Jump to content

AmoLaZucca

Members
  • Content Count

    28
  • Joined

  • Last visited

Everything posted by AmoLaZucca

  1. Thanks again! I installed all MS updates, and I downloaded Firefox - I have all of the spyware programs you mentioned, and I will install ZoneAlarm and I bookmarked Tony Klien's article for future refrence! I'm set, my PC is doing GREAT, and I'm one happy camper! THANK YOU once again for everything!
  2. Sorry for the delay in responding. It's been hectic here. OK, I followed your directions and....... Adaware and Spybot S&D both came up CLEAN!!!! My PC shows NO signs of infection! Swandog46 and thatman - I can never thank you enough for the time you've taken to help me! I thought my PC was a total loss - but you got my PC back for me, and words cannot describe how happy I am right now! to both of you! I will send anyone having PC problems here and I will always recommend PC Pitstop! My sincere thanks and gratitude to you both! Friends, Amo
  3. Everything seems A LOT better, Swandog46! Thank you!!! I ran AdAware and removed all but two corrupt files that it found. I can't manually remove them either - they are: c:\_RESTORE\TEMP\UJRLHM.0 c:\_RESTORE\TEMP\CPRYNUC.0 Also, I've noticed a LOT of files titled "Thumbs" that are scattered throughout my PC. The icon is the paper with a magnifying glass. I can't remove them, but they were never there before I was infected. Are they harmful? I have a total of 34. Once again - A BIG THANKS TO YOU and the same to THATMAN, as well! My computer would surely have been useless by now, if it were not for the both of you. Thanks just doesn't seem like enough...
  4. OK - I followed the directions you gave me and here are my new reports: TrackQoo: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun" "TaskMonitor"="C:\\WINDOWS\\taskmon.exe" "PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s" "SystemTray"="SysTray.Exe" "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "HPAIO_PrintFolderMgr"="C:\\WINDOWS\\SYSTEM\\hpoopm07.exe" "CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" @="" "MCAgentExe"="C:\\PROGRA~1\\MCAFEE.COM\\AGENT\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\MCAFEE.COM\\AGENT\\MCUPDATE.EXE" "_AntiSpyware"="C:\\PROGRAM FILES\\MCAFEE\\MCAFEE ANTISPYWARE\\MssCli.exe" "QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime" ----------------- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers Subkey --- Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} syncui.dll Subkey --- Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL Subkey --- WinZip {E0D79304-84BE-11CE-9641-444553540000} C:\PROGRA~1\WINZIP\WZSHLSTB.DLL ===================== HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1} C:\WINDOWS\SYSTEM\DOCPROP2.DLL ============================== C:\WINDOWS\All Users\Start Menu\Programs\StartUp ============================== C:\WINDOWS\Start Menu\Programs\StartUp HPAiODevice.lnk ============================== C:\WINDOWS\SYSTEM cpl files INETCPL.CPL Microsoft Corporation INTL.CPL Microsoft Corporation MODEM.CPL Microsoft Corporation ODBCCP32.CPL Microsoft Corporation POWERCFG.CPL Microsoft Corporation APPWIZ.CPL Microsoft Corporation DESK.CPL Microsoft Corporation MAIN.CPL Microsoft Corporation MMSYS.CPL Microsoft Corporation NETCPL.CPL Microsoft Corporation PASSWORD.CPL Microsoft Corporation SYSDM.CPL Microsoft Corporation TELEPHON.CPL Microsoft Corporation TIMEDATE.CPL Microsoft Corporation WUAUCPL.CPL Microsoft Corporation ACCESS.CPL Microsoft Corporation THEMES.CPL Microsoft Corporation IGFXCPL.CPL Intel Corporation QuickTime.cpl Apple Computer, Inc. UILib.cpl Sony Corporation QTW32.CPL Apple Computer, Inc. QTW16.CPL Apple Computer, Inc. JOY.CPL Microsoft Corporation wxfw.cpl The Weather Channel Interactive And HJT... Logfile of HijackThis v1.99.1 Scan saved at 7:46:18 PM, on 8/7/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\AREA.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {85A8D8EC-063D-475C-88B4-B23149E5A8BC} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...544/mcfscan.cab Thank you SO, SO MUCH - and I'll check in again soon!
