aprguy Posted May 12, 2005 Report Share Posted May 12, 2005 Hello:Like pretty much everyone here, I've been infected and can't seem to get uninfected. I'm so mad at myself - should have been more careful. My HJT log is posted below - any help you could give me would be greatly appreciated.Many thanks!AprguyLogfile of HijackThis v1.99.1Scan saved at 6:23:41 PM, on 5/12/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\ATI2EVAE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\JAVABN32.EXEC:\WINDOWS\SYSTEM\APINA.EXEC:\WINDOWS\NETKR32.EXEC:\WINDOWS\ATLDF.EXEC:\WINDOWS\SDKLK.EXEC:\WINDOWS\SYSTEM\NETNC32.EXEC:\WINDOWS\IPNN.EXEC:\WINDOWS\SYSTEM\APIIW32.EXEC:\WINDOWS\IPDD32.EXEC:\WINDOWS\MSDA.EXEC:\WINDOWS\SYSTEM\SDKPW.EXEC:\WINDOWS\IPZF32.EXEC:\WINDOWS\JAVARD.EXEC:\WINDOWS\NTNR.EXEC:\WINDOWS\NTQA32.EXEC:\WINDOWS\SYSTEM\NETMV.EXEC:\WINDOWS\SYSTEM\MFCKO32.EXEC:\WINDOWS\SYSTEM\ADDSB32.EXEC:\WINDOWS\D3TF32.EXEC:\WINDOWS\SYSTEM\MSSH.EXEC:\WINDOWS\SYSTEM\NTZY32.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXEC:\WINDOWS\SYSTEM\APPBH32.EXEC:\WINDOWS\MSOC32.EXEC:\WINDOWS\NTPU32.EXEC:\WINDOWS\IEGJ32.EXEC:\WINDOWS\SYSPG32.EXEC:\WINDOWS\SYSTEM\SYSMP.EXEC:\WINDOWS\SYSTEM\MSCT.EXEC:\WINDOWS\APPNP32.EXEC:\WINDOWS\APPPU.EXEC:\WINDOWS\SYSTEM\ADDMR32.EXEC:\WINDOWS\SYSTEM\WINRM.EXEC:\WINDOWS\IERL.EXEC:\WINDOWS\SYSTEM\ADDCL32.EXEC:\WINDOWS\SYSTEM\MSHV.EXEC:\WINDOWS\SYSTEM\WINSU.EXEC:\WINDOWS\JAVAUJ.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\NTFJ.EXEC:\WINDOWS\NETMT32.EXEC:\WINDOWS\MSQY32.EXEC:\WINDOWS\APIRI32.EXEC:\WINDOWS\SYSTEM\NTEF.EXEC:\WINDOWS\SYSTEM\SYSSO.EXEC:\WINDOWS\SYSTEM\NTRW.EXEC:\WINDOWS\EXPLORER.EXEC:\Tools_95\Register\REMIND.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\ATIPTAXX.EXEC:\WINDOWS\SYSTEM\ATI2CWXX.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\WINMJ32.EXEC:\TOOLS_95\IMGICON.EXEC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXEC:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXEC:\WINDOWS\JAVARD.EXEC:\WINDOWS\JAVARD.EXEC:\WINDOWS\SYSTEM\JAVABN32.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXEC:\PROGRAM FILES\PALMONE\HOTSYNC.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MSSY32.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXEC:\WINDOWS\SYSTEM\HPZIPM12.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\SYSTEM\NETNC32.EXEC:\WINDOWS\SDKHK.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\SYSTEM\WINSU.EXEC:\WINDOWS\SYSTEM\NTCN.EXEC:\WINDOWS\SYSTEM\NTCN.EXEC:\WINDOWS\IPYC.EXEC:\WINDOWS\IPYC.EXEC:\WINDOWS\SYSTEM\ADDSB32.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\SYSTEM\WINSU.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\IPDD32.EXEC:\WINDOWS\IPDD32.EXEC:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\asjwc.dll/sp.html#12345R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\asjwc.dll/sp.html#12345R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\asjwc.dll/sp.html#12345R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\asjwc.dll/sp.html#12345R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\asjwc.dll/sp.html#12345R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\asjwc.dll/sp.html#12345R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\asjwc.dll/sp.html#12345R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - Default URLSearchHook is missingF1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exeF1 - win.ini: run=Qtstub.exeO2 - BHO: Class - {9760FCA3-CBB6-E7B6-B1C7-5E57E71F2369} - C:\WINDOWS\SYSTEM\CRHH32.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exeO4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exeO4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIETO4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\82F4C060.htaO4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottimeO4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [iEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEO4 - HKLM\..\Run: [WINMJ32.EXE] C:\WINDOWS\WINMJ32.EXEO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [JAVABN32.EXE] C:\WINDOWS\SYSTEM\JAVABN32.EXE /sO4 - HKLM\..\RunServices: [APINA.EXE] C:\WINDOWS\SYSTEM\APINA.EXE /sO4 - HKLM\..