Options
Help! Scared to fix problems... which are bad?
here's my log... which ones to I hit fix for... (PS I know my computer should prolly be dead right now....)
Logfile of HijackThis v1.98.2
Scan saved at 6:44:35 PM, on 11/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\IEPH32.EXE
C:\WINDOWS\SYSTEM\MSPT.EXE
C:\WINDOWS\IEQD.EXE
C:\WINDOWS\SDKLS.EXE
C:\WINDOWS\NTPF.EXE
C:\WINDOWS\MFCLT32.EXE
C:\WINDOWS\SYSTEM\NETQN.EXE
C:\WINDOWS\SYSTEM\IPGH32.EXE
C:\WINDOWS\NETTR32.EXE
C:\WINDOWS\NTSS32.EXE
C:\WINDOWS\SYSTEM\ADDII.EXE
C:\WINDOWS\SYSTEM\ATLHY32.EXE
C:\WINDOWS\SYSTEM\IEEW.EXE
C:\WINDOWS\SDKUK.EXE
C:\WINDOWS\SYSTEM\APPAI32.EXE
C:\WINDOWS\JAVAOV.EXE
C:\WINDOWS\JAVAHB32.EXE
C:\WINDOWS\SDKNI.EXE
C:\WINDOWS\SYSTEM\ADDSY32.EXE
C:\WINDOWS\ATLBD.EXE
C:\WINDOWS\SYSTEM\SYSDV32.EXE
C:\WINDOWS\MSBA32.EXE
C:\WINDOWS\IPUJ32.EXE
C:\WINDOWS\SYSTEM\JAVAIC32.EXE
C:\WINDOWS\SYSTEM\APPME32.EXE
C:\WINDOWS\SYSTEM\APIEP32.EXE
C:\WINDOWS\SDKJR32.EXE
C:\WINDOWS\IPVF32.EXE
C:\WINDOWS\SYSTEM\APIHH.EXE
C:\WINDOWS\SYSTEM\APISJ32.EXE
C:\WINDOWS\SYSTEM\APPNO.EXE
C:\WINDOWS\CRRZ.EXE
C:\WINDOWS\ADDGB32.EXE
C:\WINDOWS\NTNQ.EXE
C:\WINDOWS\SYSTEM\IEHC.EXE
C:\WINDOWS\SYSTEM\CRUI32.EXE
C:\WINDOWS\SYSTEM\MSWX32.EXE
C:\WINDOWS\IETE32.EXE
C:\WINDOWS\D3QX.EXE
C:\WINDOWS\SYSTEM\ADDRS32.EXE
C:\WINDOWS\SYSTEM\D3WJ.EXE
C:\WINDOWS\D3MC.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\WINRM.EXE
C:\WINDOWS\ADDSI.EXE
C:\WINDOWS\SYSTEM\APIHH32.EXE
C:\WINDOWS\IEVD32.EXE
C:\WINDOWS\SYSTEM\MFCBP32.EXE
C:\WINDOWS\APIXR.EXE
C:\WINDOWS\MFCFE.EXE
C:\WINDOWS\SYSTEM\ADDUG.EXE
C:\WINDOWS\SYSTEM\WINYV32.EXE
C:\WINDOWS\JAVACG32.EXE
C:\WINDOWS\SYSTEM\APIPG32.EXE
C:\WINDOWS\SYSTEM\WINFN32.EXE
C:\WINDOWS\ADDVN32.EXE
C:\WINDOWS\SYSTEM\MSVU32.EXE
C:\WINDOWS\SYSTEM\IEDI32.EXE
C:\WINDOWS\CRHM32.EXE
C:\WINDOWS\APINB32.EXE
C:\WINDOWS\APIJV32.EXE
C:\WINDOWS\SYSTEM\JAVAPH32.EXE
C:\WINDOWS\SYSLC32.EXE
C:\WINDOWS\ADDMJ32.EXE
C:\WINDOWS\SYSTEM\SYSNV32.EXE
C:\WINDOWS\APIAB.EXE
C:\WINDOWS\SYSTEM\SYSUQ.EXE
C:\WINDOWS\JAVAXG32.EXE
C:\WINDOWS\SYSTEM\IECF32.EXE
C:\WINDOWS\SYSTEM\D3XQ.EXE
C:\WINDOWS\APIMD.EXE
C:\WINDOWS\SYSTEM\MSFW.EXE
C:\WINDOWS\SDKWC32.EXE
C:\WINDOWS\MSYV.EXE
C:\WINDOWS\NETZY32.EXE
C:\WINDOWS\APPIG.EXE
C:\WINDOWS\MSRK32.EXE
C:\WINDOWS\SYSTEM\NTAZ32.EXE
C:\WINDOWS\MFCOX32.EXE
C:\WINDOWS\IECD32.EXE
C:\WINDOWS\SYSTEM\JAVACH.EXE
C:\WINDOWS\SYSTEM\NTKD.EXE
C:\WINDOWS\SYSTEM\ADDUD.EXE
C:\WINDOWS\NETGF.EXE
C:\WINDOWS\WINMN32.EXE
C:\WINDOWS\IEYX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\EGNNQV.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\D3QX.EXE
C:\WINDOWS\CRRZ.EXE
C:\WINDOWS\IEAJ32.EXE
C:\WINDOWS\D3QX.EXE
C:\WINDOWS\CRRZ.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\CRRZ.EXE
C:\WINDOWS\CRRZ.EXE
C:\WINDOWS\SYSTEM\IPIP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.humorsearch.com/cgi-bin/humorsearch.cgi?terms=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {65684572-8761-2FA0-1CA3-0786CDC7F986} - C:\WINDOWS\SYSTEM\MSCP.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [McAfee Image] C:\Program Files\McAfee\McAfee Shared Components\McAfee Image\image32.exe /auto
O4 - HKLM\..\RunServices: [NTPF.EXE] C:\WINDOWS\NTPF.EXE
O4 - HKLM\..\RunServices: [SDKLS.EXE] C:\WINDOWS\SDKLS.EXE
O4 - HKLM\..\RunServices: [IEQD.EXE] C:\WINDOWS\IEQD.EXE
O4 - HKLM\..\RunServices: [IEPH32.EXE] C:\WINDOWS\SYSTEM\IEPH32.EXE
O4 - HKLM\..\RunServices: [NETQN.EXE] C:\WINDOWS\SYSTEM\NETQN.EXE
O4 - HKLM\..\RunServices: [MFCLT32.EXE] C:\WINDOWS\MFCLT32.EXE
O4 - HKLM\..\RunServices: [NETTR32.EXE] C:\WINDOWS\NETTR32.EXE
O4 - HKLM\..\RunServices: [MSPT.EXE] C:\WINDOWS\SYSTEM\MSPT.EXE
O4 - HKLM\..\RunServices: [NTSS32.EXE] C:\WINDOWS\NTSS32.EXE
