Jump to content

AmoLaZucca

Members
  • Content Count

    28
  • Joined

  • Last visited

About AmoLaZucca

  • Rank
    Member
  1. Thanks again! I installed all MS updates, and I downloaded Firefox - I have all of the spyware programs you mentioned, and I will install ZoneAlarm and I bookmarked Tony Klien's article for future refrence! I'm set, my PC is doing GREAT, and I'm one happy camper! THANK YOU once again for everything!
  2. Sorry for the delay in responding. It's been hectic here. OK, I followed your directions and....... Adaware and Spybot S&D both came up CLEAN!!!! My PC shows NO signs of infection! Swandog46 and thatman - I can never thank you enough for the time you've taken to help me! I thought my PC was a total loss - but you got my PC back for me, and words cannot describe how happy I am right now! to both of you! I will send anyone having PC problems here and I will always recommend PC Pitstop! My sincere thanks and gratitude to you both! Friends, Amo
  3. Everything seems A LOT better, Swandog46! Thank you!!! I ran AdAware and removed all but two corrupt files that it found. I can't manually remove them either - they are: c:\_RESTORE\TEMP\UJRLHM.0 c:\_RESTORE\TEMP\CPRYNUC.0 Also, I've noticed a LOT of files titled "Thumbs" that are scattered throughout my PC. The icon is the paper with a magnifying glass. I can't remove them, but they were never there before I was infected. Are they harmful? I have a total of 34. Once again - A BIG THANKS TO YOU and the same to THATMAN, as well! My computer would surely have been useless by now, if it were not for the both of you. Thanks just doesn't seem like enough...
  4. OK - I followed the directions you gave me and here are my new reports: TrackQoo: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun" "TaskMonitor"="C:\\WINDOWS\\taskmon.exe" "PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s" "SystemTray"="SysTray.Exe" "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "HPAIO_PrintFolderMgr"="C:\\WINDOWS\\SYSTEM\\hpoopm07.exe" "CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" @="" "MCAgentExe"="C:\\PROGRA~1\\MCAFEE.COM\\AGENT\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\MCAFEE.COM\\AGENT\\MCUPDATE.EXE" "_AntiSpyware"="C:\\PROGRAM FILES\\MCAFEE\\MCAFEE ANTISPYWARE\\MssCli.exe" "QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime" ----------------- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers Subkey --- Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} syncui.dll Subkey --- Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL Subkey --- WinZip {E0D79304-84BE-11CE-9641-444553540000} C:\PROGRA~1\WINZIP\WZSHLSTB.DLL ===================== HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1} C:\WINDOWS\SYSTEM\DOCPROP2.DLL ============================== C:\WINDOWS\All Users\Start Menu\Programs\StartUp ============================== C:\WINDOWS\Start Menu\Programs\StartUp HPAiODevice.lnk ============================== C:\WINDOWS\SYSTEM cpl files INETCPL.CPL Microsoft Corporation INTL.CPL Microsoft Corporation MODEM.CPL Microsoft Corporation ODBCCP32.CPL Microsoft Corporation POWERCFG.CPL Microsoft Corporation APPWIZ.CPL Microsoft Corporation DESK.CPL Microsoft Corporation MAIN.CPL Microsoft Corporation MMSYS.CPL Microsoft Corporation NETCPL.CPL Microsoft Corporation PASSWORD.CPL Microsoft Corporation SYSDM.CPL Microsoft Corporation TELEPHON.CPL Microsoft Corporation TIMEDATE.CPL Microsoft Corporation WUAUCPL.CPL Microsoft Corporation ACCESS.CPL Microsoft Corporation THEMES.CPL Microsoft Corporation IGFXCPL.CPL Intel Corporation QuickTime.cpl Apple Computer, Inc. UILib.cpl Sony Corporation QTW32.CPL Apple Computer, Inc. QTW16.CPL Apple Computer, Inc. JOY.CPL Microsoft Corporation wxfw.cpl The Weather Channel Interactive And HJT... Logfile of HijackThis v1.99.1 Scan saved at 7:46:18 PM, on 8/7/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\AREA.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {85A8D8EC-063D-475C-88B4-B23149E5A8BC} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...544/mcfscan.cab Thank you SO, SO MUCH - and I'll check in again soon!