\RunServices: [NETKR32.EXE] C:\WINDOWS\NETKR32.EXE /sO4 - HKLM\..\RunServices: [ATLDF.EXE] C:\WINDOWS\ATLDF.EXE /sO4 - HKLM\..\RunServices: [sDKLK.EXE] C:\WINDOWS\SDKLK.EXE /sO4 - HKLM\..\RunServices: [NETNC32.EXE] C:\WINDOWS\SYSTEM\NETNC32.EXE /sO4 - HKLM\..\RunServices: [iPNN.EXE] C:\WINDOWS\IPNN.EXE /sO4 - HKLM\..\RunServices: [APIIW32.EXE] C:\WINDOWS\SYSTEM\APIIW32.EXE /sO4 - HKLM\..\RunServices: [iPDD32.EXE] C:\WINDOWS\IPDD32.EXE /sO4 - HKLM\..\RunServices: [MSDA.EXE] C:\WINDOWS\MSDA.EXE /sO4 - HKLM\..\RunServices: [sDKPW.EXE] C:\WINDOWS\SYSTEM\SDKPW.EXE /sO4 - HKLM\..\RunServices: [iPZF32.EXE] C:\WINDOWS\IPZF32.EXE /sO4 - HKLM\..\RunServices: [JAVARD.EXE] C:\WINDOWS\JAVARD.EXE /sO4 - HKLM\..\RunServices: [NTNR.EXE] C:\WINDOWS\NTNR.EXE /sO4 - HKLM\..\RunServices: [NTQA32.EXE] C:\WINDOWS\NTQA32.EXE /sO4 - HKLM\..\RunServices: [NETMV.EXE] C:\WINDOWS\SYSTEM\NETMV.EXE /sO4 - HKLM\..\RunServices: [MFCKO32.EXE] C:\WINDOWS\SYSTEM\MFCKO32.EXE /sO4 - HKLM\..\RunServices: [ADDSB32.EXE] C:\WINDOWS\SYSTEM\ADDSB32.EXE /sO4 - HKLM\..\RunServices: [D3TF32.EXE] C:\WINDOWS\D3TF32.EXE /sO4 - HKLM\..\RunServices: [MSSH.EXE] C:\WINDOWS\SYSTEM\MSSH.EXE /sO4 - HKLM\..\RunServices: [NTZY32.EXE] C:\WINDOWS\SYSTEM\NTZY32.EXE /sO4 - HKLM\..\RunServices: [APPBH32.EXE] C:\WINDOWS\SYSTEM\APPBH32.EXE /sO4 - HKLM\..\RunServices: [MSOC32.EXE] C:\WINDOWS\MSOC32.EXE /sO4 - HKLM\..\RunServices: [NTPU32.EXE] C:\WINDOWS\NTPU32.EXE /sO4 - HKLM\..\RunServices: [iEGJ32.EXE] C:\WINDOWS\IEGJ32.EXE /sO4 - HKLM\..\RunServices: [sYSPG32.EXE] C:\WINDOWS\SYSPG32.EXE /sO4 - HKLM\..\RunServices: [sYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /sO4 - HKLM\..\RunServices: [MSCT.EXE] C:\WINDOWS\SYSTEM\MSCT.EXE /sO4 - HKLM\..\RunServices: [APPNP32.EXE] C:\WINDOWS\APPNP32.EXE /sO4 - HKLM\..\RunServices: [APPPU.EXE] C:\WINDOWS\APPPU.EXE /sO4 - HKLM\..\RunServices: [ADDMR32.EXE] C:\WINDOWS\SYSTEM\ADDMR32.EXE /sO4 - HKLM\..\RunServices: [WINRM.EXE] C:\WINDOWS\SYSTEM\WINRM.EXE /sO4 - HKLM\..\RunServices: [iERL.EXE] C:\WINDOWS\IERL.EXE /sO4 - HKLM\..\RunServices: [ADDCL32.EXE] C:\WINDOWS\SYSTEM\ADDCL32.EXE /sO4 - HKLM\..\RunServices: [MSHV.EXE] C:\WINDOWS\SYSTEM\MSHV.EXE /sO4 - HKLM\..\RunServices: [WINSU.EXE] C:\WINDOWS\SYSTEM\WINSU.EXE /sO4 - HKLM\..\RunServices: [JAVAUJ.EXE] C:\WINDOWS\JAVAUJ.EXE /sO4 - HKLM\..\RunServices: [ATLUK32.EXE] C:\WINDOWS\ATLUK32.EXE /sO4 - HKLM\..\RunServices: [NTFJ.EXE] C:\WINDOWS\NTFJ.EXE /sO4 - HKLM\..\RunServices: [NETMT32.EXE] C:\WINDOWS\NETMT32.EXE /sO4 - HKLM\..\RunServices: [MSQY32.EXE] C:\WINDOWS\MSQY32.EXE /sO4 - HKLM\..\RunServices: [APIRI32.EXE] C:\WINDOWS\APIRI32.EXE /sO4 - HKLM\..\RunServices: [NTEF.EXE] C:\WINDOWS\SYSTEM\NTEF.EXE /sO4 - HKLM\..\RunServices: [sYSSO.EXE] C:\WINDOWS\SYSTEM\SYSSO.EXE /sO4 - HKLM\..\RunServices: [NTRW.EXE] C:\WINDOWS\SYSTEM\NTRW.EXE /sO4 - HKLM\..\RunServices: [MSSY32.EXE] C:\WINDOWS\SYSTEM\MSSY32.EXE /sO4 - HKLM\..\RunServices: [sDKHK.EXE] C:\WINDOWS\SDKHK.EXE /sO4 - HKLM\..\RunServices: [NTCN.EXE] C:\WINDOWS\SYSTEM\NTCN.EXE /sO4 - HKLM\..\RunServices: [iPYC.EXE] C:\WINDOWS\IPYC.EXE /sO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /backgroundO4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /backgroundO4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\RunServices: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /backgroundO4 - HKCU\..\RunServices: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /backgroundO4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXEO4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXEO4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exeO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXEO4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exeO4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeO4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXEO4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exeO8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_addO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO13 - WWW. Prefix: http://O14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.comO16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.hearme.com/HearMeAutoInstaller.exeO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exe Link to post Share on other sites