O4 - HKLM\..\RunServices: [IPGH32.EXE] C:\WINDOWS\SYSTEM\IPGH32.EXE
O4 - HKLM\..\RunServices: [ADDII.EXE] C:\WINDOWS\SYSTEM\ADDII.EXE
O4 - HKLM\..\RunServices: [ATLHY32.EXE] C:\WINDOWS\SYSTEM\ATLHY32.EXE
O4 - HKLM\..\RunServices: [IEEW.EXE] C:\WINDOWS\SYSTEM\IEEW.EXE
O4 - HKLM\..\RunServices: [SDKUK.EXE] C:\WINDOWS\SDKUK.EXE
O4 - HKLM\..\RunServices: [JAVAOV.EXE] C:\WINDOWS\JAVAOV.EXE
O4 - HKLM\..\RunServices: [APPAI32.EXE] C:\WINDOWS\SYSTEM\APPAI32.EXE
O4 - HKLM\..\RunServices: [JAVAHB32.EXE] C:\WINDOWS\JAVAHB32.EXE
O4 - HKLM\..\RunServices: [SDKNI.EXE] C:\WINDOWS\SDKNI.EXE
O4 - HKLM\..\RunServices: [SYSDV32.EXE] C:\WINDOWS\SYSTEM\SYSDV32.EXE
O4 - HKLM\..\RunServices: [ATLBD.EXE] C:\WINDOWS\ATLBD.EXE
O4 - HKLM\..\RunServices: [MSBA32.EXE] C:\WINDOWS\MSBA32.EXE
O4 - HKLM\..\RunServices: [ADDSY32.EXE] C:\WINDOWS\SYSTEM\ADDSY32.EXE
O4 - HKLM\..\RunServices: [JAVAIC32.EXE] C:\WINDOWS\SYSTEM\JAVAIC32.EXE
O4 - HKLM\..\RunServices: [IPUJ32.EXE] C:\WINDOWS\IPUJ32.EXE
O4 - HKLM\..\RunServices: [APPME32.EXE] C:\WINDOWS\SYSTEM\APPME32.EXE
O4 - HKLM\..\RunServices: [IPVF32.EXE] C:\WINDOWS\IPVF32.EXE
O4 - HKLM\..\RunServices: [APIEP32.EXE] C:\WINDOWS\SYSTEM\APIEP32.EXE
O4 - HKLM\..\RunServices: [SDKJR32.EXE] C:\WINDOWS\SDKJR32.EXE
O4 - HKLM\..\RunServices: [APIHH.EXE] C:\WINDOWS\SYSTEM\APIHH.EXE
O4 - HKLM\..\RunServices: [APPNO.EXE] C:\WINDOWS\SYSTEM\APPNO.EXE
O4 - HKLM\..\RunServices: [CRRZ.EXE] C:\WINDOWS\CRRZ.EXE
O4 - HKLM\..\RunServices: [APISJ32.EXE] C:\WINDOWS\SYSTEM\APISJ32.EXE
O4 - HKLM\..\RunServices: [ADDGB32.EXE] C:\WINDOWS\ADDGB32.EXE
O4 - HKLM\..\RunServices: [NTNQ.EXE] C:\WINDOWS\NTNQ.EXE
O4 - HKLM\..\RunServices: [IEHC.EXE] C:\WINDOWS\SYSTEM\IEHC.EXE
O4 - HKLM\..\RunServices: [CRUI32.EXE] C:\WINDOWS\SYSTEM\CRUI32.EXE
O4 - HKLM\..\RunServices: [MSWX32.EXE] C:\WINDOWS\SYSTEM\MSWX32.EXE
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE
O4 - HKLM\..\RunServices: [D3QX.EXE] C:\WINDOWS\D3QX.EXE
O4 - HKLM\..\RunServices: [ADDRS32.EXE] C:\WINDOWS\SYSTEM\ADDRS32.EXE
O4 - HKLM\..\RunServices: [D3WJ.EXE] C:\WINDOWS\SYSTEM\D3WJ.EXE
O4 - HKLM\..\RunServices: [D3MC.EXE] C:\WINDOWS\D3MC.EXE
O4 - HKLM\..\RunServices: [WINRM.EXE] C:\WINDOWS\WINRM.EXE
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE
O4 - HKLM\..\RunServices: [ADDSI.EXE] C:\WINDOWS\ADDSI.EXE
O4 - HKLM\..\RunServices: [APIHH32.EXE] C:\WINDOWS\SYSTEM\APIHH32.EXE
O4 - HKLM\..\RunServices: [IEVD32.EXE] C:\WINDOWS\IEVD32.EXE
O4 - HKLM\..\RunServices: [APIXR.EXE] C:\WINDOWS\APIXR.EXE
O4 - HKLM\..\RunServices: [MFCBP32.EXE] C:\WINDOWS\SYSTEM\MFCBP32.EXE
O4 - HKLM\..\RunServices: [MFCFE.EXE] C:\WINDOWS\MFCFE.EXE
O4 - HKLM\..\RunServices: [ADDUG.EXE] C:\WINDOWS\SYSTEM\ADDUG.EXE
O4 - HKLM\..\RunServices: [WINYV32.EXE] C:\WINDOWS\SYSTEM\WINYV32.EXE
O4 - HKLM\..\RunServices: [JAVACG32.EXE] C:\WINDOWS\JAVACG32.EXE
O4 - HKLM\..\RunServices: [APIPG32.EXE] C:\WINDOWS\SYSTEM\APIPG32.EXE
O4 - HKLM\..\RunServices: [WINFN32.EXE] C:\WINDOWS\SYSTEM\WINFN32.EXE
O4 - HKLM\..\RunServices: [MSVU32.EXE] C:\WINDOWS\SYSTEM\MSVU32.EXE
O4 - HKLM\..\RunServices: [ADDVN32.EXE] C:\WINDOWS\ADDVN32.EXE
O4 - HKLM\..\RunServices: [IEDI32.EXE] C:\WINDOWS\SYSTEM\IEDI32.EXE
O4 - HKLM\..\RunServices: [CRHM32.EXE] C:\WINDOWS\CRHM32.EXE
O4 - HKLM\..\RunServices: [APINB32.EXE] C:\WINDOWS\APINB32.EXE
O4 - HKLM\..\RunServices: [APIJV32.EXE] C:\WINDOWS\APIJV32.EXE
O4 - HKLM\..\RunServices: [JAVAPH32.EXE] C:\WINDOWS\SYSTEM\JAVAPH32.EXE
O4 - HKLM\..\RunServices: [SYSLC32.EXE] C:\WINDOWS\SYSLC32.EXE
O4 - HKLM\..\RunServices: [ADDMJ32.EXE] C:\WINDOWS\ADDMJ32.EXE
O4 - HKLM\..\RunServices: [JAVAXG32.EXE] C:\WINDOWS\JAVAXG32.EXE
O4 - HKLM\..\RunServices: [APIAB.EXE] C:\WINDOWS\APIAB.EXE