  5. Thank you for taking the time to try and help me! It's no problem - I'm glad to know that I helped you in a way, by being a test subject! I emailed you, and here is my new HJT log, as well as the results you requested from "Track goo": Logfile of HijackThis v1.99.1 Scan saved at 1:18:37 PM, on 8/6/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\UJRLHM.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\RunDLL.exe C:\PTUE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\WINDOWS\TEMP\!UPDATE.EXE C:\PROGRAM FILES\UTHM\AREA.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {85A8D8EC-063D-475C-88B4-B23149E5A8BC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16 O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ujrlhm.exe reg_run O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Xhvzs] \ptue.exe O4 - HKCU\..\Run: [uate] C:\Program Files\uthm\area.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O4 - Startup: cknu.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...544/mcfscan.cab TRACK GOO: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun" "TaskMonitor"="C:\\WINDOWS\\taskmon.exe" "PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s" "SystemTray"="SysTray.Exe" "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "HPAIO_PrintFolderMgr"="C:\\WINDOWS\\SYSTEM\\hpoopm07.exe" "CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe" "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" @="" "MCAgentExe"="C:\\PROGRA~1\\MCAFEE.COM\\AGENT\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\MCAFEE.COM\\AGENT\\MCUPDATE.EXE" "_AntiSpyware"="C:\\PROGRAM FILES\\MCAFEE\\MCAFEE ANTISPYWARE\\MssCli.exe" "QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime" "AUNPS2"="RUNDLL32 AUNPS2.DLL,_Run@16" "KavSvc"="C:\\WINDOWS\\ujrlhm.exe reg_run" "autoupdate"="rundll32 C:\\WINDOWS\\SYSTEM\\DATADX.DLL,SHStart" ----------------- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers Subkey --- Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} syncui.dll Subkey --- Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL Subkey --- WinZip {E0D79304-84BE-11CE-9641-444553540000} C:\PROGRA~1\WINZIP\WZSHLSTB.DLL ===================== HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829} C:\WINDOWS\SYSTEM\SHELL32.DLL Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1} C:\WINDOWS\SYSTEM\DOCPROP2.DLL ============================== C:\WINDOWS\All Users\Start Menu\Programs\StartUp ============================== C:\WINDOWS\Start Menu\Programs\StartUp HPAiODevice.lnk cknu.exe ============================== C:\WINDOWS\SYSTEM cpl files INETCPL.CPL Microsoft Corporation INTL.CPL Microsoft Corporation MODEM.CPL Microsoft Corporation ODBCCP32.CPL Microsoft Corporation POWERCFG.CPL Microsoft Corporation APPWIZ.CPL Microsoft Corporation DESK.CPL Microsoft Corporation MAIN.CPL Microsoft Corporation MMSYS.CPL Microsoft Corporation NETCPL.CPL Microsoft Corporation PASSWORD.CPL Microsoft Corporation SYSDM.CPL Microsoft Corporation TELEPHON.CPL Microsoft Corporation TIMEDATE.CPL Microsoft Corporation WUAUCPL.CPL Microsoft Corporation ACCESS.CPL Microsoft Corporation THEMES.CPL Microsoft Corporation IGFXCPL.CPL Intel Corporation QuickTime.cpl Apple Computer, Inc. UILib.cpl Sony Corporation QTW32.CPL Apple Computer, Inc. QTW16.CPL Apple Computer, Inc. JOY.CPL Microsoft Corporation wxfw.cpl The Weather Channel Interactive conres.cpl I'll check back in ASAP! THANK YOU!!!
  6. OK - I followed your directions and here are my results! Log of L2M9XFix v1 ************ Running from directory: C:\WINDOWS\Desktop\l2m9xfix ************ Files found: C:\WINDOWS\system\MXXML.DLL C:\WINDOWS\system\MXXML.DLL C:\WINDOWS\system\MXXML.DLL C:\WINDOWS\system\OKBC32GT.DLL C:\WINDOWS\system\OKBC32GT.DLL C:\WINDOWS\system\OKBC32GT.DLL C:\WINDOWS\system\OGE2CONV.DLL C:\WINDOWS\system\OGE2CONV.DLL C:\WINDOWS\system\OGE2CONV.DLL C:\WINDOWS\system\MWASN1.DLL C:\WINDOWS\system\MWASN1.DLL C:\WINDOWS\system\MWASN1.DLL C:\WINDOWS\system\GEI32.DLL C:\WINDOWS\system\GEI32.DLL C:\WINDOWS\system\GEI32.DLL C:\WINDOWS\system\RBCLTC1.DLL C:\WINDOWS\system\RBCLTC1.DLL C:\WINDOWS\system\RBCLTC1.DLL C:\WINDOWS\system\Lwgl12n.dll C:\WINDOWS\system\Lwgl12n.dll C:\WINDOWS\system\Lwgl12n.dll C:\WINDOWS\system\JUDW400.DLL C:\WINDOWS\system\JUDW400.DLL C:\WINDOWS\system\JUDW400.DLL C:\WINDOWS\system\DZIME.DLL C:\WINDOWS\system\DZIME.DLL C:\WINDOWS\system\DZIME.DLL C:\WINDOWS\system\luXbm12n.dll C:\WINDOWS\system\luXbm12n.dll C:\WINDOWS\system\luXbm12n.dll C:\WINDOWS\system\MXRD2X40.DLL C:\WINDOWS\system\MXRD2X40.DLL C:\WINDOWS\system\MXRD2X40.DLL C:\WINDOWS\system\myikbdjp.dll C:\WINDOWS\system\myikbdjp.dll C:\WINDOWS\system\myikbdjp.dll C:\WINDOWS\system\GKU32.DLL C:\WINDOWS\system\GKU32.DLL C:\WINDOWS\system\GKU32.DLL C:\WINDOWS\system\LNDIS11n.dll C:\WINDOWS\system\LNDIS11n.dll C:\WINDOWS\system\LNDIS11n.dll C:\WINDOWS\system\CLSEQCHK.DLL C:\WINDOWS\system\CLSEQCHK.DLL C:\WINDOWS\system\CLSEQCHK.DLL C:\WINDOWS\system\NCDD32.DLL C:\WINDOWS\system\NCDD32.DLL C:\WINDOWS\system\NCDD32.DLL C:\WINDOWS\system\mtoert2.dll C:\WINDOWS\system\mtoert2.dll C:\WINDOWS\system\mtoert2.dll C:\WINDOWS\system\VAB32.DLL C:\WINDOWS\system\VAB32.DLL