Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

hijack this log-fylter

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   This topic is locked: you cannot edit posts or make replies.   Printer-friendly version    Security Forums Index -> Resolved Malware Issues

Special offer!

TechGenix and SolarWinds have partnered to provide a fully-functional, free 21-day trial version of SolarWinds ipMonitor, the WindowsNetworking.com Readers' Choice Award Winner for monitoring applications, servers, and network devices to all visitors who join Security Forums. Sign up to Security Forums and get your copy today! Existing members can pick up a copy from the Members Area.

View previous topic :: View next topic  
Author Message
fylter
Just Arrived
Just Arrived


Joined: 07 Aug 2006
Posts: 7


Offline
PostPosted: Mon Aug 07, 2006 5:49 pm    Post subject: hijack this log-fylter Reply with quote
adaware found adware.look2me as did avg, neither will remove it.

Logfile of HijackThis v1.99.1
Scan saved at 10:21:48 AM, on 8/7/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS_ZRxdm479YYUS
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register6.valueactive.com/mpp_243/webolr/OCX/FlashAX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://foodnet3.view22.com/view22/app/view22rte.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.187/images/PopupSh.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4815/mcfscan.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
Back to top
View user's profile Send private message
SifuMike
SF Mod - S.M.A.R.T. Leader
SF Mod - S.M.A.R.T. Leader


Joined: 17 May 2004
Posts: 8944
Location: Vancouver (not BC) WA (not DC)

Offline
PostPosted: Mon Aug 07, 2006 10:22 pm    Post subject: Reply with quote
Hello fylter,

My name is Sifu Mike and I will be helping you. Smile
Welcome to SFDC Malware Removal forum Exclamation

Please download, update and run
Spybot 1.4

Fix whatever it suggests.

***************************************************

Now download the VX2 Cleaner from this page.


Be sure to follow the instructions at the site.
NOTE: If you have earlier attempted to run Ad-Aware to remove VX2, you may need to run the VX2 Cleaner several times to remove possible VX2 remains.


Run Ad-Aware SE Personal.
Click Add-Ons.
Double-click VX2 Cleaner.
Click Ok to Excute this tool.

If malware is found click Clean System.
When it's done click Start in Ad-Aware SE Personal.
Make sure Perform smart system scan is checked.
Click Next.

Let it clean anything it finds.

***************************************************


Please download, update and run the free A2 (A squared) anti-trojan

If malware is found, click the button "Remove Selected Malware".

Save the log file by clicking on "Save HTML-Report".

Let it delete whatever it finds.

***************************************************


Run this pc through the
Trend Micro Housecall Online virus scanner
or
Panda Scan Online virus scanner
or
BitDefender Free Online Virus Scan

Let it delete whatever it finds.

If it cannot delete it, then post the log and we will delete it manually.

***************************************************

Let's look for that Look2Me

Download this tool to your desktop.

http://downloads.subratam.org/VX2Finder9x(126).exe

To use it: VX2Finder9x
Run it by double clicking VX2Finder9x26.exe
click find VX2abetterinternet
then up near the top right click make log copy paste that back here please
exit notepad and VX2Finder9x also


***************************************************

Next, reboot, post a fresh HijackThis log, output of the VX2finder and tell me how your comupter is running.
If it is still here, we will use the "big hammer". Laughing
Back to top
View user's profile Send private message
fylter
Just Arrived
Just Arrived


Joined: 07 Aug 2006
Posts: 7


Offline
PostPosted: Tue Aug 08, 2006 2:06 am    Post subject: ok i did everything....might need that big hammer!!! Reply with quote
heres my new hjthis log

Logfile of HijackThis v1.99.1
Scan saved at 8:02:10 PM, on 8/7/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS_ZRxdm479YYUS
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register6.valueactive.com/mpp_243/webolr/OCX/FlashAX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://foodnet3.view22.com/view22/app/view22rte.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.187/images/PopupSh.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4815/mcfscan.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

heres my A2 scan
˙ŝa - s q u a r e d F r e e - V e r s i o n 2 . 0



S c a n s e t t i n g s :



O b j e c t s : M e m o r y , T r a c e s , C o o k i e s , C : \ W I N D O W S , C : \ P r o g r a m F i l e s

S c a n a r c h i v e s : O n

H e u r i s t i c s : O n

A D S S c a n : O n



S c a n s t a r t : 8 / 7 / 0 6 5 : 5 5 : 1 5 P M



K e y : H K E Y _ C L A S S E S _ R O O T \ c l s i d \ { 9 a f b 8 2 4 8 - 6 1 7 f - 4 6 0 d - 9 3 6 6 - d 7 1 c d e d a 3 1 7 9 } d e t e c t e d : T r a c e . R e g i s t r y . F u n W e b P r o d u c t s