therock247uk Posted May 14, 2005 Report Share Posted May 14, 2005 1.Download about:buster by RubbeRDuckY Here.Save the file somewhere you will remember like to the Desktop.Please run about:buster by RubbeRDuckY:Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.Navigate to the AboutBuster directory and double-click on AboutBuster.exe.Click "OK" at the prompt with instructions.Click "Update" and then "Check For Update" to begin the update process.If any updates exist please download them by clicking "Download Update" then click the X to close that window.Boot into safemode againOpen About:buster againClick Start and then OK to allow AboutBuster to scan for Alternate Data Streams.Click Yes to allow it to shutdown explorer.exe.It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.3. Reboot and Download and run http://cwshredder.net/bin/CWShredder.exe click fix. 4. Then post the about:buster log and a new Hijackthis log here in a reply. Link to post Share on other sites
aprguy Posted May 16, 2005 Author Report Share Posted May 16, 2005 First - Rock - thank you for the assist - my computer is getting more and more gummed up by the moment. I couldn't get the About Buster Log to open so I had to open it in QuickView and right it down - here's what I got.Scan 1About Buster Version 4.0Reference List: 26Ads not scanned system (FAT)Removed! C:\Windows\xaxtjs.datRemoved! C:\Windows\ramxuu.datRemoved! C:\Windows\ipwffm.datRemoved! C:\Windows\dinzm.datRemoved! C:\Windows\System\gwiig.datRemoved! C:\Windows\System\pybct.datAttempted Clean of Temp FolderRemoved! Uninstall Key (HSA)Removed! Uninstal Key (SE)Removed! Uninstall Key (SW)Pages Reset...Done!Scan 2Removed! C:\Windows\lguosi.datThis is the Hijack This Log - had to open it with Winword and copy it from there.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xzhki.dll/sp.html#12345R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - Default URLSearchHook is missingF1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exeF1 - win.ini: run=Qtstub.exeO2 - BHO: Class - {24F7A19B-E91E-3E36-E139-91C802FC2B0F} - C:\WINDOWS\APIZN32.DLLO2 - BHO: Class - {ADE15B25-99D9-47AB-3E33-9B2A8D282369} - C:\WINDOWS\SYSTEM\MFCPP32.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exeO4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exeO4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIETO4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\82F4C060.htaO4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottimeO4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [iEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEO4 - HKLM\..\Run: [WINMJ32.EXE] C:\WINDOWS\WINMJ32.EXEO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [JAVABN32.EXE] C:\WINDOWS\SYSTEM\JAVABN32.EXE /sO4 - HKLM\..\RunServices: [APINA.EXE] C:\WINDOWS\SYSTEM\APINA.EXE /sO4 - HKLM\..\RunServices: [NETKR32.EXE] C:\WINDOWS\NETKR32.EXE /sO4 - HKLM\..\RunServices: [ATLDF.EXE] C:\WINDOWS\ATLDF.EXE /sO4 - HKLM\..\RunServices: [sDKLK.EXE] C:\WINDOWS\SDKLK.EXE /sO4 - HKLM\..\RunServices: [NETNC32.EXE] C:\WINDOWS\SYSTEM\NETNC32.EXE /sO4 - HKLM\..\RunServices: [iPNN.EXE] C:\WINDOWS\IPNN.EXE /sO4 - HKLM\..\RunServices: [APIIW32.EXE] C:\WINDOWS\SYSTEM\APIIW32.EXE /sO4 - HKLM\..\RunServices: [iPDD32.EXE] C:\WINDOWS\IPDD32.EXE /sO4 - HKLM\..\RunServices: [MSDA.EXE] C:\WINDOWS\MSDA.EXE /sO4 - HKLM\..\RunServices: [sDKPW.EXE] C:\WINDOWS\SYSTEM\SDKPW.EXE /sO4 - HKLM\..\RunServices: [iPZF32.EXE] C:\WINDOWS\IPZF32.EXE /sO4 - HKLM\..\RunServices: [JAVARD.EXE] C:\WINDOWS\JAVARD.EXE /sO4 - HKLM\..\RunServices: [NTNR.EXE] C:\WINDOWS\NTNR.EXE /sO4 - HKLM\..\RunServices: [NTQA32.EXE] C:\WINDOWS\NTQA32.EXE /sO4 - HKLM\..\RunServices: [NETMV.EXE] C:\WINDOWS\SYSTEM\NETMV.EXE /sO4 - HKLM\..\RunServices: [MFCKO32.EXE] C:\WINDOWS\SYSTEM\MFCKO32.EXE /sO4 - HKLM\..\RunServices: [ADDSB32.EXE] C:\WINDOWS\SYSTEM\ADDSB32.EXE /sO4 - HKLM\..\RunServices: [D3TF32.EXE] C:\WINDOWS\D3TF32.EXE /sO4 - HKLM\..\RunServices: [MSSH.EXE] C:\WINDOWS\SYSTEM\MSSH.EXE /sO4 - HKLM\..