O4 - HKLM\..\RunServices: [SYSNV32.EXE] C:\WINDOWS\SYSTEM\SYSNV32.EXE
O4 - HKLM\..\RunServices: [SYSUQ.EXE] C:\WINDOWS\SYSTEM\SYSUQ.EXE
O4 - HKLM\..\RunServices: [IECF32.EXE] C:\WINDOWS\SYSTEM\IECF32.EXE
O4 - HKLM\..\RunServices: [D3XQ.EXE] C:\WINDOWS\SYSTEM\D3XQ.EXE
O4 - HKLM\..\RunServices: [MSFW.EXE] C:\WINDOWS\SYSTEM\MSFW.EXE
O4 - HKLM\..\RunServices: [SDKWC32.EXE] C:\WINDOWS\SDKWC32.EXE
O4 - HKLM\..\RunServices: [APIMD.EXE] C:\WINDOWS\APIMD.EXE
O4 - HKLM\..\RunServices: [MSYV.EXE] C:\WINDOWS\MSYV.EXE
O4 - HKLM\..\RunServices: [NETZY32.EXE] C:\WINDOWS\NETZY32.EXE
O4 - HKLM\..\RunServices: [APPIG.EXE] C:\WINDOWS\APPIG.EXE
O4 - HKLM\..\RunServices: [MSRK32.EXE] C:\WINDOWS\MSRK32.EXE
O4 - HKLM\..\RunServices: [NTAZ32.EXE] C:\WINDOWS\SYSTEM\NTAZ32.EXE
O4 - HKLM\..\RunServices: [IECD32.EXE] C:\WINDOWS\IECD32.EXE
O4 - HKLM\..\RunServices: [MFCOX32.EXE] C:\WINDOWS\MFCOX32.EXE
O4 - HKLM\..\RunServices: [JAVACH.EXE] C:\WINDOWS\SYSTEM\JAVACH.EXE
O4 - HKLM\..\RunServices: [NTKD.EXE] C:\WINDOWS\SYSTEM\NTKD.EXE
O4 - HKLM\..\RunServices: [ADDUD.EXE] C:\WINDOWS\SYSTEM\ADDUD.EXE
O4 - HKLM\..\RunServices: [NETGF.EXE] C:\WINDOWS\NETGF.EXE
O4 - HKLM\..\RunServices: [WINMN32.EXE] C:\WINDOWS\WINMN32.EXE
O4 - HKLM\..\RunServices: [IEYX.EXE] C:\WINDOWS\IEYX.EXE
O4 - HKLM\..\RunServices: [IEAJ32.EXE] C:\WINDOWS\IEAJ32.EXE
O4 - HKLM\..\RunServices: [IPIP.EXE] C:\WINDOWS\SYSTEM\IPIP.EXE
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Kstcmjn] C:\WINDOWS\SYSTEM\egnnqv.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .MID: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .aif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .MUS: C:\PROGRA~1\INTERN~1\PLUGINS\NPFinale.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
Thank you for watever help you can give.... my cmputers performance is soooo slow and I think it is because of Home Search Assistant.... or w.e else is around on my computer!
~Katie~
Logfile of HijackThis v1.98.2
Scan saved at 6:44:35 PM, on 11/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\IEPH32.EXE
C:\WINDOWS\SYSTEM\MSPT.EXE
C:\WINDOWS\IEQD.EXE
C:\WINDOWS\SDKLS.EXE
C:\WINDOWS\NTPF.EXE
C:\WINDOWS\MFCLT32.EXE
C:\WINDOWS\SYSTEM\NETQN.EXE
C:\WINDOWS\SYSTEM\IPGH32.EXE
C:\WINDOWS\NETTR32.EXE
C:\WINDOWS\NTSS32.EXE
C:\WINDOWS\SYSTEM\ADDII.EXE
C:\WINDOWS\SYSTEM\ATLHY32.EXE
C:\WINDOWS\SYSTEM\IEEW.EXE
C:\WINDOWS\SDKUK.EXE
C:\WINDOWS\SYSTEM\APPAI32.EXE
C:\WINDOWS\JAVAOV.EXE
C:\WINDOWS\JAVAHB32.EXE
C:\WINDOWS\SDKNI.EXE
C:\WINDOWS\SYSTEM\ADDSY32.EXE
C:\WINDOWS\ATLBD.EXE
C:\WINDOWS\SYSTEM\SYSDV32.EXE
C:\WINDOWS\MSBA32.EXE
C:\WINDOWS\IPUJ32.EXE
C:\WINDOWS\SYSTEM\JAVAIC32.EXE
C:\WINDOWS\SYSTEM\APPME32.EXE
C:\WINDOWS\SYSTEM\APIEP32.EXE
C:\WINDOWS\SDKJR32.EXE
C:\WINDOWS\IPVF32.EXE
C:\WINDOWS\SYSTEM\APIHH.EXE
C:\WINDOWS\SYSTEM\APISJ32.EXE
C:\WINDOWS\SYSTEM\APPNO.EXE
C:\WINDOWS\CRRZ.EXE
C:\WINDOWS\ADDGB32.EXE
C:\WINDOWS\NTNQ.EXE
C:\WINDOWS\SYSTEM\IEHC.EXE
C:\WINDOWS\SYSTEM\CRUI32.EXE
C:\WINDOWS\SYSTEM\MSWX32.EXE
C:\WINDOWS\IETE32.EXE
C:\WINDOWS\D3QX.EXE
C:\WINDOWS\SYSTEM\ADDRS32.EXE
C:\WINDOWS\SYSTEM\D3WJ.EXE
C:\WINDOWS\D3MC.EXE
C:\WINDOWS\SYSTEM\CROY32.EXE
C:\WINDOWS\WINRM.EXE
C:\WINDOWS\ADDSI.EXE
C:\WINDOWS\SYSTEM\APIHH32.EXE
C:\WINDOWS\IEVD32.EXE
C:\WINDOWS\SYSTEM\MFCBP32.EXE
C:\WINDOWS\APIXR.EXE
C:\WINDOWS\MFCFE.EXE
C:\WINDOWS\SYSTEM\ADDUG.EXE
C:\WINDOWS\SYSTEM\WINYV32.EXE
C:\WINDOWS\JAVACG32.EXE
C:\WINDOWS\SYSTEM\APIPG32.EXE
C:\WINDOWS\SYSTEM\WINFN32.EXE
C:\WINDOWS\ADDVN32.EXE
C:\WINDOWS\SYSTEM\MSVU32.EXE
C:\WINDOWS\SYSTEM\IEDI32.EXE
C:\WINDOWS\CRHM32.EXE
C:\WINDOWS\APINB32.EXE
C:\WINDOWS\APIJV32.EXE
C:\WINDOWS\SYSTEM\JAVAPH32.EXE
C:\WINDOWS\SYSLC32.EXE
C:\WINDOWS\ADDMJ32.EXE
C:\WINDOWS\SYSTEM\SYSNV32.EXE
C:\WINDOWS\APIAB.EXE