  5. Thank you for taking the time to try and help me! It's no problem - I'm glad to know that I helped you in a way, by being a test subject! I emailed you, and here is my new HJT log, as well as the results you requested from "Track goo": Logfile of HijackThis v1.99.1 Scan saved at 1:18:37 PM, on 8/6/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\UJRLHM.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\RunDLL.exe C:\PTUE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\WINDOWS\TEMP\!UPDATE.EXE C:\PROGRAM FILES\UTHM\AREA.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {85A8D8EC-063D-475C-88B4-B23149E5A8BC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected] O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ujrlhm.exe reg_run O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Xhvzs] \ptue.exe O4 - HKCU\..\Run: [uate] C:\Program Files\uthm\area.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O4 - Startup: cknu.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...544/mcfscan.cab TRACK GOO: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun" "TaskMonitor"="C:\\WINDOWS\\taskmon.exe" "PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s" "SystemTray"="SysTray.Exe" "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "HPAIO_PrintFolderMgr"="C:\\WINDOWS\\SYSTEM\\hpoopm07.exe" "CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" @="" "MCAgentExe"="C:\\PROGRA~1\\MCAFEE.COM\\AGENT\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\MCAFEE.COM\\AGENT\\MCUPDATE.EXE" "_AntiSpyware"="C:\\PROGRAM FILES\\MCAFEE\\MCAFEE ANTISPYWARE\\MssCli.exe" "QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime" "AUNPS2"="RUNDLL32 AUNPS2.DLL,[email protected]" "KavSvc"="C:\\WINDOWS\\ujrlhm.exe reg_run" "autoupdate"="rundll32 C:\\WINDOWS\\SYSTEM\\DATADX.DLL,SHStart" ----------------- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers Subkey --- Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} syncui.dll Subkey --- Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL Subkey --- WinZip {E0D79304-84BE-11CE-9641-444553540000} C:\PROGRA~1\WINZIP\WZSHLSTB.DLL ===================== HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1} C:\WINDOWS\SYSTEM\DOCPROP2.DLL ============================== C:\WINDOWS\All Users\Start Menu\Programs\StartUp ============================== C:\WINDOWS\Start Menu\Programs\StartUp HPAiODevice.lnk cknu.exe ============================== C:\WINDOWS\SYSTEM cpl files INETCPL.CPL Microsoft Corporation INTL.CPL Microsoft Corporation MODEM.CPL Microsoft Corporation ODBCCP32.CPL Microsoft Corporation POWERCFG.CPL Microsoft Corporation APPWIZ.CPL Microsoft Corporation DESK.CPL Microsoft Corporation MAIN.CPL Microsoft Corporation MMSYS.CPL Microsoft Corporation NETCPL.CPL Microsoft Corporation PASSWORD.CPL Microsoft Corporation SYSDM.CPL Microsoft Corporation TELEPHON.CPL Microsoft Corporation TIMEDATE.CPL Microsoft Corporation WUAUCPL.CPL Microsoft Corporation ACCESS.CPL Microsoft Corporation THEMES.CPL Microsoft Corporation IGFXCPL.CPL Intel Corporation QuickTime.cpl Apple Computer, Inc. UILib.cpl Sony Corporation QTW32.CPL Apple Computer, Inc. QTW16.CPL Apple Computer, Inc. JOY.CPL Microsoft Corporation wxfw.cpl The Weather Channel Interactive conres.cpl I'll check back in ASAP! THANK YOU!!!