\RunServices: [NTZY32.EXE] C:\WINDOWS\SYSTEM\NTZY32.EXE /sO4 - HKLM\..\RunServices: [APPBH32.EXE] C:\WINDOWS\SYSTEM\APPBH32.EXE /sO4 - HKLM\..\RunServices: [MSOC32.EXE] C:\WINDOWS\MSOC32.EXE /sO4 - HKLM\..\RunServices: [NTPU32.EXE] C:\WINDOWS\NTPU32.EXE /sO4 - HKLM\..\RunServices: [iEGJ32.EXE] C:\WINDOWS\IEGJ32.EXE /sO4 - HKLM\..\RunServices: [sYSPG32.EXE] C:\WINDOWS\SYSPG32.EXE /sO4 - HKLM\..\RunServices: [sYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /sO4 - HKLM\..\RunServices: [MSCT.EXE] C:\WINDOWS\SYSTEM\MSCT.EXE /sO4 - HKLM\..\RunServices: [APPNP32.EXE] C:\WINDOWS\APPNP32.EXE /sO4 - HKLM\..\RunServices: [APPPU.EXE] C:\WINDOWS\APPPU.EXE /sO4 - HKLM\..\RunServices: [ADDMR32.EXE] C:\WINDOWS\SYSTEM\ADDMR32.EXE /sO4 - HKLM\..\RunServices: [WINRM.EXE] C:\WINDOWS\SYSTEM\WINRM.EXE /sO4 - HKLM\..\RunServices: [iERL.EXE] C:\WINDOWS\IERL.EXE /sO4 - HKLM\..\RunServices: [ADDCL32.EXE] C:\WINDOWS\SYSTEM\ADDCL32.EXE /sO4 - HKLM\..\RunServices: [MSHV.EXE] C:\WINDOWS\SYSTEM\MSHV.EXE /sO4 - HKLM\..\RunServices: [WINSU.EXE] C:\WINDOWS\SYSTEM\WINSU.EXE /sO4 - HKLM\..\RunServices: [JAVAUJ.EXE] C:\WINDOWS\JAVAUJ.EXE /sO4 - HKLM\..\RunServices: [ATLUK32.EXE] C:\WINDOWS\ATLUK32.EXE /sO4 - HKLM\..\RunServices: [NTFJ.EXE] C:\WINDOWS\NTFJ.EXE /sO4 - HKLM\..\RunServices: [NETMT32.EXE] C:\WINDOWS\NETMT32.EXE /sO4 - HKLM\..\RunServices: [MSQY32.EXE] C:\WINDOWS\MSQY32.EXE /sO4 - HKLM\..\RunServices: [APIRI32.EXE] C:\WINDOWS\APIRI32.EXE /sO4 - HKLM\..\RunServices: [NTEF.EXE] C:\WINDOWS\SYSTEM\NTEF.EXE /sO4 - HKLM\..\RunServices: [sYSSO.EXE] C:\WINDOWS\SYSTEM\SYSSO.EXE /sO4 - HKLM\..\RunServices: [NTRW.EXE] C:\WINDOWS\SYSTEM\NTRW.EXE /sO4 - HKLM\..\RunServices: [MSSY32.EXE] C:\WINDOWS\SYSTEM\MSSY32.EXE /sO4 - HKLM\..\RunServices: [sDKHK.EXE] C:\WINDOWS\SDKHK.EXE /sO4 - HKLM\..\RunServices: [NTCN.EXE] C:\WINDOWS\SYSTEM\NTCN.EXE /sO4 - HKLM\..\RunServices: [iPYC.EXE] C:\WINDOWS\IPYC.EXE /sO4 - HKLM\..\RunServices: [iPAX.EXE] C:\WINDOWS\IPAX.EXE /sO4 - HKLM\..\RunServices: [iELM32.EXE] C:\WINDOWS\IELM32.EXE /sO4 - HKLM\..\RunServices: [APPDV32.EXE] C:\WINDOWS\SYSTEM\APPDV32.EXE /sO4 - HKLM\..\RunServices: [NTIF.EXE] C:\WINDOWS\NTIF.EXE /sO4 - HKLM\..\RunServices: [ADDMQ32.EXE] C:\WINDOWS\SYSTEM\ADDMQ32.EXE /sO4 - HKLM\..\RunServices: [iPXX.EXE] C:\WINDOWS\IPXX.EXE /sO4 - HKLM\..\RunServices: [NETMZ32.EXE] C:\WINDOWS\SYSTEM\NETMZ32.EXE /sO4 - HKLM\..\RunServices: [ATLAF32.EXE] C:\WINDOWS\SYSTEM\ATLAF32.EXE /sO4 - HKLM\..\RunServices: [CRWA32.EXE] C:\WINDOWS\CRWA32.EXE /sO4 - HKLM\..\RunServices: [CRCG.EXE] C:\WINDOWS\CRCG.EXE /sO4 - HKLM\..\RunServices: [sDKBX.EXE] C:\WINDOWS\SDKBX.EXE /sO4 - HKLM\..\RunServices: [D3QQ32.EXE] C:\WINDOWS\SYSTEM\D3QQ32.EXE /sO4 - HKLM\..\RunServices: [WINGQ32.EXE] C:\WINDOWS\SYSTEM\WINGQ32.EXE /sO4 - HKLM\..\RunServices: [NETXC32.EXE] C:\WINDOWS\NETXC32.EXE /sO4 - HKLM\..\RunServices: [MSXQ32.EXE] C:\WINDOWS\MSXQ32.EXE /sO4 - HKLM\..\RunServices: [iPBN32.EXE] C:\WINDOWS\IPBN32.EXE /sO4 - HKLM\..\RunServices: [sDKKI32.EXE] C:\WINDOWS\SDKKI32.EXE /sO4 - HKLM\..\RunServices: [JAVAHV.EXE] C:\WINDOWS\JAVAHV.EXE /sO4 - HKLM\..\RunServices: [MSQE.EXE] C:\WINDOWS\MSQE.EXE /sO4 - HKLM\..\RunServices: [ATLFM.EXE] C:\WINDOWS\SYSTEM\ATLFM.EXE /sO4 - HKLM\..\RunServices: [iEBL.EXE] C:\WINDOWS\IEBL.EXE /sO4 - HKLM\..\RunServices: [sDKGJ.EXE] C:\WINDOWS\SDKGJ.EXE /sO4 - HKLM\..\RunServices: [iEQI32.EXE] C:\WINDOWS\SYSTEM\IEQI32.EXE /sO4 - HKLM\..\RunServices: [iPXO.EXE] C:\WINDOWS\SYSTEM\IPXO.EXE /sO4 - HKLM\..\RunServices: [CRYE.EXE] C:\WINDOWS\CRYE.EXE /sO4 - HKLM\..\RunServices: [sYSLZ32.EXE] C:\WINDOWS\SYSLZ32.EXE /sO4 - HKLM\..\RunServices: [JAVAJT.EXE] C:\WINDOWS\JAVAJT.EXE /sO4 - HKLM\..\RunServices: [MSXO32.EXE] C:\WINDOWS\MSXO32.EXE /sO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /backgroundO4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /backgroundO4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXEO4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXEO4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exeO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXEO4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exeO4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeO4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXEO4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exeO8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_addO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO13 - WWW. Prefix: http://O14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.comO16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.hearme.com/HearMeAutoInstaller.exeO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exeHope this is usable for you.Again - many many thanks for the assist.Aprguy Link to post Share on other sites