C:\WINDOWS\SYSTEM\SYSUQ.EXE
C:\WINDOWS\JAVAXG32.EXE
C:\WINDOWS\SYSTEM\IECF32.EXE
C:\WINDOWS\SYSTEM\D3XQ.EXE
C:\WINDOWS\APIMD.EXE
C:\WINDOWS\SYSTEM\MSFW.EXE
C:\WINDOWS\SDKWC32.EXE
C:\WINDOWS\MSYV.EXE
C:\WINDOWS\NETZY32.EXE
C:\WINDOWS\APPIG.EXE
C:\WINDOWS\MSRK32.EXE
C:\WINDOWS\SYSTEM\NTAZ32.EXE
C:\WINDOWS\MFCOX32.EXE
C:\WINDOWS\IECD32.EXE
C:\WINDOWS\SYSTEM\JAVACH.EXE
C:\WINDOWS\SYSTEM\NTKD.EXE
C:\WINDOWS\SYSTEM\ADDUD.EXE
C:\WINDOWS\NETGF.EXE
C:\WINDOWS\WINMN32.EXE
C:\WINDOWS\IEYX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\EGNNQV.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\D3QX.EXE
C:\WINDOWS\CRRZ.EXE
C:\WINDOWS\IEAJ32.EXE
C:\WINDOWS\D3QX.EXE
C:\WINDOWS\CRRZ.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\CRRZ.EXE
C:\WINDOWS\CRRZ.EXE
C:\WINDOWS\SYSTEM\IPIP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\mwojd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.humorsearch.com/cgi-bin/humorsearch.cgi?terms=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {65684572-8761-2FA0-1CA3-0786CDC7F986} - C:\WINDOWS\SYSTEM\MSCP.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [McAfee Image] C:\Program Files\McAfee\McAfee Shared Components\McAfee Image\image32.exe /auto
O4 - HKLM\..\RunServices: [NTPF.EXE] C:\WINDOWS\NTPF.EXE
O4 - HKLM\..\RunServices: [SDKLS.EXE] C:\WINDOWS\SDKLS.EXE
O4 - HKLM\..\RunServices: [IEQD.EXE] C:\WINDOWS\IEQD.EXE
O4 - HKLM\..\RunServices: [IEPH32.EXE] C:\WINDOWS\SYSTEM\IEPH32.EXE
O4 - HKLM\..\RunServices: [NETQN.EXE] C:\WINDOWS\SYSTEM\NETQN.EXE
O4 - HKLM\..\RunServices: [MFCLT32.EXE] C:\WINDOWS\MFCLT32.EXE
O4 - HKLM\..\RunServices: [NETTR32.EXE] C:\WINDOWS\NETTR32.EXE
O4 - HKLM\..\RunServices: [MSPT.EXE] C:\WINDOWS\SYSTEM\MSPT.EXE
O4 - HKLM\..\RunServices: [NTSS32.EXE] C:\WINDOWS\NTSS32.EXE
O4 - HKLM\..\RunServices: [IPGH32.EXE] C:\WINDOWS\SYSTEM\IPGH32.EXE
O4 - HKLM\..\RunServices: [ADDII.EXE] C:\WINDOWS\SYSTEM\ADDII.EXE
O4 - HKLM\..\RunServices: [ATLHY32.EXE] C:\WINDOWS\SYSTEM\ATLHY32.EXE
O4 - HKLM\..\RunServices: [IEEW.EXE] C:\WINDOWS\SYSTEM\IEEW.EXE
O4 - HKLM\..\RunServices: [SDKUK.EXE] C:\WINDOWS\SDKUK.EXE
O4 - HKLM\..\RunServices: [JAVAOV.EXE] C:\WINDOWS\JAVAOV.EXE
O4 - HKLM\..\RunServices: [APPAI32.EXE] C:\WINDOWS\SYSTEM\APPAI32.EXE
O4 - HKLM\..\RunServices: [JAVAHB32.EXE] C:\WINDOWS\JAVAHB32.EXE
O4 - HKLM\..\RunServices: [SDKNI.EXE] C:\WINDOWS\SDKNI.EXE
O4 - HKLM\..\RunServices: [SYSDV32.EXE] C:\WINDOWS\SYSTEM\SYSDV32.EXE
O4 - HKLM\..\RunServices: [ATLBD.EXE] C:\WINDOWS\ATLBD.EXE
O4 - HKLM\..\RunServices: [MSBA32.EXE] C:\WINDOWS\MSBA32.EXE
O4 - HKLM\..\RunServices: [ADDSY32.EXE] C:\WINDOWS\SYSTEM\ADDSY32.EXE
O4 - HKLM\..\RunServices: [JAVAIC32.EXE] C:\WINDOWS\SYSTEM\JAVAIC32.EXE
O4 - HKLM\..\RunServices: [IPUJ32.EXE] C:\WINDOWS\IPUJ32.EXE
O4 - HKLM\..\RunServices: [APPME32.EXE] C:\WINDOWS\SYSTEM\APPME32.EXE
O4 - HKLM\..\RunServices: [IPVF32.EXE] C:\WINDOWS\IPVF32.EXE
O4 - HKLM\..\RunServices: [APIEP32.EXE] C:\WINDOWS\SYSTEM\APIEP32.EXE
O4 - HKLM\..\RunServices: [SDKJR32.EXE] C:\WINDOWS\SDKJR32.EXE
O4 - HKLM\..\RunServices: [APIHH.EXE] C:\WINDOWS\SYSTEM\APIHH.EXE
O4 - HKLM\..\RunServices: [APPNO.EXE] C:\WINDOWS\SYSTEM\APPNO.EXE
O4 - HKLM\..\RunServices: [CRRZ.EXE] C:\WINDOWS\CRRZ.EXE
O4 - HKLM\..\RunServices: [APISJ32.EXE] C:\WINDOWS\SYSTEM\APISJ32.EXE
O4 - HKLM\..\RunServices: [ADDGB32.EXE] C:\WINDOWS\ADDGB32.EXE
O4 - HKLM\..\RunServices: [NTNQ.EXE] C:\WINDOWS\NTNQ.EXE
O4 - HKLM\..\RunServices: [IEHC.EXE] C:\WINDOWS\SYSTEM\IEHC.EXE
O4 - HKLM\..\RunServices: [CRUI32.EXE] C:\WINDOWS\SYSTEM\CRUI32.EXE
O4 - HKLM\..\RunServices: [MSWX32.EXE] C:\WINDOWS\SYSTEM\MSWX32.EXE
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE
O4 - HKLM\..\RunServices: [D3QX.EXE] C:\WINDOWS\D3QX.EXE