K e y : H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ k a z a a d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ i n - - > b 0 d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ i n - - > b 0 s e c o n d s d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ i n - - > b 1 d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ l a s t e s t i m a t e - - > b d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ l a s t e s t i m a t e - - > t i m e d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ o u t - - > b 0 d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ o u t - - > b 0 s e c o n d s d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ o u t - - > b 1 d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

K e y : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ c o n n e c t i o n i n f o d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ c o n n e c t i o n i n f o - - > k a z a a n e t d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

K e y : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ l o c a l c o n t e n t d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ l o c a l c o n t e n t - - > d a t a b a s e d i r d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ l o c a l c o n t e n t - - > d o w n l o a d d i r d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

K e y : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a - - > l i s t e n p o r t d e t e c t e d : T r a c e . R e g i s t r y . K a Z a A

K e y : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m i c r o s o f t \ w i n d o w s \ c u r r e n t v e r s i o n \ i n t e r n e t s e t t i n g s \ z o n e m a p \ d o m a i n s \ n e t - n u c l e u s . c o m d e t e c t e d : T r a c e . R e g i s t r y . M i r a r

K e y : H K E Y _ C L A S S E S _ R O O T \ m y w e b s e a r c h . p s e u d o t r a n s p a r e n t p l u g i n d e t e c t e d : T r a c e . R e g i s t r y . M y W e b S e a r c h T o o b a r

K e y : H K E Y _ C L A S S E S _ R O O T \ m y w e b s e a r c h . p s e u d o t r a n s p a r e n t p l u g i n d e t e c t e d : T r a c e . R e g i s t r y . M y W e b S e a r c h T o o l b a r

C : \ W I N D O W S \ d o w n l o a d e d p r o g r a m f i l e s \ f 3 i n i t i a l s e t u p 1 . 0 . 0 . 1 5 . i n f d e t e c t e d : T r a c e . F i l e . M y W e b S e a r c h T o o l b a r

V a l u e : H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h S c o p e s \ { 5 6 2 5 6 A 5 1 - B 5 8 2 - 4 6 7 e - B 8 D 4 - 7 7 8 6 E D A 7 9 A E 0 } - - > D i s p l a y N a m e d e t e c t e d : T r a c e . R e g i s t r y . M y W e b S e a r c h T o o l b a r

V a l u e : H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h S c o p e s \ { 5 6 2 5 6 A 5 1 - B 5 8 2 - 4 6 7 e - B 8 D 4 - 7 7 8 6 E D A 7 9 A E 0 } - - > U R L d e t e c t e d : T r a c e . R e g i s t r y . M y W e b S e a r c h T o o l b a r

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h S c o p e s \ { 5 6 2 5 6 A 5 1 - B 5 8 2 - 4 6 7 e - B 8 D 4 - 7 7 8 6 E D A 7 9 A E 0 } - - > D i s p l a y N a m e d e t e c t e d : T r a c e . R e g i s t r y . M y W e b S e a r c h T o o l b a r

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h S c o p e s \ { 5 6 2 5 6 A 5 1 - B 5 8 2 - 4 6 7 e - B 8 D 4 - 7 7 8 6 E D A 7 9 A E 0 } - - > U R L d e t e c t e d : T r a c e . R e g i s t r y . M y W e b S e a r c h T o o l b a r

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ d o u b l e c l i c k [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ c o u n t 3 . e x i t e x c h a n g e [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ a d v e r t i s i n g [ 2 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ t r i b a l f u s i o n [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ c o u n t . e x i t e x c h a n g e [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ m e d i a p l e x [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ c o u n t 1 . e x i t e x c h a n g e [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ c o u n t 2 . e x i t e x c h a n g e [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ a t d m t [ 2 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ q u e s t i o n m a r k e t [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ b u r s t n e t [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ e r c v a [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ c o m [ 1 ] . t x t d e t e c t e d : T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ S Y S T E M \ I F O N L I B . D L L d e t e c t e d : A d w a r e . W i n 3 2 . L o o k 2 M e . a p

C : \ W I N D O W S \ S Y S T E M \ m x i l a u 3 2 . d l l d e t e c t e d : A d w a r e . W i n 3 2 . L o o k 2 M e . a p

