01AXYOKR.lnk = C:\WINDOWS\01axyokr.exe
O4 - Startup: VDMN0OCF.lnk = C:\WINDOWS\vdmn0ocf.exe
O4 - Startup: FGE202QJ.lnk = C:\WINDOWS\fge202qj.exe
O4 - Startup: GWFY4GMM.lnk = C:\WINDOWS\gwfy4gmm.exe
O4 - Startup: 3MQI77Q5.lnk = C:\WINDOWS\3mqi77q5.exe
O4 - Startup: XIO2OB4O.lnk = C:\WINDOWS\xio2ob4o.exe
O4 - Startup: T7LVM4NX.lnk = C:\WINDOWS\t7lvm4nx.exe
O4 - Startup: R1JB61GF.lnk = C:\WINDOWS\r1jb61gf.exe
O4 - Startup: BFQY86QH.lnk = C:\WINDOWS\bfqy86qh.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: 65JEEZBL.lnk = C:\WINDOWS\65jeezbl.exe
O4 - Global Startup: LO0RD2I5.lnk = C:\WINDOWS\lo0rd2i5.exe
O4 - Global Startup: NPVYWAN2.lnk = C:\WINDOWS\npvywan2.exe
O4 - Global Startup: 01AXYOKR.lnk = C:\WINDOWS\01axyokr.exe
O4 - Global Startup: VDMN0OCF.lnk = C:\WINDOWS\vdmn0ocf.exe
O4 - Global Startup: FGE202QJ.lnk = C:\WINDOWS\fge202qj.exe
O4 - Global Startup: GWFY4GMM.lnk = C:\WINDOWS\gwfy4gmm.exe
O4 - Global Startup: 3MQI77Q5.lnk = C:\WINDOWS\3mqi77q5.exe
O4 - Global Startup: XIO2OB4O.lnk = C:\WINDOWS\xio2ob4o.exe
O4 - Global Startup: T7LVM4NX.lnk = C:\WINDOWS\t7lvm4nx.exe
O4 - Global Startup: R1JB61GF.lnk = C:\WINDOWS\r1jb61gf.exe
O4 - Global Startup: BFQY86QH.lnk = C:\WINDOWS\bfqy86qh.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O15 - Trusted Zone: *.coolwwwsearch.com
O15 - Trusted Zone: *.msn.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_0.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37594.507662037
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab
O16 - DPF: ConferenceRoom Java Client - http://www.camzchat.com:8000/java/cr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25334243f512af76f218/netzip/RdxIE601.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50039/QDow.cab
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
 

scatc2

Thread Starter
Joined
Mar 30, 2004
Messages
3
here is the log after softpedia.

Logfile of HijackThis v1.97.7
Scan saved at 9:18:28 PM, on 3/31/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\BFQY86QH.EXE
C:\PALTALK\PNETAWARE.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\MSBB.EXE
C:\MY DOCUMENTS\JOHNNYBRAVO1022\RECEIVE\HIJACKTHIS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50039
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\CALSDR.DLL
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRAM FILES\LYCOS\IEAGENT\CSIE.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [rirod] C:\WINDOWS\rirod.exe
O4 - HKLM\..\Run: [BFQY86QH.EXE] C:\WINDOWS\BFQY86QH.EXE /dk
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\MSBB.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [BFQY86QH.EXE] C:\WINDOWS\BFQY86QH.EXE /dk
O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: 65JEEZBL.lnk = C:\WINDOWS\65jeezbl.exe
O4 - Startup: LO0RD2I5.lnk = C:\WINDOWS\lo0rd2i5.exe
O4 - Startup: NPVYWAN2.lnk = C:\WINDOWS\npvywan2.exe
O4 - Startup: 01AXYOKR.lnk = C:\WINDOWS\01axyokr.exe
O4 - Startup: VDMN0OCF.lnk = C:\WINDOWS\vdmn0ocf.exe
O4 - Startup: FGE202QJ.lnk = C:\WINDOWS\fge202qj.exe
O4 - Startup: GWFY4GMM.lnk = C:\WINDOWS\gwfy4gmm.exe
O4 - Startup: 3MQI77Q5.lnk = C:\WINDOWS\3mqi77q5.exe
O4 - Startup: XIO2OB4O.lnk = C:\WINDOWS\xio2ob4o.exe
O4 - Startup: T7LVM4NX.lnk = C:\WINDOWS\t7lvm4nx.exe
O4 - Startup: R1JB61GF.lnk = C:\WINDOWS\r1jb61gf.exe
O4 - Startup: BFQY86QH.lnk = C:\WINDOWS\bfqy86qh.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: 65JEEZBL.lnk = C:\WINDOWS\65jeezbl.exe
O4 - Global Startup: LO0RD2I5.lnk = C:\WINDOWS\lo0rd2i5.exe
O4 - Global Startup: NPVYWAN2.lnk = C:\WINDOWS\npvywan2.exe
O4 - Global Startup: 01AXYOKR.lnk = C:\WINDOWS\01axyokr.exe
O4 - Global Startup: VDMN0OCF.lnk = C:\WINDOWS\vdmn0ocf.exe
O4 - Global Startup: FGE202QJ.lnk = C:\WINDOWS\fge202qj.exe
O4 - Global Startup: GWFY4GMM.lnk = C:\WINDOWS\gwfy4gmm.exe
O4 - Global Startup: 3MQI77Q5.lnk = C:\WINDOWS\3mqi77q5.exe
O4 - Global Startup: XIO2OB4O.lnk = C:\WINDOWS\xio2ob4o.exe
O4 - Global Startup: T7LVM4NX.lnk = C:\WINDOWS\t7lvm4nx.exe
O4 - Global Startup: R1JB61GF.lnk = C:\WINDOWS\r1jb61gf.exe
O4 - Global Startup: BFQY86QH.lnk = C:\WINDOWS\bfqy86qh.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_0.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37594.507662037
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab
O16 - DPF: ConferenceRoom Java Client - http://www.camzchat.com:8000/java/cr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25334243f512af76f218/netzip/RdxIE601.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50039/QDow.cab
 