O4 - HKLM\..\RunServices: [ADDRS32.EXE] C:\WINDOWS\SYSTEM\ADDRS32.EXE
O4 - HKLM\..\RunServices: [D3WJ.EXE] C:\WINDOWS\SYSTEM\D3WJ.EXE
O4 - HKLM\..\RunServices: [D3MC.EXE] C:\WINDOWS\D3MC.EXE
O4 - HKLM\..\RunServices: [WINRM.EXE] C:\WINDOWS\WINRM.EXE
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE
O4 - HKLM\..\RunServices: [ADDSI.EXE] C:\WINDOWS\ADDSI.EXE
O4 - HKLM\..\RunServices: [APIHH32.EXE] C:\WINDOWS\SYSTEM\APIHH32.EXE
O4 - HKLM\..\RunServices: [IEVD32.EXE] C:\WINDOWS\IEVD32.EXE
O4 - HKLM\..\RunServices: [APIXR.EXE] C:\WINDOWS\APIXR.EXE
O4 - HKLM\..\RunServices: [MFCBP32.EXE] C:\WINDOWS\SYSTEM\MFCBP32.EXE
O4 - HKLM\..\RunServices: [MFCFE.EXE] C:\WINDOWS\MFCFE.EXE
O4 - HKLM\..\RunServices: [ADDUG.EXE] C:\WINDOWS\SYSTEM\ADDUG.EXE
O4 - HKLM\..\RunServices: [WINYV32.EXE] C:\WINDOWS\SYSTEM\WINYV32.EXE
O4 - HKLM\..\RunServices: [JAVACG32.EXE] C:\WINDOWS\JAVACG32.EXE
O4 - HKLM\..\RunServices: [APIPG32.EXE] C:\WINDOWS\SYSTEM\APIPG32.EXE
O4 - HKLM\..\RunServices: [WINFN32.EXE] C:\WINDOWS\SYSTEM\WINFN32.EXE
O4 - HKLM\..\RunServices: [MSVU32.EXE] C:\WINDOWS\SYSTEM\MSVU32.EXE
O4 - HKLM\..\RunServices: [ADDVN32.EXE] C:\WINDOWS\ADDVN32.EXE
O4 - HKLM\..\RunServices: [IEDI32.EXE] C:\WINDOWS\SYSTEM\IEDI32.EXE
O4 - HKLM\..\RunServices: [CRHM32.EXE] C:\WINDOWS\CRHM32.EXE
O4 - HKLM\..\RunServices: [APINB32.EXE] C:\WINDOWS\APINB32.EXE
O4 - HKLM\..\RunServices: [APIJV32.EXE] C:\WINDOWS\APIJV32.EXE
O4 - HKLM\..\RunServices: [JAVAPH32.EXE] C:\WINDOWS\SYSTEM\JAVAPH32.EXE
O4 - HKLM\..\RunServices: [SYSLC32.EXE] C:\WINDOWS\SYSLC32.EXE
O4 - HKLM\..\RunServices: [ADDMJ32.EXE] C:\WINDOWS\ADDMJ32.EXE
O4 - HKLM\..\RunServices: [JAVAXG32.EXE] C:\WINDOWS\JAVAXG32.EXE
O4 - HKLM\..\RunServices: [APIAB.EXE] C:\WINDOWS\APIAB.EXE
O4 - HKLM\..\RunServices: [SYSNV32.EXE] C:\WINDOWS\SYSTEM\SYSNV32.EXE
O4 - HKLM\..\RunServices: [SYSUQ.EXE] C:\WINDOWS\SYSTEM\SYSUQ.EXE
O4 - HKLM\..\RunServices: [IECF32.EXE] C:\WINDOWS\SYSTEM\IECF32.EXE
O4 - HKLM\..\RunServices: [D3XQ.EXE] C:\WINDOWS\SYSTEM\D3XQ.EXE
O4 - HKLM\..\RunServices: [MSFW.EXE] C:\WINDOWS\SYSTEM\MSFW.EXE
O4 - HKLM\..\RunServices: [SDKWC32.EXE] C:\WINDOWS\SDKWC32.EXE
O4 - HKLM\..\RunServices: [APIMD.EXE] C:\WINDOWS\APIMD.EXE
O4 - HKLM\..\RunServices: [MSYV.EXE] C:\WINDOWS\MSYV.EXE
O4 - HKLM\..\RunServices: [NETZY32.EXE] C:\WINDOWS\NETZY32.EXE
O4 - HKLM\..\RunServices: [APPIG.EXE] C:\WINDOWS\APPIG.EXE
O4 - HKLM\..\RunServices: [MSRK32.EXE] C:\WINDOWS\MSRK32.EXE
O4 - HKLM\..\RunServices: [NTAZ32.EXE] C:\WINDOWS\SYSTEM\NTAZ32.EXE
O4 - HKLM\..\RunServices: [IECD32.EXE] C:\WINDOWS\IECD32.EXE
O4 - HKLM\..\RunServices: [MFCOX32.EXE] C:\WINDOWS\MFCOX32.EXE
O4 - HKLM\..\RunServices: [JAVACH.EXE] C:\WINDOWS\SYSTEM\JAVACH.EXE
O4 - HKLM\..\RunServices: [NTKD.EXE] C:\WINDOWS\SYSTEM\NTKD.EXE
O4 - HKLM\..\RunServices: [ADDUD.EXE] C:\WINDOWS\SYSTEM\ADDUD.EXE
O4 - HKLM\..\RunServices: [NETGF.EXE] C:\WINDOWS\NETGF.EXE
O4 - HKLM\..\RunServices: [WINMN32.EXE] C:\WINDOWS\WINMN32.EXE
O4 - HKLM\..\RunServices: [IEYX.EXE] C:\WINDOWS\IEYX.EXE
O4 - HKLM\..\RunServices: [IEAJ32.EXE] C:\WINDOWS\IEAJ32.EXE
O4 - HKLM\..\RunServices: [IPIP.EXE] C:\WINDOWS\SYSTEM\IPIP.EXE
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Kstcmjn] C:\WINDOWS\SYSTEM\egnnqv.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .MID: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .aif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .MUS: C:\PROGRA~1\INTERN~1\PLUGINS\NPFinale.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
Thank you for watever help you can give.... my cmputers performance is soooo slow and I think it is because of Home Search Assistant.... or w.e else is around on my computer!