  6. OK - I followed your directions and here are my results! Log of L2M9XFix v1 ************ Running from directory: C:\WINDOWS\Desktop\l2m9xfix ************ Files found: C:\WINDOWS\system\MXXML.DLL C:\WINDOWS\system\MXXML.DLL C:\WINDOWS\system\MXXML.DLL C:\WINDOWS\system\OKBC32GT.DLL C:\WINDOWS\system\OKBC32GT.DLL C:\WINDOWS\system\OKBC32GT.DLL C:\WINDOWS\system\OGE2CONV.DLL C:\WINDOWS\system\OGE2CONV.DLL C:\WINDOWS\system\OGE2CONV.DLL C:\WINDOWS\system\MWASN1.DLL C:\WINDOWS\system\MWASN1.DLL C:\WINDOWS\system\MWASN1.DLL C:\WINDOWS\system\GEI32.DLL C:\WINDOWS\system\GEI32.DLL C:\WINDOWS\system\GEI32.DLL C:\WINDOWS\system\RBCLTC1.DLL C:\WINDOWS\system\RBCLTC1.DLL C:\WINDOWS\system\RBCLTC1.DLL C:\WINDOWS\system\Lwgl12n.dll C:\WINDOWS\system\Lwgl12n.dll C:\WINDOWS\system\Lwgl12n.dll C:\WINDOWS\system\JUDW400.DLL C:\WINDOWS\system\JUDW400.DLL C:\WINDOWS\system\JUDW400.DLL C:\WINDOWS\system\DZIME.DLL C:\WINDOWS\system\DZIME.DLL C:\WINDOWS\system\DZIME.DLL C:\WINDOWS\system\luXbm12n.dll C:\WINDOWS\system\luXbm12n.dll C:\WINDOWS\system\luXbm12n.dll C:\WINDOWS\system\MXRD2X40.DLL C:\WINDOWS\system\MXRD2X40.DLL C:\WINDOWS\system\MXRD2X40.DLL C:\WINDOWS\system\myikbdjp.dll C:\WINDOWS\system\myikbdjp.dll C:\WINDOWS\system\myikbdjp.dll C:\WINDOWS\system\GKU32.DLL C:\WINDOWS\system\GKU32.DLL C:\WINDOWS\system\GKU32.DLL C:\WINDOWS\system\LNDIS11n.dll C:\WINDOWS\system\LNDIS11n.dll C:\WINDOWS\system\LNDIS11n.dll C:\WINDOWS\system\CLSEQCHK.DLL C:\WINDOWS\system\CLSEQCHK.DLL C:\WINDOWS\system\CLSEQCHK.DLL C:\WINDOWS\system\NCDD32.DLL C:\WINDOWS\system\NCDD32.DLL C:\WINDOWS\system\NCDD32.DLL C:\WINDOWS\system\mtoert2.dll C:\WINDOWS\system\mtoert2.dll C:\WINDOWS\system\mtoert2.dll C:\WINDOWS\system\VAB32.DLL C:\WINDOWS\system\VAB32.DLL C:\WINDOWS\system\VAB32.DLL C:\WINDOWS\system\DFVENUM.DLL C:\WINDOWS\system\DFVENUM.DLL C:\WINDOWS\system\DFVENUM.DLL C:\WINDOWS\system\KXC.DLL C:\WINDOWS\system\KXC.DLL C:\WINDOWS\system\KXC.DLL C:\WINDOWS\system\MDC30.DLL C:\WINDOWS\system\MDC30.DLL C:\WINDOWS\system\MDC30.DLL C:\WINDOWS\system\OUBCTRAC.DLL C:\WINDOWS\system\OUBCTRAC.DLL C:\WINDOWS\system\OUBCTRAC.DLL C:\WINDOWS\system\MWVIDC32.DLL C:\WINDOWS\system\MWVIDC32.DLL C:\WINDOWS\system\MWVIDC32.DLL C:\WINDOWS\system\RACMQCL.DLL C:\WINDOWS\system\RACMQCL.DLL C:\WINDOWS\system\RACMQCL.DLL C:\WINDOWS\system\WB2HELP.DLL C:\WINDOWS\system\WB2HELP.DLL C:\WINDOWS\system\WB2HELP.DLL C:\WINDOWS\system\bnc42d.dll C:\WINDOWS\system\bnc42d.dll C:\WINDOWS\system\bnc42d.dll C:\WINDOWS\system\MGVIDC32.DLL C:\WINDOWS\system\MGVIDC32.DLL C:\WINDOWS\system\MGVIDC32.DLL C:\WINDOWS\system\SWCOMM36.DLL C:\WINDOWS\system\SWCOMM36.DLL C:\WINDOWS\system\SWCOMM36.DLL C:\WINDOWS\system\mvxml3.dll C:\WINDOWS\system\mvxml3.dll C:\WINDOWS\system\mvxml3.dll C:\WINDOWS\system\MKDMO.DLL C:\WINDOWS\system\MKDMO.DLL C:\WINDOWS\system\MKDMO.DLL