therock247uk Posted May 16, 2005 Report Share Posted May 16, 2005 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.nz/help/0,,4155-1916458,00.html2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xzhki.dll/sp.html#12345R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xzhki.dll/sp.html#12345R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xzhki.dll/sp.html#12345R3 - Default URLSearchHook is missingO2 - BHO: Class - {24F7A19B-E91E-3E36-E139-91C802FC2B0F} - C:\WINDOWS\APIZN32.DLLO2 - BHO: Class - {ADE15B25-99D9-47AB-3E33-9B2A8D282369} - C:\WINDOWS\SYSTEM\MFCPP32.DLLO4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\82F4C060.htaO4 - HKLM\..\Run: [WINMJ32.EXE] C:\WINDOWS\WINMJ32.EXEO4 - HKLM\..\RunServices: [JAVABN32.EXE] C:\WINDOWS\SYSTEM\JAVABN32.EXE /sO4 - HKLM\..\RunServices: [APINA.EXE] C:\WINDOWS\SYSTEM\APINA.EXE /sO4 - HKLM\..\RunServices: [NETKR32.EXE] C:\WINDOWS\NETKR32.EXE /sO4 - HKLM\..\RunServices: [ATLDF.EXE] C:\WINDOWS\ATLDF.EXE /sO4 - HKLM\..\RunServices: [sDKLK.EXE] C:\WINDOWS\SDKLK.EXE /sO4 - HKLM\..\RunServices: [NETNC32.EXE] C:\WINDOWS\SYSTEM\NETNC32.EXE /sO4 - HKLM\..\RunServices: [iPNN.EXE] C:\WINDOWS\IPNN.EXE /sO4 - HKLM\..\RunServices: [APIIW32.EXE] C:\WINDOWS\SYSTEM\APIIW32.EXE /sO4 - HKLM\..\RunServices: [iPDD32.EXE] C:\WINDOWS\IPDD32.EXE /sO4 - HKLM\..\RunServices: [MSDA.EXE] C:\WINDOWS\MSDA.EXE /sO4 - HKLM\..\RunServices: [sDKPW.EXE] C:\WINDOWS\SYSTEM\SDKPW.EXE /sO4 - HKLM\..\RunServices: [iPZF32.EXE] C:\WINDOWS\IPZF32.EXE /sO4 - HKLM\..\RunServices: [JAVARD.EXE] C:\WINDOWS\JAVARD.EXE /sO4 - HKLM\..\RunServices: [NTNR.EXE] C:\WINDOWS\NTNR.EXE /sO4 - HKLM\..\RunServices: [NTQA32.EXE] C:\WINDOWS\NTQA32.EXE /sO4 - HKLM\..\RunServices: [NETMV.EXE] C:\WINDOWS\SYSTEM\NETMV.EXE /sO4 - HKLM\..\RunServices: [MFCKO32.EXE] C:\WINDOWS\SYSTEM\MFCKO32.EXE /sO4 - HKLM\..\RunServices: [ADDSB32.EXE] C:\WINDOWS\SYSTEM\ADDSB32.EXE /sO4 - HKLM\..\RunServices: [D3TF32.EXE] C:\WINDOWS\D3TF32.EXE /sO4 - HKLM\..\RunServices: [MSSH.EXE] C:\WINDOWS\SYSTEM\MSSH.EXE /sO4 - HKLM\..\RunServices: [NTZY32.EXE] C:\WINDOWS\SYSTEM\NTZY32.EXE /sO4 - HKLM\..\RunServices: [APPBH32.EXE] C:\WINDOWS\SYSTEM\APPBH32.EXE /sO4 - HKLM\..\RunServices: [MSOC32.EXE] C:\WINDOWS\MSOC32.EXE /sO4 - HKLM\..\RunServices: [NTPU32.EXE] C:\WINDOWS\NTPU32.EXE /sO4 - HKLM\..\RunServices: [iEGJ32.EXE] C:\WINDOWS\IEGJ32.EXE /sO4 - HKLM\..\RunServices: [sYSPG32.EXE] C:\WINDOWS\SYSPG32.EXE /sO4 - HKLM\..\RunServices: [sYSMP.EXE] C:\WINDOWS\SYSTEM\SYSMP.EXE /sO4 - HKLM\..\RunServices: [MSCT.EXE] C:\WINDOWS\SYSTEM\MSCT.EXE /sO4 - HKLM\..\RunServices: [APPNP32.EXE] C:\WINDOWS\APPNP32.EXE /sO4 - HKLM\..\RunServices: [APPPU.EXE] C:\WINDOWS\APPPU.EXE /sO4 - HKLM\..\RunServices: [ADDMR32.EXE] C:\WINDOWS\SYSTEM\ADDMR32.EXE /sO4 - HKLM\..\RunServices: [WINRM.EXE] C:\WINDOWS\SYSTEM\WINRM.EXE /sO4 - HKLM\..\RunServices: [iERL.EXE] C:\WINDOWS\IERL.EXE /sO4 - HKLM\..\RunServices: [ADDCL32.EXE] C:\WINDOWS\SYSTEM\ADDCL32.EXE /sO4 - HKLM\..\RunServices: [MSHV.EXE] C:\WINDOWS\SYSTEM\MSHV.EXE /sO4 - HKLM\..\RunServices: [WINSU.EXE] C:\WINDOWS\SYSTEM\WINSU.EXE /sO4 - HKLM\..\RunServices: [JAVAUJ.EXE] C:\WINDOWS\JAVAUJ.EXE /sO4 - HKLM\..\RunServices: [ATLUK32.EXE] C:\WINDOWS\ATLUK32.EXE /sO4 - HKLM\..\RunServices: [NTFJ.EXE] C:\WINDOWS\NTFJ.EXE /sO4 - HKLM\..\RunServices: [NETMT32.EXE] C:\WINDOWS\NETMT32.EXE /sO4 - HKLM\..\RunServices: [MSQY32.EXE] C:\WINDOWS\MSQY32.EXE /sO4 - HKLM\..\RunServices: [APIRI32.EXE] C:\WINDOWS\APIRI32.EXE /sO4 - HKLM\..\RunServices: [NTEF.EXE] C:\WINDOWS\SYSTEM\NTEF.EXE /sO4 - HKLM\..