re: need lots of help, spyware, hijackthis log Friday, March 31, 2006 at 8:09 am Windows Me Annoyances Discussion Forum Posted by Jay (15 messages posted) Hello MrCharlie thanks again for help, ive done everything you advised, and am posting new HJT log. Killbox didnt detect any of the files, and i reset my IE. There was another ? i had. i dont normally use IE for browsing but whenever i do after i close it my comp freezes for about 30 seconds. and works fine after. Logfile of HijackThis v1.99.1 Scan saved at 10:00:04 AM, on 31/03/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\DEVLDR16.EXE C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE C:\WINDOWS\SYSTEM\LXSUPMON.EXE C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ebay.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\rd99rsfz.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\rd99rsfz.slt\prefs.js) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe" O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [RealJukeboxSystray] C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com (file missing) (HKCU) O15 - Trusted IP range: O15 - Trusted IP range: O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://nbctv.nbci.com/tonightshow/virtualjay/NBC/install/english/AxPulse.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) - O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab On Thursday, March 30, 2006 at 6:35 pm, MrCharlie wrote: > >OK, lets start here: >Download and unzip the KillBox >to a folder - we'll use it later. > >Reboot into safe mode > >You can do this by restarting your computer and continually tapping the F8 key until >a menu appears. Use your up arrow key to highlight Safe Mode then hit enter. > > >Close ALL programs down, leaving ONLY HijackThis running - Click Scan and..... >Place a check against the following items: > >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = , >R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com >R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = >O1 - Hosts: 255.255.255.255 www.casinoxo.com >O2 - BHO: (no name) - {00000010-0000-0010-8000-000000000002} - C:\PROGRAM FILES\ANNOTATE.NET\ANNOTATEBHO.DLL >(file missing) >O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD0.DLL >O2 - BHO: (no name) - {39FF1454-E946-19E6-8753-60550AA12F1C} - C:\WINDOWS\SYSTEM\QPCN.DLL >(file missing) >O3 - Toolbar: &Search - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\SYSTEM\JFI.DLL >(file missing) >O15 - Trusted IP range: >O15 - Trusted IP range: (HKLM) >O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} (GigexCtrl ActiveX) - http://www.gigex.com/tv/igor/gigexagent.dll > >Click on Fix Checked and exit HijackThis. > >Now open up the KillBox and copy and paste each one of these in and hit delete, if >the file exists, it will appear in blue under the window, if not move on to the next >file. > > C:\PROGRAM FILES\ANNOTATE.NET\ANNOTATEBHO.DLL >C:\PROGRAM FILES\ANNOTATE.NET > C:\WINDOWS\SYSTEM\NZDD0.DLL > C:\WINDOWS\SYSTEM\QPCN.DLL > C:\WINDOWS\SYSTEM\JFI.DLL > >Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. >Let it scan your system for files to remove. Make sure these 3 are checked and then >press *ok* to remove: > >Temporary Files >Temporary Internet Files >Recycle Bin > >Reboot and > >Open up Internet Explorer , Tools, General Tab, reset your home page to what you >want, now the Programs Tab, click Reset Web Settings >That will change everything back to the default settings. > >See if you can run the Shredder - I gave you the link to download the files you may >need. > >Reboot and post a fresh HijackThis log and we'll take another look. MrC > >PS: gone for tonight > > Written in response to: re: need lots of help, spyware, hijackthis log (MrCharlie: Thursday, March 30, 2006 at 6:35 pm) Responses to this message: re: need lots of help, spyware, hijackthis log (Jack Gulley: Friday, March 31, 2006 at 10:20 am) re: need lots of help, spyware, hijackthis log (MrCharlie: Friday, March 31, 2006 at 3:08 pm) All messages in this thread [show all] need lots of help, spyware, hijackthis log (Jay: Thu, Mar 30, 2006, 12:00 pm) re: need lots of help, spyware, hijackthis log (MrCharlie: Thu, Mar 30, 2006, 3:57 pm) re: need lots of help, spyware, hijackthis log (Jay: Thu, Mar 30, 2006, 5:18 pm) re: need lots of help, spyware, hijackthis log (MrCharlie: Thu, Mar 30, 2006, 6:35 pm) re: need lots of help, spyware, hijackthis log (Jay: Thu, Mar 30, 2006, 7:30 pm) re: need lots of help, spyware, hijackthis log (Jay: Fri, Mar 31, 2006, 8:09 am) re: need lots of help, spyware, hijackthis log (Jack Gulley: Fri, Mar 31, 2006, 10:20 am) re: need lots of help, spyware, hijackthis log (MrCharlie: Fri, Mar 31, 2006, 3:08 pm) re: need lots of help, spyware, hijackthis log (Jay: Sat, Apr 1, 2006, 4:57 pm) re: need lots of help, spyware, hijackthis log (MrCharlie: Sat, Apr 1, 2006, 6:22 pm) re: need lots of help, spyware, hijackthis log (Jay: Mon, Apr 3, 2006, 3:26 pm) re: need lots of help, spyware, hijackthis log (MrCharlie: Mon, Apr 3, 2006, 4:17 pm) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows Me Discussion Forum