C : \ W I N D O W S \ S Y S T E M \ I Y M 1 0 E X T . D L L d e t e c t e d : A d w a r e . W i n 3 2 . L o o k 2 M e . a p

C : \ W I N D O W S \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ D J V 1 B H J C \ r m t a g 2 [ 1 ] . j s d e t e c t e d : T r o j a n - C l i c k e r . J S . T a g e m . a



S c a n n e d



F i l e s : 1 7 8 7 4

T r a c e s : 6 3 4 2 8

C o o k i e s : 1 1 6

P r o c e s s e s : 1 5



F o u n d



F i l e s : 4

T r a c e s : 2 5

C o o k i e s : 1 3

P r o c e s s e s : 0

R e g i s t r y k e y s : 0



S c a n e n d : 8 / 7 / 0 6 6 : 2 7 : 3 4 P M

S c a n t i m e : 1 2 : 3 2 : 1 9 A M



C : \ W I N D O W S \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ D J V 1 B H J C \ r m t a g 2 [ 1 ] . j s D e l e t e d T r o j a n - C l i c k e r . J S . T a g e m . a

C : \ W I N D O W S \ S Y S T E M \ I F O N L I B . D L L D e l e t e d A d w a r e . W i n 3 2 . L o o k 2 M e . a p

C : \ W I N D O W S \ S Y S T E M \ m x i l a u 3 2 . d l l D e l e t e d A d w a r e . W i n 3 2 . L o o k 2 M e . a p

C : \ W I N D O W S \ S Y S T E M \ I Y M 1 0 E X T . D L L D e l e t e d A d w a r e . W i n 3 2 . L o o k 2 M e . a p

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ d o u b l e c l i c k [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ c o u n t 3 . e x i t e x c h a n g e [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ a d v e r t i s i n g [ 2 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ t r i b a l f u s i o n [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ c o u n t . e x i t e x c h a n g e [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ m e d i a p l e x [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ c o u n t 1 . e x i t e x c h a n g e [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ c o u n t 2 . e x i t e x c h a n g e [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ a t d m t [ 2 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ q u e s t i o n m a r k e t [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ b u r s t n e t [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ e r c v a [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

C : \ W I N D O W S \ C o o k i e s \ c o r e y g @ c o m [ 1 ] . t x t D e l e t e d T r a c e . T r a c k i n g C o o k i e

V a l u e : H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h S c o p e s \ { 5 6 2 5 6 A 5 1 - B 5 8 2 - 4 6 7 e - B 8 D 4 - 7 7 8 6 E D A 7 9 A E 0 } - - > D i s p l a y N a m e D e l e t e d T r a c e . R e g i s t r y . M y W e b S e a r c h T o o l b a r

V a l u e : H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h S c o p e s \ { 5 6 2 5 6 A 5 1 - B 5 8 2 - 4 6 7 e - B 8 D 4 - 7 7 8 6 E D A 7 9 A E 0 } - - > U R L D e l e t e d T r a c e . R e g i s t r y . M y W e b S e a r c h T o o l b a r

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h S c o p e s \ { 5 6 2 5 6 A 5 1 - B 5 8 2 - 4 6 7 e - B 8 D 4 - 7 7 8 6 E D A 7 9 A E 0 } - - > D i s p l a y N a m e D e l e t e d T r a c e . R e g i s t r y . M y W e b S e a r c h T o o l b a r

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ S e a r c h S c o p e s \ { 5 6 2 5 6 A 5 1 - B 5 8 2 - 4 6 7 e - B 8 D 4 - 7 7 8 6 E D A 7 9 A E 0 } - - > U R L D e l e t e d T r a c e . R e g i s t r y . M y W e b S e a r c h T o o l b a r

C : \ W I N D O W S \ d o w n l o a d e d p r o g r a m f i l e s \ f 3 i n i t i a l s e t u p 1 . 0 . 0 . 1 5 . i n f D e l e t e d T r a c e . F i l e . M y W e b S e a r c h T o o l b a r

K e y : H K E Y _ C L A S S E S _ R O O T \ m y w e b s e a r c h . p s e u d o t r a n s p a r e n t p l u g i n D e l e t e d T r a c e . R e g i s t r y . M y W e b S e a r c h T o o l b a r

K e y : H K E Y _ C L A S S E S _ R O O T \ m y w e b s e a r c h . p s e u d o t r a n s p a r e n t p l u g i n D e l e t e d T r a c e . R e g i s t r y . M y W e b S e a r c h T o o b a r