~Katie~
0
Comments
O4 - HKLM\..\RunServices: [NTPF.EXE] C:\WINDOWS\NTPF.EXE
O4 - HKLM\..\RunServices: [SDKLS.EXE] C:\WINDOWS\SDKLS.EXE
O4 - HKLM\..\RunServices: [IEQD.EXE] C:\WINDOWS\IEQD.EXE
O4 - HKLM\..\RunServices: [IEPH32.EXE] C:\WINDOWS\SYSTEM\IEPH32.EXE
O4 - HKLM\..\RunServices: [NETQN.EXE] C:\WINDOWS\SYSTEM\NETQN.EXE
O4 - HKLM\..\RunServices: [MFCLT32.EXE] C:\WINDOWS\MFCLT32.EXE
O4 - HKLM\..\RunServices: [NETTR32.EXE] C:\WINDOWS\NETTR32.EXE
O4 - HKLM\..\RunServices: [MSPT.EXE] C:\WINDOWS\SYSTEM\MSPT.EXE
O4 - HKLM\..\RunServices: [NTSS32.EXE] C:\WINDOWS\NTSS32.EXE
O4 - HKLM\..\RunServices: [IPGH32.EXE] C:\WINDOWS\SYSTEM\IPGH32.EXE
O4 - HKLM\..\RunServices: [ADDII.EXE] C:\WINDOWS\SYSTEM\ADDII.EXE
O4 - HKLM\..\RunServices: [ATLHY32.EXE] C:\WINDOWS\SYSTEM\ATLHY32.EXE
O4 - HKLM\..\RunServices: [IEEW.EXE] C:\WINDOWS\SYSTEM\IEEW.EXE
O4 - HKLM\..\RunServices: [SDKUK.EXE] C:\WINDOWS\SDKUK.EXE
O4 - HKLM\..\RunServices: [JAVAOV.EXE] C:\WINDOWS\JAVAOV.EXE
O4 - HKLM\..\RunServices: [APPAI32.EXE] C:\WINDOWS\SYSTEM\APPAI32.EXE
O4 - HKLM\..\RunServices: [JAVAHB32.EXE] C:\WINDOWS\JAVAHB32.EXE
O4 - HKLM\..\RunServices: [SDKNI.EXE] C:\WINDOWS\SDKNI.EXE
O4 - HKLM\..\RunServices: [SYSDV32.EXE] C:\WINDOWS\SYSTEM\SYSDV32.EXE
O4 - HKLM\..\RunServices: [ATLBD.EXE] C:\WINDOWS\ATLBD.EXE
O4 - HKLM\..\RunServices: [MSBA32.EXE] C:\WINDOWS\MSBA32.EXE
O4 - HKLM\..\RunServices: [ADDSY32.EXE] C:\WINDOWS\SYSTEM\ADDSY32.EXE
O4 - HKLM\..\RunServices: [JAVAIC32.EXE] C:\WINDOWS\SYSTEM\JAVAIC32.EXE
O4 - HKLM\..\RunServices: [IPUJ32.EXE] C:\WINDOWS\IPUJ32.EXE
O4 - HKLM\..\RunServices: [APPME32.EXE] C:\WINDOWS\SYSTEM\APPME32.EXE
O4 - HKLM\..\RunServices: [IPVF32.EXE] C:\WINDOWS\IPVF32.EXE
O4 - HKLM\..\RunServices: [APIEP32.EXE] C:\WINDOWS\SYSTEM\APIEP32.EXE
O4 - HKLM\..\RunServices: [SDKJR32.EXE] C:\WINDOWS\SDKJR32.EXE
O4 - HKLM\..\RunServices: [APIHH.EXE] C:\WINDOWS\SYSTEM\APIHH.EXE
O4 - HKLM\..\RunServices: [APPNO.EXE] C:\WINDOWS\SYSTEM\APPNO.EXE
O4 - HKLM\..\RunServices: [CRRZ.EXE] C:\WINDOWS\CRRZ.EXE
O4 - HKLM\..\RunServices: [APISJ32.EXE] C:\WINDOWS\SYSTEM\APISJ32.EXE
O4 - HKLM\..\RunServices: [ADDGB32.EXE] C:\WINDOWS\ADDGB32.EXE
O4 - HKLM\..\RunServices: [NTNQ.EXE] C:\WINDOWS\NTNQ.EXE
O4 - HKLM\..\RunServices: [IEHC.EXE] C:\WINDOWS\SYSTEM\IEHC.EXE
O4 - HKLM\..\RunServices: [CRUI32.EXE] C:\WINDOWS\SYSTEM\CRUI32.EXE
O4 - HKLM\..\RunServices: [MSWX32.EXE] C:\WINDOWS\SYSTEM\MSWX32.EXE
O4 - HKLM\..\RunServices: [IETE32.EXE] C:\WINDOWS\IETE32.EXE
O4 - HKLM\..\RunServices: [D3QX.EXE] C:\WINDOWS\D3QX.EXE
O4 - HKLM\..\RunServices: [ADDRS32.EXE] C:\WINDOWS\SYSTEM\ADDRS32.EXE
O4 - HKLM\..\RunServices: [D3WJ.EXE] C:\WINDOWS\SYSTEM\D3WJ.EXE
O4 - HKLM\..\RunServices: [D3MC.EXE] C:\WINDOWS\D3MC.EXE
O4 - HKLM\..\RunServices: [WINRM.EXE] C:\WINDOWS\WINRM.EXE
O4 - HKLM\..\RunServices: [CROY32.EXE] C:\WINDOWS\SYSTEM\CROY32.EXE
O4 - HKLM\..\RunServices: [ADDSI.EXE] C:\WINDOWS\ADDSI.EXE
O4 - HKLM\..\RunServices: [APIHH32.EXE] C:\WINDOWS\SYSTEM\APIHH32.EXE