C:\WINDOWS\system\VAB32.DLL C:\WINDOWS\system\DFVENUM.DLL C:\WINDOWS\system\DFVENUM.DLL C:\WINDOWS\system\DFVENUM.DLL C:\WINDOWS\system\KXC.DLL C:\WINDOWS\system\KXC.DLL C:\WINDOWS\system\KXC.DLL C:\WINDOWS\system\MDC30.DLL C:\WINDOWS\system\MDC30.DLL C:\WINDOWS\system\MDC30.DLL C:\WINDOWS\system\OUBCTRAC.DLL C:\WINDOWS\system\OUBCTRAC.DLL C:\WINDOWS\system\OUBCTRAC.DLL C:\WINDOWS\system\MWVIDC32.DLL C:\WINDOWS\system\MWVIDC32.DLL C:\WINDOWS\system\MWVIDC32.DLL C:\WINDOWS\system\RACMQCL.DLL C:\WINDOWS\system\RACMQCL.DLL C:\WINDOWS\system\RACMQCL.DLL C:\WINDOWS\system\WB2HELP.DLL C:\WINDOWS\system\WB2HELP.DLL C:\WINDOWS\system\WB2HELP.DLL C:\WINDOWS\system\bnc42d.dll C:\WINDOWS\system\bnc42d.dll C:\WINDOWS\system\bnc42d.dll C:\WINDOWS\system\MGVIDC32.DLL C:\WINDOWS\system\MGVIDC32.DLL C:\WINDOWS\system\MGVIDC32.DLL C:\WINDOWS\system\SWCOMM36.DLL C:\WINDOWS\system\SWCOMM36.DLL C:\WINDOWS\system\SWCOMM36.DLL C:\WINDOWS\system\mvxml3.dll C:\WINDOWS\system\mvxml3.dll C:\WINDOWS\system\mvxml3.dll C:\WINDOWS\system\MKDMO.DLL C:\WINDOWS\system\MKDMO.DLL C:\WINDOWS\system\MKDMO.DLL C:\WINDOWS\system\WSNMM.DLL C:\WINDOWS\system\WSNMM.DLL C:\WINDOWS\system\WSNMM.DLL C:\WINDOWS\system\MBJAVA.DLL C:\WINDOWS\system\MBJAVA.DLL C:\WINDOWS\system\MBJAVA.DLL C:\WINDOWS\system\Stace.dll C:\WINDOWS\system\Stace.dll C:\WINDOWS\system\Stace.dll C:\WINDOWS\system\SDNCUI.DLL C:\WINDOWS\system\SDNCUI.DLL C:\WINDOWS\system\SDNCUI.DLL C:\WINDOWS\system\MGUTILSE.DLL C:\WINDOWS\system\MGUTILSE.DLL C:\WINDOWS\system\MGUTILSE.DLL C:\WINDOWS\system\lnimg11n.dll C:\WINDOWS\system\lnimg11n.dll C:\WINDOWS\system\lnimg11n.dll C:\WINDOWS\system\muxml4r.dll C:\WINDOWS\system\muxml4r.dll C:\WINDOWS\system\muxml4r.dll C:\WINDOWS\system\XVNROLL.DLL C:\WINDOWS\system\XVNROLL.DLL C:\WINDOWS\system\XVNROLL.DLL C:\WINDOWS\system\SONCENG.DLL C:\WINDOWS\system\SONCENG.DLL C:\WINDOWS\system\SONCENG.DLL C:\WINDOWS\system\Lwdlg12n.dll C:\WINDOWS\system\Lwdlg12n.dll C:\WINDOWS\system\Lwdlg12n.dll C:\WINDOWS\system\MPAFD.DLL C:\WINDOWS\system\MPAFD.DLL C:\WINDOWS\system\MPAFD.DLL C:\WINDOWS\system\MQENCODE.DLL C:\WINDOWS\system\MQENCODE.DLL C:\WINDOWS\system\MQENCODE.DLL C:\WINDOWS\system\POlmDevC.dll C:\WINDOWS\system\POlmDevC.dll C:\WINDOWS\system\POlmDevC.dll C:\WINDOWS\system\hmoipt07.dll C:\WINDOWS\system\hmoipt07.dll C:\WINDOWS\system\hmoipt07.dll C:\WINDOWS\system\vat3216.dll C:\WINDOWS\system\vat3216.dll C:\WINDOWS\system\vat3216.dll ************ Registry entries found: [HKEY_CLASSES_ROOT\CLSID\{60350398-2803-4DA8-99B8-41372B8B46D2}\InprocServer32] @="C:\\WINDOWS\\SYSTEM\\SWCOMM36.DLL" [HKEY_CLASSES_ROOT\CLSID\{60350398-2803-4DA8-99B8-41372B8B46D2}\InprocServer32] @="C:\\WINDOWS\\SYSTEM\\SWCOMM36.DLL" [HKEY_CLASSES_ROOT\CLSID\{60350398-2803-4DA8-99B8-41372B8B46D2}\InprocServer32] @="C:\\WINDOWS\\SYSTEM\\SWCOMM36.DLL" ************ Killing Explorer Done! Killing Rundll32 Done! Removing malicious CLSID(s) Done! Restarting Explorer Done! Deleting malicious files Done! Finished! Logfile of HijackThis v1.99.1 Scan saved at 9:25:53 PM, on 8/2/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\UJRLHM.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\WEB OFFER\WO.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\UTHM\AREA.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\EXPLORER.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {85A8D8EC-063D-475C-88B4-B23149E5A8BC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16 O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ujrlhm.exe reg_run O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Xhvzs] \ptue.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [uate] C:\Program Files\uthm\area.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O4 - Startup: cknu.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...544/mcfscan.cab I can't thank you both enough for helping me and not giving up! I'll check back in again soon to see the next steps!
  7. Thanks, Swandog46! I will follow these steps and check in later with my results! Again, thank you very much for your help!
  8. Not a problem! Take your time and I hope all works out with your PC troubles. Thanks again!
  9. Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RBCLTC1.DLL Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\IEHost30.exe Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Lwgl12n.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JUDW400.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZIME.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\luXbm12n.dll Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\IEDll300.dll Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\uninstal.exe Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\pinstaller.exe Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXRD2X40.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\myikbdjp.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GKU32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LNDIS11n.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CLSEQCHK.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NCDD32.DLL Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM\Shex.exe Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mtoert2.