C:\WINDOWS\system\WSNMM.DLL C:\WINDOWS\system\WSNMM.DLL C:\WINDOWS\system\WSNMM.DLL C:\WINDOWS\system\MBJAVA.DLL C:\WINDOWS\system\MBJAVA.DLL C:\WINDOWS\system\MBJAVA.DLL C:\WINDOWS\system\Stace.dll C:\WINDOWS\system\Stace.dll C:\WINDOWS\system\Stace.dll C:\WINDOWS\system\SDNCUI.DLL C:\WINDOWS\system\SDNCUI.DLL C:\WINDOWS\system\SDNCUI.DLL C:\WINDOWS\system\MGUTILSE.DLL C:\WINDOWS\system\MGUTILSE.DLL C:\WINDOWS\system\MGUTILSE.DLL C:\WINDOWS\system\lnimg11n.dll C:\WINDOWS\system\lnimg11n.dll C:\WINDOWS\system\lnimg11n.dll C:\WINDOWS\system\muxml4r.dll C:\WINDOWS\system\muxml4r.dll C:\WINDOWS\system\muxml4r.dll C:\WINDOWS\system\XVNROLL.DLL C:\WINDOWS\system\XVNROLL.DLL C:\WINDOWS\system\XVNROLL.DLL C:\WINDOWS\system\SONCENG.DLL C:\WINDOWS\system\SONCENG.DLL C:\WINDOWS\system\SONCENG.DLL C:\WINDOWS\system\Lwdlg12n.dll C:\WINDOWS\system\Lwdlg12n.dll C:\WINDOWS\system\Lwdlg12n.dll C:\WINDOWS\system\MPAFD.DLL C:\WINDOWS\system\MPAFD.DLL C:\WINDOWS\system\MPAFD.DLL C:\WINDOWS\system\MQENCODE.DLL C:\WINDOWS\system\MQENCODE.DLL C:\WINDOWS\system\MQENCODE.DLL C:\WINDOWS\system\POlmDevC.dll C:\WINDOWS\system\POlmDevC.dll C:\WINDOWS\system\POlmDevC.dll C:\WINDOWS\system\hmoipt07.dll C:\WINDOWS\system\hmoipt07.dll C:\WINDOWS\system\hmoipt07.dll C:\WINDOWS\system\vat3216.dll C:\WINDOWS\system\vat3216.dll C:\WINDOWS\system\vat3216.dll ************ Registry entries found: [HKEY_CLASSES_ROOT\CLSID\{60350398-2803-4DA8-99B8-41372B8B46D2}\InprocServer32] @="C:\\WINDOWS\\SYSTEM\\SWCOMM36.DLL" [HKEY_CLASSES_ROOT\CLSID\{60350398-2803-4DA8-99B8-41372B8B46D2}\InprocServer32] @="C:\\WINDOWS\\SYSTEM\\SWCOMM36.DLL" [HKEY_CLASSES_ROOT\CLSID\{60350398-2803-4DA8-99B8-41372B8B46D2}\InprocServer32] @="C:\\WINDOWS\\SYSTEM\\SWCOMM36.DLL" ************ Killing Explorer Done! Killing Rundll32 Done! Removing malicious CLSID(s) Done! Restarting Explorer Done! Deleting malicious files Done! Finished! Logfile of HijackThis v1.99.1 Scan saved at 9:25:53 PM, on 8/2/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\UJRLHM.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\WEB OFFER\WO.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\UTHM\AREA.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\EXPLORER.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {85A8D8EC-063D-475C-88B4-B23149E5A8BC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected] O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ujrlhm.exe reg_run O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Xhvzs] \ptue.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [uate] C:\Program Files\uthm\area.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O4 - Startup: cknu.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...544/mcfscan.cab I can't thank you both enough for helping me and not giving up! I'll check back in again soon to see the next steps!