O4 - HKLM\..\RunServices: [IEVD32.EXE] C:\WINDOWS\IEVD32.EXE
O4 - HKLM\..\RunServices: [APIXR.EXE] C:\WINDOWS\APIXR.EXE
O4 - HKLM\..\RunServices: [MFCBP32.EXE] C:\WINDOWS\SYSTEM\MFCBP32.EXE
O4 - HKLM\..\RunServices: [MFCFE.EXE] C:\WINDOWS\MFCFE.EXE
O4 - HKLM\..\RunServices: [ADDUG.EXE] C:\WINDOWS\SYSTEM\ADDUG.EXE
O4 - HKLM\..\RunServices: [WINYV32.EXE] C:\WINDOWS\SYSTEM\WINYV32.EXE
O4 - HKLM\..\RunServices: [JAVACG32.EXE] C:\WINDOWS\JAVACG32.EXE
O4 - HKLM\..\RunServices: [APIPG32.EXE] C:\WINDOWS\SYSTEM\APIPG32.EXE
O4 - HKLM\..\RunServices: [WINFN32.EXE] C:\WINDOWS\SYSTEM\WINFN32.EXE
O4 - HKLM\..\RunServices: [MSVU32.EXE] C:\WINDOWS\SYSTEM\MSVU32.EXE
O4 - HKLM\..\RunServices: [ADDVN32.EXE] C:\WINDOWS\ADDVN32.EXE
O4 - HKLM\..\RunServices: [IEDI32.EXE] C:\WINDOWS\SYSTEM\IEDI32.EXE
O4 - HKLM\..\RunServices: [CRHM32.EXE] C:\WINDOWS\CRHM32.EXE
O4 - HKLM\..\RunServices: [APINB32.EXE] C:\WINDOWS\APINB32.EXE
O4 - HKLM\..\RunServices: [APIJV32.EXE] C:\WINDOWS\APIJV32.EXE
O4 - HKLM\..\RunServices: [JAVAPH32.EXE] C:\WINDOWS\SYSTEM\JAVAPH32.EXE
O4 - HKLM\..\RunServices: [SYSLC32.EXE] C:\WINDOWS\SYSLC32.EXE
O4 - HKLM\..\RunServices: [ADDMJ32.EXE] C:\WINDOWS\ADDMJ32.EXE
O4 - HKLM\..\RunServices: [JAVAXG32.EXE] C:\WINDOWS\JAVAXG32.EXE
O4 - HKLM\..\RunServices: [APIAB.EXE] C:\WINDOWS\APIAB.EXE
O4 - HKLM\..\RunServices: [SYSNV32.EXE] C:\WINDOWS\SYSTEM\SYSNV32.EXE
O4 - HKLM\..\RunServices: [SYSUQ.EXE] C:\WINDOWS\SYSTEM\SYSUQ.EXE
O4 - HKLM\..\RunServices: [IECF32.EXE] C:\WINDOWS\SYSTEM\IECF32.EXE
O4 - HKLM\..\RunServices: [D3XQ.EXE] C:\WINDOWS\SYSTEM\D3XQ.EXE
O4 - HKLM\..\RunServices: [MSFW.EXE] C:\WINDOWS\SYSTEM\MSFW.EXE
O4 - HKLM\..\RunServices: [SDKWC32.EXE] C:\WINDOWS\SDKWC32.EXE
O4 - HKLM\..\RunServices: [APIMD.EXE] C:\WINDOWS\APIMD.EXE
O4 - HKLM\..\RunServices: [MSYV.EXE] C:\WINDOWS\MSYV.EXE
O4 - HKLM\..\RunServices: [NETZY32.EXE] C:\WINDOWS\NETZY32.EXE
O4 - HKLM\..\RunServices: [APPIG.EXE] C:\WINDOWS\APPIG.EXE
O4 - HKLM\..\RunServices: [MSRK32.EXE] C:\WINDOWS\MSRK32.EXE
O4 - HKLM\..\RunServices: [NTAZ32.EXE] C:\WINDOWS\SYSTEM\NTAZ32.EXE
O4 - HKLM\..\RunServices: [IECD32.EXE] C:\WINDOWS\IECD32.EXE
O4 - HKLM\..\RunServices: [MFCOX32.EXE] C:\WINDOWS\MFCOX32.EXE
O4 - HKLM\..\RunServices: [JAVACH.EXE] C:\WINDOWS\SYSTEM\JAVACH.EXE
O4 - HKLM\..\RunServices: [NTKD.EXE] C:\WINDOWS\SYSTEM\NTKD.EXE
O4 - HKLM\..\RunServices: [ADDUD.EXE] C:\WINDOWS\SYSTEM\ADDUD.EXE
O4 - HKLM\..\RunServices: [NETGF.EXE] C:\WINDOWS\NETGF.EXE
O4 - HKLM\..\RunServices: [WINMN32.EXE] C:\WINDOWS\WINMN32.EXE
O4 - HKLM\..\RunServices: [IEYX.EXE] C:\WINDOWS\IEYX.EXE
O4 - HKLM\..\RunServices: [IEAJ32.EXE] C:\WINDOWS\IEAJ32.EXE
O4 - HKLM\..\RunServices: [IPIP.EXE] C:\WINDOWS\SYSTEM\IPIP.EXE
We'll start with that. Fix those entries then find and delete those files. This won't completely fix the problem, but will definately help with the computer's preformance. Once you've done that, pull the plug out of the computer and post a new log.