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VAB32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DFVENUM.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\KXC.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWVIDC32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RACMQCL.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WB2HELP.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\bnc42d.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGVIDC32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SWCOMM36.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mvxml3.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKDMO.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MBJAVA.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Stace.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SDNCUI.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGUTILSE.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lnimg11n.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\muxml4r.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\XVNROLL.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SONCENG.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Lwdlg12n.dll Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\dzvhyf.exe Adware:Adware/Pacimedia No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\SH892BG5\pcs_0026[1].exe Adware:Adware/PurityScan No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\8HMZ8D2N\!update-2264[1].0000 Adware:Adware/Midaddle No disinfected C:\WINDOWS\ru.exe Adware:Adware/BookedSpace No disinfected C:\WINDOWS\iouzczrb.exe Adware:Adware/BookedSpace No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll Spyware:Spyware/SurfSideKick No disinfected C:\SSK39.exe Adware:Adware/PortalScan No disinfected C:\InstallAPS.exe Thanks once again, thatman! I'll check back again soon for more instructions!
  10. FIRST HALF OF PANDA SCAN: Incident Status Location Virus:Trj/Clicker.DJ Disinfected Operating system Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LWGL12N.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SWCOMM36.DLL Adware:adware/purityscan No disinfected C:\WINDOWS\TEMP\!update.exe Adware:adware/ncase No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\clientax.dll Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\APPLICATION DATA\Sskcwrd.dll Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET Adware:adware/apropos No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\APRPS Adware:adware/delfinmedia No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\VIDCTRL Adware:adware/portalscan No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AUNPS2 Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a} Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A7.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81B7.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav12D4.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav1390.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2311.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2316.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav30D3.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav31B6.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3274.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3384.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3386.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav33A0.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav33A3.TMP Virus:Trj/Clicker.DJ Disinfected C:\WINDOWS\TEMP\pavA033.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA0BB.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA0E1.TMP Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.dll Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXXML.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OKBC32GT.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OGE2CONV.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWASN1.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GEI32.DLL SECOND HALF FOLLOWS>>>
  11. So sorry to hear you've had PC troubles, thatman. Don't worry about me - I'll always check back here to see the next steps. Hope all is better for you now! OK first thing: When I double Click on the delete.reg that I created, It gives me a warning that says "Cannot import C:\WINDOWS\DESKTOP\DELETE.REG: The specified file is not a registry script. You can import only registry files." I did everything else as you requested, and my Panda scan follows this post. OK here is my new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:24:49 PM, on 7/29/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PTUE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\UTHM\AREA.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {85A8D8EC-063D-475C-88B4-B23149E5A8BC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16 O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Xhvzs] \ptue.exe O4 - HKCU\..\Run: [uate] C:\Program Files\uthm\area.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...544/mcfscan.cab Panda Scan Follows...