  7. Thanks, Swandog46! I will follow these steps and check in later with my results! Again, thank you very much for your help!
  8. Not a problem! Take your time and I hope all works out with your PC troubles. Thanks again!
  9. Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RBCLTC1.DLL Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\IEHost30.exe Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Lwgl12n.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JUDW400.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZIME.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\luXbm12n.dll Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\IEDll300.dll Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\uninstal.exe Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\pinstaller.exe Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXRD2X40.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\myikbdjp.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GKU32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LNDIS11n.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CLSEQCHK.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NCDD32.DLL Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM\Shex.exe Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mtoert2.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VAB32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DFVENUM.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\KXC.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWVIDC32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RACMQCL.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WB2HELP.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\bnc42d.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGVIDC32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SWCOMM36.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mvxml3.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKDMO.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MBJAVA.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Stace.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SDNCUI.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGUTILSE.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lnimg11n.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\muxml4r.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\XVNROLL.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SONCENG.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Lwdlg12n.dll Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\dzvhyf.exe Adware:Adware/Pacimedia No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\SH892BG5\pcs_0026[1].exe Adware:Adware/PurityScan No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\8HMZ8D2N\!update-2264[1].0000 Adware:Adware/Midaddle No disinfected C:\WINDOWS\ru.exe Adware:Adware/BookedSpace No disinfected C:\WINDOWS\iouzczrb.exe Adware:Adware/BookedSpace No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll Spyware:Spyware/SurfSideKick No disinfected C:\SSK39.exe Adware:Adware/PortalScan No disinfected C:\InstallAPS.exe Thanks once again, thatman! I'll check back again soon for more instructions!
  10. FIRST HALF OF PANDA SCAN: Incident Status Location Virus:Trj/Clicker.DJ Disinfected Operating system Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LWGL12N.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SWCOMM36.DLL Adware:adware/purityscan No disinfected C:\WINDOWS\TEMP\!update.exe Adware:adware/ncase No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\clientax.dll Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\APPLICATION DATA\Sskcwrd.dll Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET Adware:adware/apropos No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\APRPS Adware:adware/delfinmedia No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\VIDCTRL Adware:adware/portalscan No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AUNPS2 Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a} Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A7.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81B7.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav12D4.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav1390.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2311.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2316.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav30D3.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav31B6.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3274.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3384.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3386.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav33A0.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav33A3.TMP Virus:Trj/Clicker.DJ Disinfected C:\WINDOWS\TEMP\pavA033.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA0BB.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA0E1.TMP Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.dll Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXXML.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OKBC32GT.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OGE2CONV.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWASN1.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GEI32.DLL SECOND HALF FOLLOWS>>>
  11. So sorry to hear you've had PC troubles, thatman. Don't worry about me - I'll always check back here to see the next steps. Hope all is better for you now! OK first thing: When I double Click on the delete.reg that I created, It gives me a warning that says "Cannot import C:\WINDOWS\DESKTOP\DELETE.REG: The specified file is not a registry script. You can import only registry files." I did everything else as you requested, and my Panda scan follows this post. OK here is my new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:24:49 PM, on 7/29/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PTUE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\UTHM\AREA.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {85A8D8EC-063D-475C-88B4-B23149E5A8BC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected] O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Xhvzs] \ptue.exe O4 - HKCU\..\Run: [uate] C:\Program Files\uthm\area.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...544/mcfscan.cab Panda Scan Follows...