\RunServices: [sYSSO.EXE] C:\WINDOWS\SYSTEM\SYSSO.EXE /sO4 - HKLM\..\RunServices: [NTRW.EXE] C:\WINDOWS\SYSTEM\NTRW.EXE /sO4 - HKLM\..\RunServices: [MSSY32.EXE] C:\WINDOWS\SYSTEM\MSSY32.EXE /sO4 - HKLM\..\RunServices: [sDKHK.EXE] C:\WINDOWS\SDKHK.EXE /sO4 - HKLM\..\RunServices: [NTCN.EXE] C:\WINDOWS\SYSTEM\NTCN.EXE /sO4 - HKLM\..\RunServices: [iPYC.EXE] C:\WINDOWS\IPYC.EXE /sO4 - HKLM\..\RunServices: [iPAX.EXE] C:\WINDOWS\IPAX.EXE /sO4 - HKLM\..\RunServices: [iELM32.EXE] C:\WINDOWS\IELM32.EXE /sO4 - HKLM\..\RunServices: [APPDV32.EXE] C:\WINDOWS\SYSTEM\APPDV32.EXE /sO4 - HKLM\..\RunServices: [NTIF.EXE] C:\WINDOWS\NTIF.EXE /sO4 - HKLM\..\RunServices: [ADDMQ32.EXE] C:\WINDOWS\SYSTEM\ADDMQ32.EXE /sO4 - HKLM\..\RunServices: [iPXX.EXE] C:\WINDOWS\IPXX.EXE /sO4 - HKLM\..\RunServices: [NETMZ32.EXE] C:\WINDOWS\SYSTEM\NETMZ32.EXE /sO4 - HKLM\..\RunServices: [ATLAF32.EXE] C:\WINDOWS\SYSTEM\ATLAF32.EXE /sO4 - HKLM\..\RunServices: [CRWA32.EXE] C:\WINDOWS\CRWA32.EXE /sO4 - HKLM\..\RunServices: [CRCG.EXE] C:\WINDOWS\CRCG.EXE /sO4 - HKLM\..\RunServices: [sDKBX.EXE] C:\WINDOWS\SDKBX.EXE /sO4 - HKLM\..\RunServices: [D3QQ32.EXE] C:\WINDOWS\SYSTEM\D3QQ32.EXE /sO4 - HKLM\..\RunServices: [WINGQ32.EXE] C:\WINDOWS\SYSTEM\WINGQ32.EXE /sO4 - HKLM\..\RunServices: [NETXC32.EXE] C:\WINDOWS\NETXC32.EXE /sO4 - HKLM\..\RunServices: [MSXQ32.EXE] C:\WINDOWS\MSXQ32.EXE /sO4 - HKLM\..\RunServices: [iPBN32.EXE] C:\WINDOWS\IPBN32.EXE /sO4 - HKLM\..\RunServices: [sDKKI32.EXE] C:\WINDOWS\SDKKI32.EXE /sO4 - HKLM\..\RunServices: [JAVAHV.EXE] C:\WINDOWS\JAVAHV.EXE /sO4 - HKLM\..\RunServices: [MSQE.EXE] C:\WINDOWS\MSQE.EXE /sO4 - HKLM\..\RunServices: [ATLFM.EXE] C:\WINDOWS\SYSTEM\ATLFM.EXE /sO4 - HKLM\..\RunServices: [iEBL.EXE] C:\WINDOWS\IEBL.EXE /sO4 - HKLM\..\RunServices: [sDKGJ.EXE] C:\WINDOWS\SDKGJ.EXE /sO4 - HKLM\..\RunServices: [iEQI32.EXE] C:\WINDOWS\SYSTEM\IEQI32.EXE /sO4 - HKLM\..\RunServices: [iPXO.EXE] C:\WINDOWS\SYSTEM\IPXO.EXE /sO4 - HKLM\..\RunServices: [CRYE.EXE] C:\WINDOWS\CRYE.EXE /sO4 - HKLM\..\RunServices: [sYSLZ32.EXE] C:\WINDOWS\SYSLZ32.EXE /sO4 - HKLM\..\RunServices: [JAVAJT.EXE] C:\WINDOWS\JAVAJT.EXE /sO4 - HKLM\..\RunServices: [MSXO32.EXE] C:\WINDOWS\MSXO32.EXE /s < there many be more like that fix them also4. Delete the files.C:\WINDOWS\xzhki.dllC:\WINDOWS\APIZN32.DLLC:\WINDOWS\SYSTEM\MFCPP32.DLLC:\WINDOWS\SYSTEM\82F4C060.htaC:\WINDOWS\WINMJ32.EXEC:\WINDOWS\SYSTEM\JAVABN32.EXE C:\WINDOWS\SYSTEM\APINA.EXE C:\WINDOWS\NETKR32.EXE C:\WINDOWS\ATLDF.EXE C:\WINDOWS\SDKLK.EXEC:\WINDOWS\SYSTEM\NETNC32.EXE C:\WINDOWS\IPNN.EXE C:\WINDOWS\SYSTEM\APIIW32.EXE C:\WINDOWS\IPDD32.EXE C:\WINDOWS\MSDA.EXE C:\WINDOWS\SYSTEM\SDKPW.EXE C:\WINDOWS\IPZF32.EXE C:\WINDOWS\JAVARD.EXE C:\WINDOWS\NTNR.EXE C:\WINDOWS\NTQA32.EXE C:\WINDOWS\SYSTEM\NETMV.EXE C:\WINDOWS\SYSTEM\MFCKO32.EXE C:\WINDOWS\SYSTEM\ADDSB32.EXE C:\WINDOWS\D3TF32.EXE C:\WINDOWS\SYSTEM\MSSH.EXE C:\WINDOWS\SYSTEM\NTZY32.EXE C:\WINDOWS\SYSTEM\APPBH32.EXE C:\WINDOWS\MSOC32.EXE C:\WINDOWS\NTPU32.EXE C:\WINDOWS\IEGJ32.EXE C:\WINDOWS\SYSPG32.EXE C:\WINDOWS\SYSTEM\SYSMP.EXE C:\WINDOWS\SYSTEM\MSCT.EXE C:\WINDOWS\APPNP32.EXE C:\WINDOWS\APPPU.EXEC:\WINDOWS\SYSTEM\ADDMR32.EXE C:\WINDOWS\SYSTEM\WINRM.EXE C:\WINDOWS\IERL.EXE C:\WINDOWS\SYSTEM\ADDCL32.EXE C:\WINDOWS\SYSTEM\MSHV.EXE C:\WINDOWS\SYSTEM\WINSU.EXE C:\WINDOWS\JAVAUJ.EXE C:\WINDOWS\ATLUK32.EXE C:\WINDOWS\NTFJ.EXE C:\WINDOWS\NETMT32.EXE C:\WINDOWS\MSQY32.EXE C:\WINDOWS\APIRI32.EXE C:\WINDOWS\SYSTEM\NTEF.EXE C:\WINDOWS\SYSTEM\SYSSO.EXE C:\WINDOWS\SYSTEM\NTRW.EXE C:\WINDOWS\SYSTEM\MSSY32.EXE C:\WINDOWS\SDKHK.EXE C:\WINDOWS\SYSTEM\NTCN.EXE C:\WINDOWS\IPYC.EXE C:\WINDOWS\IPAX.EXE C:\WINDOWS\IELM32.EXE C:\WINDOWS\SYSTEM\APPDV32.EXE C:\WINDOWS\NTIF.EXE C:\WINDOWS\SYSTEM\ADDMQ32.EXE C:\WINDOWS\IPXX.EXE C:\WINDOWS\SYSTEM\NETMZ32.EXE C:\WINDOWS\SYSTEM\ATLAF32.EXE C:\WINDOWS\CRWA32.EXE C:\WINDOWS\CRCG.EXE C:\WINDOWS\SDKBX.EXE C:\WINDOWS\SYSTEM\D3QQ32.EXE C:\WINDOWS\SYSTEM\WINGQ32.EXE C:\WINDOWS\NETXC32.EXE C:\WINDOWS\MSXQ32.EXE C:\WINDOWS\IPBN32.EXE C:\WINDOWS\SDKKI32.EXE C:\WINDOWS\JAVAHV.EXE C:\WINDOWS\MSQE.EXE C:\WINDOWS\SYSTEM\ATLFM.EXE C:\WINDOWS\IEBL.EXE C:\WINDOWS\SDKGJ.EXE C:\WINDOWS\SYSTEM\IEQI32.EXE C:\WINDOWS\SYSTEM\IPXO.EXE C:\WINDOWS\CRYE.EXE C:\WINDOWS\SYSLZ32.EXE C:\WINDOWS\JAVAJT.EXE C:\WINDOWS\MSXO32.EXE 5. Reboot back into normal mode and post a new Hijackthis log here in a reply. Link to post Share on other sites