  12. Incident Status Location Virus:Trj/Downloader.AYV Disinfected Operating system Adware:Adware/AdBehavior No disinfected C:\WINDOWS\UJRLHM.EXE Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LBWND80N.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SWCOMM36.DLL Adware:Adware/AdBehavior No disinfected C:\WINDOWS\CPRYNUC.DLL Adware:adware/iedriver No disinfected C:\WINDOWS\SYSTEM\Searchx.htm Adware:adware/ncase No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\clientax.dll Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\APPLICATION DATA\Sskknwrd.dll Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET Adware:adware/apropos No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\APRPS Adware:adware/delfinmedia No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\VIDCTRL Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a} Adware:Adware/AdBehavior No disinfected C:\WINDOWS\Start Menu\Programs\StartUp\cknu.exe Adware:Adware/AdBehavior No disinfected C:\WINDOWS\TEMP\pav8148.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A7.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81B7.TMP Adware:Adware/AdBehavior No disinfected C:\WINDOWS\TEMP\pav8294.TMP Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.dll Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXXML.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OKBC32GT.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OGE2CONV.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWASN1.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GEI32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RBCLTC1.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\luXbm12n.dll Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\IEDll300.dll Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\uninstal.exe Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\pinstaller.exe Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXRD2X40.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LBWND80N.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGVIDC32.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SWCOMM36.DLL Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Stace.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SDNCUI.DLL Adware:Adware/AdBehavior No disinfected C:\WINDOWS\yapgw.dat Adware:Adware/AdBehavior No disinfected C:\WINDOWS\cprynuc.dll Adware:Adware/AdBehavior No disinfected C:\WINDOWS\ujrlhm.exe Adware:Adware/QoolAid No disinfected C:\WINDOWS\qnbxdoq.exe Adware:Adware/AdBehavior No disinfected C:\WINDOWS\vwugi.dll Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050714-103657-833.dll Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-493.dll Adware:Adware/BookedSpace No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll Spyware:Spyware/SurfSideKick No disinfected C:\SSK39.exe THANKS SO MUCH! I'll check in again soon!
  13. Not giving up on you, thatman! It was a phase - I'm better now! LOL Here are my new scans: Logfile of HijackThis v1.99.1 Scan saved at 5:33:42 PM, on 7/24/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE C:\WINDOWS\UJRLHM.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL (file missing) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [exp] C:\WINDOWS\SYSTEM\exp O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ujrlhm.exe reg_run O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [surfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O4 - Startup: cknu.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 PANDA SCAN FOLLOWS:
  14. When I click on this link ( http://downloads.subratam.org/FINDnFIX.exe ) or manually type it in my browser, I get a blank page that says the "page cannot be found....The page you are looking for might have been removed, had its name changed, or is temporarily unavailable." When I try going to ( downloads.subratam.org ) I get a blank page that says "Forbidden You don't have permission to access / on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/1.3.33 Server at downloads.subratam.org Port 80." Is all hope gone?? If I could only get my hands on the people responsible for infecting my PC..... Thanks so much for your help, thatman! I don't want to trouble you anymore with this if you think there's no hope. You've devoted so much time to helping me - and I truly appreciate that! Just seems that I have some nasty infections on here that refuse to go away.
  15. SECOND HALF OF PANDA SCAN: Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9283.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9284.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9286.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9290.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9292.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9294.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9296.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92A1.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92B0.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92B4.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92B2.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92B5.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92C1.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92C3.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92C5.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav92D1.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9319.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9320.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9322.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9323.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9325.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9331.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9333.TMP Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\pav3274.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\upd209.exe Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\TEMP\i4085.TMP Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.dll Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGVIDC32.DLL Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\09EBGTUV\webservice[3].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\webservice[3].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\webservice[5].htm Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\cassetup[1].exe Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[3].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[5].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\RMKJVPCT\webservice[1].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\KX0ZGZSN\webservice[1].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\installer_MARKETING58.exe Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050714-103657-833.dll Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-493.dll Adware:Adware/BookedSpace No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe Spyware:Spyware/SurfSideKick No disinfected C:\SSK39.exe I know I deleted so much of that stuff manually. It seems that most things just keep coming back. The SurfSideKick, Look2Me and the Bargain Buddy files - I deleted them all! I don't understand. Thank you for your help! I'll check in again soon...