  12. Incident Status Location Virus:Trj/Downloader.AYV Disinfected Operating system Adware:Adware/AdBehavior No disinfected C:\WINDOWS\UJRLHM.EXE Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LBWND80N.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SWCOMM36.DLL Adware:Adware/AdBehavior No disinfected C:\WINDOWS\CPRYNUC.DLL Adware:adware/iedriver No disinfected C:\WINDOWS\SYSTEM\Searchx.htm Adware:adware/ncase No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\clientax.dll Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\APPLICATION DATA\Sskknwrd.dll Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET Adware:adware/apropos No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\APRPS Adware:adware/delfinmedia No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\VIDCTRL Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a} Adware:Adware/AdBehavior No disinfected C:\WINDOWS\Start Menu\Programs\StartUp\cknu.exe Adware:Adware/AdBehavior No disinfected C:\WINDOWS\TEMP\pav8148.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A7.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81B7.TMP Adware:Adware/AdBehavior No disinfected C:\WINDOWS\TEMP\pav8294.TMP Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.dll Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXXML.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OKBC32GT.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OGE2CONV.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWASN1.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GEI32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RBCLTC1.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\luXbm12n.dll Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\IEDll300.dll Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\uninstal.exe Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\pinstaller.exe Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXRD2X40.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LBWND80N.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGVIDC32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SWCOMM36.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Stace.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SDNCUI.DLL Adware:Adware/AdBehavior No disinfected C:\WINDOWS\yapgw.dat Adware:Adware/AdBehavior No disinfected C:\WINDOWS\cprynuc.dll Adware:Adware/AdBehavior No disinfected C:\WINDOWS\ujrlhm.exe Adware:Adware/QoolAid No disinfected C:\WINDOWS\qnbxdoq.exe Adware:Adware/AdBehavior No disinfected C:\WINDOWS\vwugi.dll Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050714-103657-833.dll Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-493.dll Adware:Adware/BookedSpace No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll Spyware:Spyware/SurfSideKick No disinfected C:\SSK39.exe THANKS SO MUCH! I'll check in again soon!
  13. Not giving up on you, thatman! It was a phase - I'm better now! LOL Here are my new scans: Logfile of HijackThis v1.99.1 Scan saved at 5:33:42 PM, on 7/24/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE C:\WINDOWS\UJRLHM.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL (file missing) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [exp] C:\WINDOWS\SYSTEM\exp O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ujrlhm.exe reg_run O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [surfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O4 - Startup: cknu.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 PANDA SCAN FOLLOWS:
  14. When I click on this link ( http://downloads.subratam.org/FINDnFIX.exe ) or manually type it in my browser, I get a blank page that says the "page cannot be found....The page you are looking for might have been removed, had its name changed, or is temporarily unavailable." When I try going to ( downloads.subratam.org ) I get a blank page that says "Forbidden You don't have permission to access / on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/1.3.33 Server at downloads.subratam.org Port 80." Is all hope gone?? If I could only get my hands on the people responsible for infecting my PC..... Thanks so much for your help, thatman! I don't want to trouble you anymore with this if you think there's no hope. You've devoted so much time to helping me - and I truly appreciate that! Just seems that I have some nasty infections on here that refuse to go away.
  15. SECOND HALF OF PANDA SCAN: Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9283.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9284.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9286.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9290.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9292.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9294.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9296.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92A1.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92B0.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92B4.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92B2.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92B5.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92C1.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92C3.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92C5.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92D1.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9319.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9320.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9322.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9323.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9325.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9331.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9333.TMP Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\pav3274.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\upd209.exe Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\TEMP\i4085.TMP Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.dll Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGVIDC32.DLL Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\09EBGTUV\webservice[3].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\webservice[3].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\webservice[5].htm Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\cassetup[1].exe Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[3].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[5].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\RMKJVPCT\webservice[1].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\KX0ZGZSN\webservice[1].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\installer_MARKETING58.exe Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050714-103657-833.dll Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-493.dll Adware:Adware/BookedSpace No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe Spyware:Spyware/SurfSideKick No disinfected C:\SSK39.exe I know I deleted so much of that stuff manually. It seems that most things just keep coming back. The SurfSideKick, Look2Me and the Bargain Buddy files - I deleted them all! I don't understand. Thank you for your help! I'll check in again soon...
×
×
  • Create New...