K e y : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m i c r o s o f t \ w i n d o w s \ c u r r e n t v e r s i o n \ i n t e r n e t s e t t i n g s \ z o n e m a p \ d o m a i n s \ n e t - n u c l e u s . c o m D e l e t e d T r a c e . R e g i s t r y . M i r a r

K e y : H K E Y _ C U R R E N T _ U S E R \ s o f t w a r e \ k a z a a D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ i n - - > b 0 D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ i n - - > b 0 s e c o n d s D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ i n - - > b 1 D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ l a s t e s t i m a t e - - > b D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ l a s t e s t i m a t e - - > t i m e D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ o u t - - > b 0 D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ o u t - - > b 0 s e c o n d s D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ b a n d w i d t h \ o u t - - > b 1 D e l e t e d T r a c e . R e g i s t r y . K a Z a A

K e y : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ c o n n e c t i o n i n f o D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ c o n n e c t i o n i n f o - - > k a z a a n e t D e l e t e d T r a c e . R e g i s t r y . K a Z a A

K e y : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ l o c a l c o n t e n t D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ l o c a l c o n t e n t - - > d a t a b a s e d i r D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a \ l o c a l c o n t e n t - - > d o w n l o a d d i r D e l e t e d T r a c e . R e g i s t r y . K a Z a A

K e y : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a D e l e t e d T r a c e . R e g i s t r y . K a Z a A

V a l u e : H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ k a z a a - - > l i s t e n p o r t D e l e t e d T r a c e . R e g i s t r y . K a Z a A

K e y : H K E Y _ C L A S S E S _ R O O T \ c l s i d \ { 9 a f b 8 2 4 8 - 6 1 7 f - 4 6 0 d - 9 3 6 6 - d 7 1 c d e d a 3 1 7 9 } D e l e t e d T r a c e . R e g i s t r y . F u n W e b P r o d u c t s



D e l e t e d



F i l e s : 4

T r a c e s : 2 5

C o o k i e s : 1 3

and my vx2 scan

Log for VX2.BetterInternet File Finder

Files Found---


User Agent String---
{E3F18A85-BF91-B54E-A0B0-57F6876962D3}
PLEASEEEEE HELP

Last edited by fylter on Tue Aug 08, 2006 2:39 am; edited 1 time in total
Back to top
View user's profile Send private message
fylter
Just Arrived
Just Arrived


Joined: 07 Aug 2006
Posts: 7


Offline
PostPosted: Tue Aug 08, 2006 2:28 am    Post subject: one more hjthis log with no hidden files Reply with quote
Logfile of HijackThis v1.99.1
Scan saved at 8:24:21 PM, on 8/7/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS_ZRxdm479YYUS
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register6.valueactive.com/mpp_243/webolr/OCX/FlashAX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://foodnet3.view22.com/view22/app/view22rte.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.187/images/PopupSh.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4815/mcfscan.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
Back to top
View user's profile Send private message
SifuMike
SF Mod - S.M.A.R.T. Leader
SF Mod - S.M.A.R.T. Leader


Joined: 17 May 2004
Posts: 8944
Location: Vancouver (not BC) WA (not DC)

Offline
PostPosted: Tue Aug 08, 2006 5:28 am    Post subject: Reply with quote
Hello fylter,


I am not seeing an antiviurs in you log Exclamation Without on you will get infected in a minutes (as you have found out).

I recommend you download the free
AntiVir or
AVG antivirus or
Avast

******************

Your log is not showing much and I am not seeing the bad files, so we have to dig deeper.


Next click here:
http://www.downloads.subratam.org/DllCompare.exe to download DLLCompare.zip

Save it to your desktop.

******************


Now run DllCompare and click on the RunLocate.com button.

It will scan for the hidden files.

When it is finished, you will see in blue Completed the scan, Click Compare to Continue at which time you will click the Compare button.

It will sort through the files it found and determine which should be flagged as "No access" and display them in the lower box.

In a few minutes it will complete then you will see in blue Completed.

Click the Make a Log of what was Found button. It will ask if you want to view the logfile.

Click Yes then copy and paste that log in your next reply.

******************


Download Findit98.zip from here:

http://www.thatcomputerguy.us/downloads/findit98.zip

Unzip to desktop and run find.bat inside.