aprguy Posted May 17, 2005 Author Report Share Posted May 17, 2005 Rock - you are amazing.While still not 100% I can at least function - thank you so much.Here's the latest Hijack this logv1.99.1Scan saved at 12:37:01 AM, on 5/17/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\ATI2EVAE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\Tools_95\Register\REMIND.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\ATIPTAXX.EXEC:\WINDOWS\SYSTEM\ATI2CWXX.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\LOADQM.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\TOOLS_95\IMGICON.EXEC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXEC:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXEC:\PROGRAM FILES\PALMONE\HOTSYNC.EXEC:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\SYSTEM\HPZIPM12.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXEC:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/F1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exeF1 - win.ini: run=Qtstub.exeO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exeO4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exeO4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIETO4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\82F4C060.htaO4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottimeO4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [iEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXEO4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXEO4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exeO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXEO4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exeO4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeO4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXEO4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exeO8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_addO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO13 - WWW. Prefix: http://O14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.comO16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.hearme.com/HearMeAutoInstaller.exeO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exeThank you, thank you for your great work.I'll await your reply.Aprguy Link to post Share on other sites
therock247uk Posted May 17, 2005 Report Share Posted May 17, 2005 1. Boot into safemode again.2. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.O4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\82F4C060.htaO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO13 - WWW. Prefix: http://3. Delete the files. (if present)C:\WINDOWS\SYSTEM\82F4C060.hta4. Reboot and post a new Hijackthis log here in a reply. Link to post Share on other sites
aprguy Posted May 17, 2005 Author Report Share Posted May 17, 2005 Rock - here's the new log and at the risk of sounding like a broken record - thank you!The file you wanted me to delete: C:\Windows\System\82F4C060.hta was not present.Don't know if this is relevant, but nearly everytime I reboot, I get a message that Stimon has performed an illegal task and has been shutdown.AprguyLogfile of HijackThis v1.99.1Scan saved at 5:46:19 PM, on 5/17/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\ATI2EVAE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\Tools_95\Register\REMIND.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\ATIPTAXX.EXEC:\WINDOWS\SYSTEM\ATI2CWXX.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\WINDOWS\LOADQM.EXEC:\TOOLS_95\IMGICON.EXEC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXEC:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXEC:\PROGRAM FILES\PALMONE\HOTSYNC.EXEC:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXEC:\WINDOWS\SYSTEM\HPZIPM12.