  16. FIRST HALF OF PANDA SCAN: Incident Status Location Adware:adware/ncase No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\clientax.dll Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\TEMPORARY INTERNET FILES\Ssk.log Adware:adware/delfinmedia No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DISPLAYUTILITY Spyware:spyware/rxtoolbar No disinfected HKEY_CURRENT_USER\SOFTWARE\RX TOOLBAR Adware:adware/consumeralertsystemNo disinfected HKEY_CURRENT_USER\SOFTWARE\CAS Adware:adware/savenow No disinfected HKEY_CURRENT_USER\SOFTWARE\MVU Adware:adware/p2pnetworking No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\P2P NETWORKING Adware:adware/apropos No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\APRPS Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a} Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB2B3.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB2D0.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7054.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7155.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7164.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7264.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav72E3.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7367.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8091.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80E1.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8123.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8130.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8294.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8394.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9105.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9111.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9116.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9122.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9125.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9131.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9132.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9264.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9265.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9270.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9271.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9272.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9273.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9274.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9275.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9280.TMP Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9282.TMP SECOND HALF IN NEXT POST:
  17. Hi, thatman! OK - I ran tha Panda Scan and manually removed as much as I possibly could. I also downloaded McAfee, let it scan and remove corrupt files, ran AdAware and Spybot S&D and let them remove corrupt files. These files, however, are corrupt and REFUSE to be removed: C:\_RESTORE\TEMP\SYSTB.0 C:\_RESTORE\TEMP\SYSTB.1 C:\_RESTORE\TEMP\SYSTB.2 C:\_RESTORE\ARCHIVE\F5453.CAB C:\_RESTORE\ARCHIVE\F5463.CAB After all that, I did the Panda Scan again - and my new Panda scan log follows in the next posts. This is my new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 5:07:35 PM, on 7/21/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCDASH.EXE C:\PROGRAM FILES\MCAFEE.COM\SHARED\MGHTML.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL (file missing) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\MCAFEE.COM\SHARED\MCAPPINS.EXE /v=3 /cleanup O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [surfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 PANDA SCAN FOLLOWS...
  18. Hi, thatman! I, too, apologize - I have not been online for a few days. Thanks so much for getting back to me - and I am sorry to hear you've had PC troubles. I tried going to http://downloads.subratam.org/FINDnFIX.exe - but I only get a "Page not found" warning. I did download and install ZoneAlarm - thank you! I also removed all files that you asked me to. Here is my new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 12:06:40 AM, on 7/21/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\SYSTEM\NSVSVC\NSVSVC.EXE C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\SYSTEM\NVMS.DLL (file missing) O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [panda cleaner] %SystemRoot%\pavdr.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe" O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\PROGRAM FILES\CAS\CLIENT\CASMF.DLL I'll check back ASAP to see what the next step is. THANK YOU!
  19. And the second half: C:\WINDOWS\SYSTEM\nvms.dll Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\mscb.dll Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM\exdl3.exe Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM\exdl2.exe Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM\exdl1.exe Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM\exul3.exe Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM\exul1.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\09EBGTUV\webservice[3].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\09EBGTUV\webservice[4].htm Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\ceres[1].cab Adware:Adware/Transponder No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\ceres[1].cab[ceres.inf] Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\ceres[1].cab[ceres.dll] Adware:Adware/Look2Me No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\upd208[1].exe Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\webservice[3].htm Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\thnall5c[1].exe Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\webservice[4].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\webservice[5].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[3].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[4].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[5].htm Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\installer_MARKETING58.exe Virus:Trj/Imiserv.D Disinfected C:\WINDOWS\systb.dll Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\exdl.exe Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050714-103657-833.dll Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-493.dll Adware:Adware/BookedSpace No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll Adware:Adware/ExactSearch No disinfected C:\Program Files\NaviSearch\bin\nls.exe Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\BullsEye Network\bin\adv.exe Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\BullsEye Network\bin\adx.exe Spyware:Spyware/BargainBuddy No disinfected C:\Temp\bb_click_wider.swf Spyware:Spyware/BargainBuddy No disinfected C:\Temp\bb_auto_wider.swf Spyware:Spyware/BargainBuddy No disinfected C:\Temp\bb_welcome.html Spyware:Spyware/BargainBuddy No disinfected C:\Temp\bb_welcome1.swf Spyware:Spyware/BargainBuddy No disinfected C:\Temp\icon.gif Spyware:Spyware/BargainBuddy No disinfected C:\Temp\logo.gif Adware:Adware/Twain-Tech No disinfected C:\! Submit\UAWPXM.EXE THANKS AGAIN, thatman! I'll check back in again soon to see what's next.
  20. Here's the first half: PANDA SCAN: Incident Status Location Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\MSCB.DLL Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM\NVMS.DLL Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM\MSBE.DLL Virus:Trj/Imiserv.D Disinfected Operating system Adware:Adware/ExactSearch No disinfected C:\PROGRAM FILES\NAVISEARCH\BIN\NLS.EXE Adware:Adware/eZula No disinfected Windows Registry Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\BullsEye Network Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe Adware:Adware/Superbar No disinfected Windows Registry Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\All Users\Application Data\VBouncer Adware:Adware/SideSearch No disinfected Windows Registry Adware:Adware/IEPlugin No disinfected C:\WINDOWS\systb.dll Adware:Adware/WUpd No disinfected Windows Registry Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM\nvms.dll Adware:Adware/MyWebSearch No disinfected Windows Registry Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\CERES.INF Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\upd208.exe Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\TEMP\wrapperouter.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.cab Adware:Adware/Transponder No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.cab[ceres.inf] Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.cab[ceres.dll] Adware:Adware/Transponder No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.inf Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.dll Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM\exdl.exe Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM\mqexdlm.srg Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM\exul.exe Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM\javexulm.vxd Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM\bbchk.exe Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM\exclean.exe Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM\msbe.dll Adware:Adware/ExactSearch No disinfected Continued in next reply...