It will scan for a few seconds and a log should pop up.
Please copy and paste entire log contents here.
Back to top
View user's profile Send private message
fylter
Just Arrived
Just Arrived


Joined: 07 Aug 2006
Posts: 7


Offline
PostPosted: Tue Aug 08, 2006 1:25 pm    Post subject: i did a scan with.... Reply with quote
i did a scan called l2m9xfix.exe after extracting files i ran runthis.bat.......seems to have worked....no pop ups....heres the scan and a new hjthis log. i do have avg free edition running by the way

Log of L2M9XFix v1.01a

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\CNCFG32.DLL
C:\WINDOWS\system\DCRAWEX.DLL
C:\WINDOWS\system\dhmstor.dll
C:\WINDOWS\system\DUWSOCK.DLL
C:\WINDOWS\system\IJM10EXT.DLL
C:\WINDOWS\system\MDVCRT40.DLL
C:\WINDOWS\system\MGCD30.DLL
C:\WINDOWS\system\MNR.DLL
C:\WINDOWS\system\MVOSS.DLL
C:\WINDOWS\system\NSSWAN16.DLL
C:\WINDOWS\system\WE2HELP.DLL
C:\WINDOWS\system\WN2THK.DLL
C:\WINDOWS\system\wtsdmod.dll

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{E49AF500-23A8-11DB-81C2-0002E3166631}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\CNCFG32.DLL"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{E3F18A85-BF91-B54E-A0B0-57F6876962D3}"=""


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!



HJTHIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 7:25:01 AM, on 8/8/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS_ZRxdm479YYUS
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register6.valueactive.com/mpp_243/webolr/OCX/FlashAX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://foodnet3.view22.com/view22/app/view22rte.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.187/images/PopupSh.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4815/mcfscan.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
Back to top
View user's profile Send private message
SifuMike
SF Mod - S.M.A.R.T. Leader
SF Mod - S.M.A.R.T. Leader


Joined: 17 May 2004
Posts: 8944
Location: Vancouver (not BC) WA (not DC)

Offline
PostPosted: Tue Aug 08, 2006 8:03 pm    Post subject: Reply with quote
Hello fylter,

Quote:
i did a scan called l2m9xfix.exe after extracting files i ran runthis.bat.......seems to have worked....no pop ups


Are working with another forum on this Question


Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

In Normal Mode select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS_ZRxdm4 79YYUS

If you did not add or want EmpirePoker, Absolute Poker, PartyPoker then fix them.

O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk  
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk


O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register6.valueactive.com/mpp_243/webolr/OCX/FlashAX.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account Exclamation

*******************************************

Finally, reboot to the Normal Mode and post a new Hijackthis log, and tell me how your computer is running.
Back to top
View user's profile Send private message
fylter
Just Arrived
Just Arrived


Joined: 07 Aug 2006
Posts: 7


Offline
PostPosted: Tue Aug 08, 2006 9:37 pm    Post subject: cc cleaner has been run...new hjthis log Reply with quote
Logfile of HijackThis v1.99.1
Scan saved at 3:33:07 PM, on 8/8/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://foodnet3.view22.com/view22/app/view22rte.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.187/images/PopupSh.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4815/mcfscan.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
Back to top
View user's profile Send private message
SifuMike
SF Mod - S.M.A.R.T. Leader
SF Mod - S.M.A.R.T. Leader


Joined: 17 May 2004
Posts: 8944
Location: Vancouver (not BC) WA (not DC)

Offline
PostPosted: Tue Aug 08, 2006 9:51 pm    Post subject: Reply with quote
Quote:
i did a scan called l2m9xfix.exe after extracting files i ran runthis.bat.......seems to have worked....no pop ups


Are working with another forum on this Question
Back to top
View user's profile Send private message
fylter
Just Arrived
Just Arrived


Joined: 07 Aug 2006
Posts: 7


Offline
PostPosted: Tue Aug 08, 2006 10:00 pm    Post subject: re: another forum Reply with quote
yes, i posted the same problem on g4(tech tvs) website. as i had not had a response on this forum yet.
Back to top
View user's profile Send private message
SifuMike
SF Mod - S.M.A.R.T. Leader
SF Mod - S.M.A.R.T. Leader


Joined: 17 May 2004
Posts: 8944
Location: Vancouver (not BC) WA (not DC)

Offline
PostPosted: Tue Aug 08, 2006 10:38 pm    Post subject: Reply with quote
You are already recieving help at http://forums.g4tv.com/messageview.cfm?catid=64&threadid=627564&FTVAR_MSGDBTABLE=

Helpers on all the HJT forums at either site are very busy, and by double posting, you take help away from others that need it. Sad

I'm closing this post, and advise you to stick with the advice you are being given there.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   This topic is locked: you cannot edit posts or make replies.   Printer-friendly version    Security Forums Index -> Resolved Malware Issues All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register