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/F1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exeF1 - win.ini: run=Qtstub.exeO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exeO4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exeO4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIETO4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottimeO4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [iEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXEO4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXEO4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exeO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXEO4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exeO4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeO4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXEO4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exeO8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_addO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.comO16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.hearme.com/HearMeAutoInstaller.exeO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exe Link to post Share on other sites
therock247uk Posted May 17, 2005 Report Share Posted May 17, 2005 Your Hijackthis log is clean 1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.O4 - HKLM\..\Run: [iEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEThe file that is causing you a problem is this line in Hijackthis you can fix it if you wish and try opening it when needed look here for infomation on it http://castlecops.com/startuplist-3543.htmlO4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE2. Reboot your PC and see if you still have a problem. Link to post Share on other sites
aprguy Posted May 18, 2005 Author Report Share Posted May 18, 2005 Rock - as requested - here is my latest log.Best regards - and thanksAprguy1Scan saved at 4:54:36 PM, on 5/18/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\ATI2EVAE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\Tools_95\Register\REMIND.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\ATIPTAXX.EXEC:\WINDOWS\SYSTEM\ATI2CWXX.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\WINDOWS\LOADQM.EXEC:\TOOLS_95\IMGICON.EXEC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXEC:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXEC:\PROGRAM FILES\PALMONE\HOTSYNC.EXEC:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXEC:\WINDOWS\SYSTEM\HPZIPM12.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/F1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exeF1 - win.ini: run=Qtstub.exeO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exeO4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exeO4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIETO4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottimeO4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXEO4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXEO4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exeO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXEO4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exeO4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeO4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXEO4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exeO8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_addO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.comO16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.hearme.com/HearMeAutoInstaller.exeO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exe Link to post Share on other sites
therock247uk Posted May 18, 2005 Report Share Posted May 18, 2005 How is the PC running?Your log is clean Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop up windows.I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.Credit to PGPhantom for canned speech. Link to post Share on other sites
Spurv Posted May 21, 2005 Report Share Posted May 21, 2005 Hello:I heard of this type of virus or malware from APRGUY and wondered how I could get my list of processes reviewed for infection. I'm alittle lost and not sure how to capture the LOG and post it. I,m not even sure if this is how I forward this request.Respectively,Spurv Link to post Share on other sites
Recommended Posts