  21. It seems that for everything we get rid of, 200 new bad files show up. Totally unfair. I'm going to start looking for a good firewall - if I install one, will it affect what we're doing here? I'll check back with you before I install one. My new Panda scan was too large for one post (again) and follows this post. Here is my new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:42:57 AM, on 7/14/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [panda cleaner] %SystemRoot%\pavdr.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab I can never say thank you enough.
  22. OK - I found out that one file called "uawpxm.exe" is causing a BUNCH of trouble for me. I cannot delete this file, because it says it's "Currenty in use in Windows." However, when I tried to remove it from my running programs I saw it actually create a NEW exact match file before deleting the original! I tried to delete this file three times, only to watch it regenerate itself! I am almost POSITIVE that this file is causing all of my grief - but it refuses to budge. I'm still infected with ceres - so I think the uawpxm.exe file is allowing this. Housecall found six items on my PC. It allowed me to delete three items. Housecall cannot delete the files below - and says they are “currently in use.” TROJ DLOADER Non Cleanable C:\WINDOWS\SYSTEM\uawpxm.exe TROJ CLICKER.AD Non Cleanable C:\_RESTORE\TEMP\AUNPS2.0 TROJ REVOP.F Non Cleanable C:\RESTORE\ARCHIVE\FS453.CAB*W0065530.CPY* Logfile of HijackThis v1.99.1 Scan saved at 4:56:10 PM, on 7/13/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\WUAUCLT.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\UAWPXM.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [uawpxm] c:\windows\system\uawpxm.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [panda cleaner] %SystemRoot%\pavdr.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab PANDA SCAN: Incident Status Location Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\SYSTEM\UAWPXM.EXE Adware:Adware/Twain-Tech No disinfected c:\WINDOWS\SYSTEM\UAWPXM.EXE Adware:Adware/eZula No disinfected Windows Registry Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL Adware:Adware/Superbar No disinfected Windows Registry Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\All Users\Application Data\VBouncer Adware:Adware/SideSearch No disinfected Windows Registry Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\YSBactivex.??? Adware:Adware/Transponder No disinfected Windows Registry Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\TEMP\wrapperouter.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\ysbactivex.dll Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\SYSTEM\uawpxm.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\thnall5c[1].exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\Temporary Internet Files\InstallAPS.exe Adware:Adware/AdBehavior No disinfected C:\unzipped\hijackthis\backups\backup-20050712-105652-142-cknu.exe Spyware:Spyware/BetterInet No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-493.dll Adware:Adware/BookedSpace No disinfected C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll Spyware:Spyware/BetterInet No disinfected C:\Recycled\Dc47.exe Spyware:Spyware/BetterInet No disinfected C:\Recycled\Dc48.cab Adware:Adware/Transponder No disinfected C:\Recycled\Dc48.cab[ceres.inf] Spyware:Spyware/BetterInet No disinfected C:\Recycled\Dc48.cab[ceres.dll] Adware:Adware/Transponder No disinfected C:\Recycled\Dc49.inf Spyware:Spyware/BetterInet No disinfected C:\Recycled\Dc50.dll Adware:Adware/Transponder No disinfected C:\Recycled\Dc51.INF Adware:Adware/AdDestroyer No disinfected C:\Recycled\Dc53.dll Adware:Adware/AdDestroyer No disinfected C:\Recycled\Dc54.dll Thanks once again thatman, and I'll log in again soon to see the next steps.