Also, do not reboot normally or use Internet Explorer (use Mozilla or Firefox instead) until I say your log is okay.
Here's my new log... some of the files couldnt be deleted...
Thanks a million!
~Katie~
Logfile of HijackThis v1.98.2
Scan saved at 4:54:18 PM, on 11/30/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\NTRD.EXE
C:\WINDOWS\MSSO.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\NETCK.EXE
C:\WINDOWS\NETUX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\PROGRAM FILES\BLSEARCH\HCM.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\EGNNQV.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\APIJV32.EXE
C:\WINDOWS\SYSTEM\WINFN32.EXE
C:\WINDOWS\SYSTEM\IPKK32.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.humorsearch.com/cgi-bin/humorsearch.cgi?terms=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {0078391E-5E2C-E562-5F00-073BD75EB9F1} - C:\WINDOWS\MSCM.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\\vsserv.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [McAfee Image] C:\Program Files\McAfee\McAfee Shared Components\McAfee Image\image32.exe /auto
O4 - HKLM\..\RunServices: [NETUX.EXE] C:\WINDOWS\NETUX.EXE
O4 - HKLM\..\RunServices: [NTRD.EXE] C:\WINDOWS\NTRD.EXE
O4 - HKLM\..\RunServices: [NETCK.EXE] C:\WINDOWS\SYSTEM\NETCK.EXE
O4 - HKLM\..\RunServices: [MSSO.EXE] C:\WINDOWS\MSSO.EXE
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [APIJV32.EXE] C:\WINDOWS\APIJV32.EXE
O4 - HKLM\..\RunServices: [WINFN32.EXE] C:\WINDOWS\SYSTEM\WINFN32.EXE
O4 - HKLM\..\RunServices: [IPKK32.EXE] C:\WINDOWS\SYSTEM\IPKK32.EXE
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Kstcmjn] C:\WINDOWS\SYSTEM\egnnqv.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .MID: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .aif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .MUS: C:\PROGRA~1\INTERN~1\PLUGINS\NPFinale.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pbwik.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.humorsearch.com/cgi-bin/...ch.cgi?terms=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [NETUX.EXE] C:\WINDOWS\NETUX.EXE
O4 - HKLM\..\RunServices: [NTRD.EXE] C:\WINDOWS\NTRD.EXE
O4 - HKLM\..\RunServices: [NETCK.EXE] C:\WINDOWS\SYSTEM\NETCK.EXE
O4 - HKLM\..\RunServices: [MSSO.EXE] C:\WINDOWS\MSSO.EXE
O4 - HKLM\..\RunServices: [APIJV32.EXE] C:\WINDOWS\APIJV32.EXE
O4 - HKLM\..\RunServices: [WINFN32.EXE] C:\WINDOWS\SYSTEM\WINFN32.EXE
O4 - HKLM\..\RunServices: [IPKK32.EXE] C:\WINDOWS\SYSTEM\IPKK32.EXE
O4 - HKCU\..\Run: [Kstcmjn] C:\WINDOWS\SYSTEM\egnnqv.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activ...pside_web18.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?
Fix those entries then find and delete the files listed above then pull the plug and post a new log.
Thanks a million!
~Katie~
Logfile of HijackThis v1.98.2
Scan saved at 4:43:36 PM, on 12/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\MFCSF32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\PROGRAM FILES\OPTIMUM ONLINE\NETSURF.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\PROGRAM FILES\BLSEARCH\HCM.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {EAF849B0-D48F-42B8-2286-38E91D0091E5} - C:\WINDOWS\APIDZ32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\\vsserv.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [McAfee Image] C:\Program Files\McAfee\McAfee Shared Components\McAfee Image\image32.exe /auto
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [MFCSF32.EXE] C:\WINDOWS\MFCSF32.EXE
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .MID: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .aif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .MUS: C:\PROGRA~1\INTERN~1\PLUGINS\NPFinale.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
~Katie~
Logfile of HijackThis v1.98.2
Scan saved at 4:17:35 PM, on 12/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\MFCSF32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\UPGREPL.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\csine.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\bufsd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\bufsd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\bufsd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\bufsd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\bufsd.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\csine.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {EAF849B0-D48F-42B8-2286-38E91D0091E5} - C:\WINDOWS\APIDZ32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\\vsserv.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [McAfee Image] C:\Program Files\McAfee\McAfee Shared Components\McAfee Image\image32.exe /auto
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [MFCSF32.EXE] C:\WINDOWS\MFCSF32.EXE
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .MID: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .aif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .MUS: C:\PROGRA~1\INTERN~1\PLUGINS\NPFinale.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\bufsd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\bufsd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\bufsd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\bufsd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\bufsd.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\csine.dll/sp.html#28129
Fix those entries then find and delete the files listed above along with this one: C:\WINDOWS\MFCSF32.EXE
Then pull the plug and post a new log.
Thanks Again ~Katie~
Logfile of HijackThis v1.98.2
Scan saved at 7:25:14 PM, on 12/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\MFCSF32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {EAF849B0-D48F-42B8-2286-38E91D0091E5} - C:\WINDOWS\APIDZ32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\\vsserv.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [McAfee Image] C:\Program Files\McAfee\McAfee Shared Components\McAfee Image\image32.exe /auto
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [MFCSF32.EXE] C:\WINDOWS\MFCSF32.EXE
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .MID: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .aif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .MUS: C:\PROGRA~1\INTERN~1\PLUGINS\NPFinale.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
Logfile of HijackThis v1.98.2
Scan saved at 8:43:31 PM, on 12/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\PROGRAM FILES\OPTIMUM ONLINE\NETSURF.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {EAF849B0-D48F-42B8-2286-38E91D0091E5} - C:\WINDOWS\APIDZ32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\\vsserv.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [McAfee Image] C:\Program Files\McAfee\McAfee Shared Components\McAfee Image\image32.exe /auto
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [MFCSF32.EXE] C:\WINDOWS\MFCSF32.EXE
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .MID: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .aif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .MUS: C:\PROGRA~1\INTERN~1\PLUGINS\NPFinale.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
now what?
~Katie~