Joined
Mar 12, 2002
Messages
5,520
Well...

I'm not the best at reading these logs...

but you can get rid of these...

O4 - HKCU\..\Run: [BFQY86QH.EXE] C:\WINDOWS\BFQY86QH.EXE /dk
O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: 65JEEZBL.lnk = C:\WINDOWS\65jeezbl.exe
O4 - Startup: LO0RD2I5.lnk = C:\WINDOWS\lo0rd2i5.exe
O4 - Startup: NPVYWAN2.lnk = C:\WINDOWS\npvywan2.exe
O4 - Startup: 01AXYOKR.lnk = C:\WINDOWS\01axyokr.exe
O4 - Startup: VDMN0OCF.lnk = C:\WINDOWS\vdmn0ocf.exe
O4 - Startup: FGE202QJ.lnk = C:\WINDOWS\fge202qj.exe
O4 - Startup: GWFY4GMM.lnk = C:\WINDOWS\gwfy4gmm.exe
O4 - Startup: 3MQI77Q5.lnk = C:\WINDOWS\3mqi77q5.exe
O4 - Startup: XIO2OB4O.lnk = C:\WINDOWS\xio2ob4o.exe
O4 - Startup: T7LVM4NX.lnk = C:\WINDOWS\t7lvm4nx.exe
O4 - Startup: R1JB61GF.lnk = C:\WINDOWS\r1jb61gf.exe
O4 - Startup: BFQY86QH.lnk = C:\WINDOWS\bfqy86qh.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: 65JEEZBL.lnk = C:\WINDOWS\65jeezbl.exe
O4 - Global Startup: LO0RD2I5.lnk = C:\WINDOWS\lo0rd2i5.exe
O4 - Global Startup: NPVYWAN2.lnk = C:\WINDOWS\npvywan2.exe
O4 - Global Startup: 01AXYOKR.lnk = C:\WINDOWS\01axyokr.exe
O4 - Global Startup: VDMN0OCF.lnk = C:\WINDOWS\vdmn0ocf.exe
O4 - Global Startup: FGE202QJ.lnk = C:\WINDOWS\fge202qj.exe
O4 - Global Startup: GWFY4GMM.lnk = C:\WINDOWS\gwfy4gmm.exe
O4 - Global Startup: 3MQI77Q5.lnk = C:\WINDOWS\3mqi77q5.exe
O4 - Global Startup: XIO2OB4O.lnk = C:\WINDOWS\xio2ob4o.exe
O4 - Global Startup: T7LVM4NX.lnk = C:\WINDOWS\t7lvm4nx.exe
O4 - Global Startup: R1JB61GF.lnk = C:\WINDOWS\r1jb61gf.exe


Just run Hyjackthis and click Scan and put a check on all above and click fixed checked button. Then reboot...

Then repost the log...
 
Joined
Mar 9, 2003
Messages
4,699
After running HJT and checking and fixing all of the above reboot into Safe Mode and delete the following files that are bolded:

See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

C:\WINDOWS\morze5.exe
C:\WINDOWS\65jeezbl.exe
C:\WINDOWS\lo0rd2i5.exe
C:\WINDOWS\npvywan2.exe
C:\WINDOWS\01axyokr.exe
C:\WINDOWS\vdmn0ocf.exe
C:\WINDOWS\fge202qj.exe
C:\WINDOWS\gwfy4gmm.exe
C:\WINDOWS\3mqi77q5.exe
C:\WINDOWS\xio2ob4o.exe
C:\WINDOWS\t7lvm4nx.exe
C:\WINDOWS\r1jb61gf.exe
C:\WINDOWS\bfqy86qh.exe
C:\WINDOWS\morze5.exe
C:\WINDOWS\65jeezbl.exe
C:\WINDOWS\lo0rd2i5.exe
C:\WINDOWS\npvywan2.exe
C:\WINDOWS\01axyokr.exe
C:\WINDOWS\vdmn0ocf.exe
C:\WINDOWS\fge202qj.exe
C:\WINDOWS\gwfy4gmm.exe
C:\WINDOWS\3mqi77q5.exe
C:\WINDOWS\xio2ob4o.exe
C:\WINDOWS\t7lvm4nx.exe
C:\WINDOWS\r1jb61gf.exe
C:\WINDOWS\bfqy86qh.exe
 
Joined
Mar 9, 2003
Messages
4,699
Jedi, this is the latest nasty. I think we are going to be seeing a lot of it until it runs it's course.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top