  23. Here is the remaining Panda scan log: Adware:Adware/AdBehavior No disinfected C:\WINDOWS\SYSTEM\supdate.dll Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\SYSTEM\SWLAD1.dll Adware:Adware/Midaddle No disinfected C:\WINDOWS\SYSTEM\area.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\09EBGTUV\AppWrap[1].exe Virus:Trj/Imiserv.D Disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\wupdt[1].exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\abiuninst[1].exe Adware:Adware/Envolo No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\AutoUpdaterInstaller[1].exe Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\polall5c[1].exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\ceres[1].cab Adware:Adware/Transponder No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\ceres[1].cab[ceres.inf] Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\ceres[1].cab[ceres.dll] Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\polall5c[1].exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\thnall5c[1].exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\Temporary Internet Files\InstallAPS.exe Adware:Adware/QoolAid No disinfected C:\WINDOWS\qnbxdoq.exe Adware:Adware/AdBehavior No disinfected C:\WINDOWS\vwugi.dll Adware:Adware/AdBehavior No disinfected C:\WINDOWS\yapgw.dat Adware:Adware/BookedSpace No disinfected C:\WINDOWS\tbzxkovq.exe Adware:Adware/BookedSpace No disinfected C:\WINDOWS\xkuzqtem.exe Adware:Adware/Midaddle No disinfected C:\WINDOWS\ru.exe Virus:Trj/Imiserv.D Disinfected C:\WINDOWS\systb.dll Adware:Adware/SAHAgent No disinfected C:\WINDOWS\unstall.exe Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll Adware:Adware/AdBehavior No disinfected C:\WINDOWS\cprynuc.dll Adware:Adware/AdBehavior No disinfected C:\WINDOWS\ujrlhm.exe Adware:Adware/AdBehavior No disinfected C:\unzipped\hijackthis\backups\backup-20050712-105652-142-cknu.exe Adware:Adware/Apropos No disinfected C:\Recycled\Dc7\ProxyStub.dll Adware:Adware/AdDestroyer No disinfected C:\Program Files\VBouncer\BundleOuter.EXE Adware:Adware/VirtualBouncer No disinfected C:\Program Files\VBouncer\VBouncerInner.EXE Adware:Adware/AdDestroyer No disinfected C:\Program Files\VBouncer\AdDestroyerInner.EXE Adware:Adware/VirtualBouncer No disinfected C:\Program Files\VBouncer\VirtualBouncer.exe Adware:Adware/AdDestroyer No disinfected C:\Program Files\AdDestroyer\AdDestroyer.exe Adware:Adware/CWS.AAA No disinfected C:\cruysc.exe Thank you SO MUCH for your time. I'm sorry to cause so much trouble. I'll check in again soon. Thank you, Amo
  24. PLEASE NOTICE: This log is in two parts as it was too large for one post. Here is HALF of my new Panda log: Incident Status Location Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL Adware:Adware/BookedSpace No disinfected C:\WINDOWS\CFGMGR52.DLL Virus:Trj/Imiserv.D Disinfected Operating system Adware:Adware/VirtualBouncer No disinfected C:\PROGRAM FILES\VBOUNCER\VIRTUALBOUNCER.EXE Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\SYSTEM\UAWPXM.EXE Virus:Trj/Downloader.AYV Disinfected Operating system Adware:Adware/VirtualBouncer No disinfected C:\PROGRA~1\VBOUNCER\VIRTUA~1.EXE Adware:Adware/Twain-Tech No disinfected c:\WINDOWS\SYSTEM\UAWPXM.EXE Virus:Trj/Imiserv.D Disinfected Operating system Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\Start Menu\Programs\StartUp\AdDestroyer.lnk Adware:Adware/eZula No disinfected Windows Registry Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\!update.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL Adware:Adware/PortalScan No disinfected C:\WINDOWS\SYSTEM\AUNPS2.dll Adware:Adware/SAHAgent No disinfected C:\WINDOWS\unstall.exe Adware:Adware/Superbar No disinfected Windows Registry Adware:Adware/AdDestroyer No disinfected C:\Program Files\AdDestroyer Adware:Adware/SideSearch No disinfected Windows Registry Adware:Adware/IEPlugin No disinfected C:\WINDOWS\systb.dll Adware:Adware/MyWebSearch No disinfected Windows Registry Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\CFGMGR52.DLL Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\YSBactivex.??? Adware:Adware/Transponder No disinfected Windows Registry Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\CERES.INF Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\Start Menu\Programs\StartUp\AdDestroyer.lnk Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\!update.exe Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\TEMP\wrapperouter.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.cab Adware:Adware/Transponder No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.cab[ceres.inf] Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.cab[ceres.dll] Adware:Adware/Transponder No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.inf Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\DrTemp\ceres.dll Virus:Trj/Imiserv.D Disinfected C:\WINDOWS\TEMP\wupdt.exe Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\ysbactivex.dll Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\SYSTEM\uawpxm.exe Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM\Shex.exe Virus:Trj/Clicker.DJ Disinfected C:\WINDOWS\SYSTEM\AUNPS2.dll Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\SYSTEM\SWLAD2.dll Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\SYSTEM\PopOops2.dll Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\SYSTEM\PopOops.dll To be continued in following thread.
  25. Hi thatman, Oh no. After completeing the last set of instructions, I've been getting A LOT of pop-ups. Something called "Ad Destroyer" is now on my PC and something else called "Virtual Bouncer". Also, Ceres is back. Panda Scan was doing fine - everything seemed to be getting removed - but this time the scan found even more viruses - so many in fact, that I can not post both reports on this thread. I can't believe people put this horrible junk on other people's computers. I'm sure I followed the directions as you requested - I don't know what happened. I'm sorry to be causing so much trouble, and I sincerely thank you for your help, thatman. Am I doing something wrong? Here is my new HJT log - the new Panda log follows in my next post: Logfile of HijackThis v1.99.1 Scan saved at 2:12:06 PM, on 7/12/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\AREA.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPSYSDRV.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPODEV07.EXE C:\PROGRAM FILES\PALMONE\HOTSYNC.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOEVM07.EXE C:\WINDOWS\SYSTEM\HPOIPM07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOSTS07.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET V SERIES\BIN\HPOFXM07.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! Dial O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_5_7_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp officejet v series\bin\hpodev07.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/:f...red:/asinst.cab Please read my following post for my new Panda scan. Thank you.
×
×
  • Create New...