1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Solved] Quick check of HJT log please

Discussion in 'Virus & Other Malware Removal' started by Infidel_Kastro, Apr 2, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    As I said in a previous log, infected my machine by clicking on a url from another hjt log that I was looking at (dead puppie thread). Anyway, everything loaded onto my machine in less than 15 seconds, including 2 trojans. AVG got most of it, went ahead and ran the peper uninstaller, even though I don't know if I had it, but looking at another of my computers and seeing Derek's fix for it, it made sense. Here's my new log for MY machine. Theres stiull some n-case stuff, but I thought I had removed the program files and uninstalled it, will await suggestions.
    God, I am beginning to hate Fridays.
    Andrew
    Logfile of HijackThis v1.97.7
    Scan saved at 9:21:32 AM, on 4/2/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\STUTFIX.EXE
    C:\COMPAQ\INTERNET\WATCHDOG.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\TOOLS_95\IMGICON.EXE
    C:\TOOLS_95\IOWATCH.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\PROGRAM FILES\INTROREG\PIPELINE\REMIND32.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\N-CASE\MSBB.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\4RE1IPKH\HIJACKTHIS[1].EXE
    C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Essdc] essdc.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe
    O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
    O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
    O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [otwzwp] C:\WINDOWS\otwzwp.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
    O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
    O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
    O4 - Startup: BackWeb.LNK = C:\CPQS\BackWeb\Program\UserProf.EXE
    O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
    O4 - Startup: Reminder-cpq40301.lnk = C:\Program Files\INTROREG\PIPELINE\REMIND32.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38065.406087963
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab
     
  2. stillearning

    stillearning

    Joined:
    Mar 15, 2004
    Messages:
    389
    Spybot is waiting for a reboot in order to fix whatever it couldn't on it's initial run, so if you could do that & move HJT into it's own permanent folder & repost a fresh log?
     
  3. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    You are not having a good day ... :(
     
  4. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    OK, ran adaware and the only thing that was there were some cookies. Ran spybot, it found some residual stuff and removed that, no messages that said it would have to do it on reboot. I am going to post my HJT log to see if anything doesn't belong.
    Andrew
    Logfile of HijackThis v1.97.7
    Scan saved at 11:05:39 AM, on 4/2/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\STUTFIX.EXE
    C:\COMPAQ\INTERNET\WATCHDOG.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\TOOLS_95\IMGICON.EXE
    C:\TOOLS_95\IOWATCH.EXE
    C:\PROGRAM FILES\INTROREG\PIPELINE\REMIND32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL (file missing)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Essdc] essdc.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe
    O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
    O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [otwzwp] C:\WINDOWS\otwzwp.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
    O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
    O4 - Startup: BackWeb.LNK = C:\CPQS\BackWeb\Program\UserProf.EXE
    O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
    O4 - Startup: Reminder-cpq40301.lnk = C:\Program Files\INTROREG\PIPELINE\REMIND32.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38065.406087963
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab
     
  5. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    bumpity bump bump bump
     
  6. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Have HJT fix these:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about :blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL (file missing)
    O4 - HKLM\..\Run: [otwzwp] C:\WINDOWS\otwzwp.exe


    Restart the computer ...

    Aren't you glad it's Friday? ;)
     
  7. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    All right, removed everything from the HJT log. Now, on my desktop there are a bunch of files marked "backup". I opened one and put in into a notepad doc. and its someof the files I deleted from the HJT log. I am going to assume that it is HJT making backups in case you delete the wrong thing, I have never seen it before. The only thing left is in my add/remove. There is something called "TP HTTP". I have never seen that there before. any guesses.
    Thank God Friday is almost over. Once this machine is clean, 2 left.
    Andrew
     
  8. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    Yep, that's the reason all right. You can delete the backups when you are certain everything is back to "normal" ...
     
  9. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Will TP HTTP uninstall via add/remove?
     
  10. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    I removed it from add/remove, and I also restarted the machine. Not there, so I am going to assume that my machine is CLEAN!!!!!!
    Thank You.
    Does this mean I need to post a final HJT log?
     
  11. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Sure, why not ... let's play it safe ...
     
  12. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    Logfile of HijackThis v1.97.7
    Scan saved at 4:01:29 PM, on 4/2/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\STUTFIX.EXE
    C:\COMPAQ\INTERNET\WATCHDOG.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\TOOLS_95\IMGICON.EXE
    C:\TOOLS_95\IOWATCH.EXE
    C:\PROGRAM FILES\INTROREG\PIPELINE\REMIND32.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Essdc] essdc.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe
    O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
    O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
    O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
    O4 - Startup: BackWeb.LNK = C:\CPQS\BackWeb\Program\UserProf.EXE
    O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
    O4 - Startup: Reminder-cpq40301.lnk = C:\Program Files\INTROREG\PIPELINE\REMIND32.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38065.406087963
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab
     
  13. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Looks OK to me ...
     
  14. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    YEAH!!!! I'll tell the mods to close it.
     
  15. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/216811

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice