Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Spyware / Virus Removal » Slowdowns and Inability to finish running Ad-Aware
Register Calendar Gallery Mark Forums Read

Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal.

Reply
Page 1 of 2 1 2 >
 
Thread Tools Display Modes
  #1  
Old 03-20-2005, 10:14 PM
Ehrick Ehrick is offline
Junior Member
  
Join Date: Mar 2005
Posts: 8
Hello all:

I am trying to get a poor pitiful Windows 98 SE computer working properly again. The thing is spyware infested (I think). I've installed and run Spybot with all the recent updates. I've also run Ad-Aware with recent updates, but it hangs every single time I try run it. It stops at 78708 files scanned. I've tried running it in Safe Mode and not running it in safe mode.
I've removed all that I can with Spybot. AVG (with all recent updates) says that I have no viruses. Can you get me through this log from HijackThis?


Logfile of HijackThis v1.99.1
Scan saved at 3:18:03 PM, on 3/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\CIJ3P2PS.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\E_S4I2L1.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTATKEEP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\MSNIA\TRAYCLNT.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\DESKTOP WEATHER\DESKTOPWEATHER_835031.EXE
C:\PROGRAM FILES\COMMON FILES\MYSOFTWARE\INTERCOM.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...&LC=0409&c=1c00
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iowatelecom.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: run=CSETUO.exe
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CIJ3P2PSERVER] CIJ3P2PS.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AutoLoaderqsoG1ZITKKXM] "C:\WINDOWS\SYSTEM\IPRON2VB.EXE"
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStart up -s
O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKCU\..\Run: [Game_Piece_Tracker] C:\PROGRAM FILES\GAME_PIECE_TRACKER\GAME_PIECE_TRACKER.EXE
O4 - HKCU\..\Run: [Jurassic_Passport] C:\PROGRAM FILES\JURASSIC_PASSPORT\JURASSIC_PASSPORT.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
O4 - Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_835031.exe
O4 - Startup: MySoftware InterCom.lnk = C:\Program Files\Common Files\MySoftware\InterCom.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tri...uginstaller.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://www.ringingphone.com/
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} - http://www.ringingphone.com/
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/games/f...outLauncher.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = iowatelecom.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = iowatelecom.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.248.64.20,216.248.64.21
Reply With Quote
Posted


  #2  
Old 03-21-2005, 07:31 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,574
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
First thing is to go to add/remove programs, select newdotnet and remove. If that is not present in add/remove programs then download and run this uninstaller http://www.spyware911.net/downloads/newdot...20uninstall.exe


Now lets rescan once again now with hijack, insert a check next tio each of the following, close all other open browser windows and click "fix checked"


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)

O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - (no file)


O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE


O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tri...uginstaller.cab


Now set the system to show hidden files and folders http://www.spyware911.net/forum/index.php?...ge&pg=showfiles


Reboot into safe mode

Locate then right click and delete:
C:\PROGRAM FILES\WINDOWS ADSTATUS
C:\PROGRAM FILES\CXTPLS


Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Reboot, try rescanning again now with adaware, clean up anything it finds.

Then rescan with hijack, post a fresh log please.
Reply With Quote
  #3  
Old 03-21-2005, 05:26 PM
Ehrick Ehrick is offline
Junior Member
  
Join Date: Mar 2005
Posts: 8
Thanks! I followed your advice and the computer starts up much more quickly than before. Unfortunately, Ad-Aware still can't get through a scan. It finds 165 problems before stopping. Clicking cancel gives me a list of 0 files however.

My updated HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:18:51 PM, on 3/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\MSNIA\TRAYCLNT.EXE
C:\PROGRAM FILES\DESKTOP WEATHER\DESKTOPWEATHER_835031.EXE
C:\PROGRAM FILES\COMMON FILES\MYSOFTWARE\INTERCOM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...&LC=0409&c=1c00
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iowatelecom.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
F1 - win.ini: run=CSETUO.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file)
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CIJ3P2PSERVER] CIJ3P2PS.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AutoLoaderqsoG1ZITKKXM] "C:\WINDOWS\SYSTEM\IPRON2VB.EXE"
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKCU\..\Run: [Game_Piece_Tracker] C:\PROGRAM FILES\GAME_PIECE_TRACKER\GAME_PIECE_TRACKER.EXE
O4 - HKCU\..\Run: [Jurassic_Passport] C:\PROGRAM FILES\JURASSIC_PASSPORT\JURASSIC_PASSPORT.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
O4 - Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_835031.exe
O4 - Startup: MySoftware InterCom.lnk = C:\Program Files\Common Files\MySoftware\InterCom.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://www.ringingphone.com/
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} - http://www.ringingphone.com/
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/games/f...outLauncher.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = iowatelecom.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = iowatelecom.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.248.64.20,216.248.64.21
Reply With Quote
  #4  
Old 03-21-2005, 07:39 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,574
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Rescan once again now with hijack, insert a check next to each of the following then close all other open browser windows and click "fix checked"

O2- BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file)

O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)


O4 - HKLM\..\Run: [AutoLoaderqsoG1ZITKKXM] "C:\WINDOWS\SYSTEM\IPRON2VB.EXE"


Then Download TDS-3 trojan scanner from http://tds.diamondcs.com.au/index.php?page=download

Then you will need to manually update it so follow the instructions given here
http://tds.diamondcs.com.au/index.php?page=update

Now open the program, pause until its finished its mini test then click system testing / full scan

If anything is found, right click and select delete to each when the scan completes itself.


Reboot then retry adaware.
Reply With Quote
  #5  
Old 03-22-2005, 07:42 AM
Ehrick Ehrick is offline
Junior Member
  
Join Date: Mar 2005
Posts: 8
Still no luck with Ad-Aware. TDS-3 found a few things that I deleted.

Updated log:

Logfile of HijackThis v1.99.1
Scan saved at 7:35:52 AM, on 3/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\CIJ3P2PS.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\SYSTEM\E_S4I2L1.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\MSNIA\TRAYCLNT.EXE
C:\PROGRAM FILES\DESKTOP WEATHER\DESKTOPWEATHER_835031.EXE
C:\PROGRAM FILES\COMMON FILES\MYSOFTWARE\INTERCOM.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...&LC=0409&c=1c00
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iowatelecom.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
F1 - win.ini: run=CSETUO.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CIJ3P2PSERVER] CIJ3P2PS.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKCU\..\Run: [Game_Piece_Tracker] C:\PROGRAM FILES\GAME_PIECE_TRACKER\GAME_PIECE_TRACKER.EXE
O4 - HKCU\..\Run: [Jurassic_Passport] C:\PROGRAM FILES\JURASSIC_PASSPORT\JURASSIC_PASSPORT.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
O4 - Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_835031.exe
O4 - Startup: MySoftware InterCom.lnk = C:\Program Files\Common Files\MySoftware\InterCom.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://www.ringingphone.com/
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} - http://www.ringingphone.com/
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/games/f...outLauncher.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = iowatelecom.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = iowatelecom.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.248.64.20,216.248.64.21
Reply With Quote
  #6  
Old 03-22-2005, 09:24 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,574
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Download: Registrar Lite (freeware)
http://www.resplendence.com/reglite


* Run HijackThis and produce a log.
* Start Registrar Lite
* Copy and paste the CLSID (that is the long numbers in red) into the top address bar in Registrar Lite.
* Click the Go button (upper right)
* Once located, right-click and select: Properties
* Click Permissions, Click the Advanced button


Place a checkmark next to the following:

"Inherit from parent the permission entries that apply to child objects..."

Click OK,
Click Ok,
Delete the key

Do for each of the keys below



<span style="color:red">4A2AACF3-ADF6-11D5-98A9-00E018981B9E
016235BE-59D4-4CEB-ADD5-E2378282A1D9
00000010-6F7D-442C-93E3-4A4827C2E4C8
1D7E3B41-23CE-469B-BE1B-A64B877923E1
F4E04583-354E-4076-BE7D-ED6A80FD66DA</span>
Reply With Quote
  #7  
Old 03-22-2005, 10:52 PM
Ehrick Ehrick is offline
Junior Member
  
Join Date: Mar 2005
Posts: 8
I followed those instructions. As I am running 98SE on that computer, I do not have a permissions tab (the help file states that this feature is available only on 2000/XP). Nevertheless, I deleted all five of those keys. And ran Ad-Aware... Still hanging up. Rebooted: tried again. Didn't work. Checked for those keys, they were back. Rebooted into safe mode: deleted them. Rebooted back into safe mode: keys were still gone. Tried to run Ad-Aware, it hung in the same place. Rebooted normally, the keys have returned although the values are not set.

Thanks for your help and patience. [img]style_emoticons/<#EMO_DIR#>/sad.gif[/img]
Sigh...

Logfile of HijackThis v1.99.1
Scan saved at 10:44:31 PM, on 3/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\CIJ3P2PS.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\SYSTEM\E_S4I2L1.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\MSNIA\TRAYCLNT.EXE
C:\PROGRAM FILES\DESKTOP WEATHER\DESKTOPWEATHER_835031.EXE
C:\PROGRAM FILES\COMMON FILES\MYSOFTWARE\INTERCOM.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...&LC=0409&c=1c00
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iowatelecom.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
F1 - win.ini: run=CSETUO.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CIJ3P2PSERVER] CIJ3P2PS.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKCU\..\Run: [Game_Piece_Tracker] C:\PROGRAM FILES\GAME_PIECE_TRACKER\GAME_PIECE_TRACKER.EXE
O4 - HKCU\..\Run: [Jurassic_Passport] C:\PROGRAM FILES\JURASSIC_PASSPORT\JURASSIC_PASSPORT.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
O4 - Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_835031.exe
O4 - Startup: MySoftware InterCom.lnk = C:\Program Files\Common Files\MySoftware\InterCom.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (file missing)
O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://www.ringingphone.com/
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} - http://www.ringingphone.com/
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/games/f...outLauncher.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = iowatelecom.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = iowatelecom.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.248.64.20,216.248.64.21
Reply With Quote
  #8  
Old 03-23-2005, 07:06 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,574
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Try opening registrat lite again and this time in the left pane click
HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \
then look for each of the following:
4A2AACF3-ADF6-11D5-98A9-00E018981B9E
016235BE-59D4-4CEB-ADD5-E2378282A1D9
00000010-6F7D-442C-93E3-4A4827C2E4C8
1D7E3B41-23CE-469B-BE1B-A64B877923E1
F4E04583-354E-4076-BE7D-ED6A80FD66DA

Delete as each are found

Now reopen hijack, check all of those entries if present then click " fix checked"

then reboot again and try it.
Reply With Quote
  #9  
Old 03-23-2005, 07:58 AM
Ehrick Ehrick is offline
Junior Member
  
Join Date: Mar 2005
Posts: 8
Done. The keys were not listed under the CLSID tree. I fixed them with HijackThis. I'm now running Ad-Aware. Assuming it doesn't work, what's the next step?
Reply With Quote
  #10  
Old 03-23-2005, 08:22 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,574
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
I have an alternate plan in place should that not do the trick but I have to step out for an hour or so in the meantime should that not work.
Reply With Quote
Reply
Page 1 of 2 1 2 >

« Previous Thread | Next Thread »
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes