Options

HijackThis log help

Unknown
edited December 2005 in Spyware & Virus Removal
I work at a family-owned business, and my brother was the person who did most of the computer-related things before I took over. I know he sat around on the 'net during the day when no one came in, and I'm pretty certain he probably went to several pages he shouldn't have. We're now being plagued with popups... I can leave the computer on and come back 15 minutes later to 15 of them open on the screen. I ran Spybot S&D as well as Ad-Aware, but I'm still getting ads that sporadically pop up everywhere. I'm clueless as to what I might need to check off on my HijackThis log and I don't want to screw something up, so I figured I'd be safe in posting it here for someone to help me out in finding the bad stuff.

Logfile of HijackThis v1.97.7
Scan saved at 11:25:14 AM, on 5/1/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\INTELDEV\DEVSTAT.EXE
C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\LXAMSP32.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\ZQFCZFSYP.EXE
C:\WINDOWS\MUMQDH.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\PROGRAM FILES\LEXMARKX63\ACBTNMGR_X63.EXE
C:\PROGRAM FILES\LEXMARKX63\ACMONITOR_X63.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://rd.companion.yahoo.com/slv/ycheck/hp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {F7DCC417-38E1-4659-BE39-2C111C37E4D6} - C:\WINDOWS\TROUUBDH.DLL
O2 - BHO: (no name) - {CA3A4804-8211-405F-8F37-E74B85ABFE34} - C:\WINDOWS\KISB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Intel Device Agent] c:\windows\inteldev\DevStat.exe
O4 - HKLM\..\Run: [Intel Registration] C:\Program Files\Intel\Intel Peripherals\Register\regstart.exe -r
O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\MY DOCUMENTS\MESSENGER SERVICE RECEIVED FILES\PIC1324(1)(2)(1).exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [SQInstaller] C:\PROGRAM FILES\STC\SQ_3394_3222.EXESQInstaller.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [dtwinq] C:\WINDOWS\zqfczfsyp.exe
O4 - HKLM\..\Run: [rmvoimmz] C:\WINDOWS\mumqdh.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\RunServices: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38107.4796296296
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited May 2004
    Welcome to short-media. Stick around after we fix your problem, you'll like it here :)

    Get rid of:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about_:blank
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL
    O2 - BHO: (no name) - {F7DCC417-38E1-4659-BE39-2C111C37E4D6} - C:\WINDOWS\TROUUBDH.DLL
    O2 - BHO: (no name) - {CA3A4804-8211-405F-8F37-E74B85ABFE34} - C:\WINDOWS\KISB.DLL
    O4 - HKLM\..\Run: [Intel Registration] C:\Program Files\Intel\Intel Peripherals\Register\regstart.exe -r
    O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [MSN Messenger] C:\MY DOCUMENTS\MESSENGER SERVICE RECEIVED FILES\PIC1324(1)(2)(1).exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SQInstaller] C:\PROGRAM FILES\STC\SQ_3394_3222.EXESQInstaller.exe
    O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
    O4 - HKLM\..\Run: [dtwinq] C:\WINDOWS\zqfczfsyp.exe
    O4 - HKLM\..\Run: [rmvoimmz] C:\WINDOWS\mumqdh.exe
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
    O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
    O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet/slot...z-ob-assets.cab
  • DexterDexter Vancouver, BC Canada
    edited May 2004
    Also, you should install a pop-up stopper. There are numerous to choose from, this one is FREE, and just displays a short "nag screen" when you first boot the computer. Other than that, it works perfectly, and you can upgrade to their paid version for advanced protection if you want.

    Dexter...
  • shwaipshwaip bluffin' with my muffin Icrontian
    edited May 2004
    I like the google toolbar for that purpose, it's free as well

    http://toolbar.google.com/
  • IDoAsIPleaseIDoAsIPlease I guess here for now
    edited December 2005
    I am sorry if I am doing this wrong. But I have a log I would greatly appreciate help with.
  • TroganTrogan London, UK
    edited December 2005
    Start a new thread and post the HJT log you have. Either myself or someone will help you out shortly :)
  • IDoAsIPleaseIDoAsIPlease I guess here for now
    edited December 2005
    just did..

    Thank you SO MUCH!!! :D
Sign In or Register to comment.