Options
miciel
undefined
Dear SVT Representative,
Thanks for this great free service! I have run Ad-ware and spybot but my problem is not fixed. I am having the same problem as user "Enachi" was on 4-01-05. I read his thread. He was trying to get rid of offeroptimizer and farmmext programs that were sending him pop ups when ever he switched to a new site on the Internet. I am having the same problem. Please Help!
Thank YOU VERY VERY MUCH!!!(please disregard the following logfile and see the one below it which I ran after making sure invisible files were shown.)
Her is my hijackthis thread.
Logfile of HijackThis v1.99.1
Scan saved at 5:50:43 PM, on 4/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\MAILFRONTIER\MANTISPM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\HIJACKTHIS_199\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlasorthogonality.com/seminars.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: (no name) - {7B481A98-AB27-C48D-0A46-FBCACFD79A9A} - C:\WINDOWS\SYSTEM\UCQS.DLL
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Ad Annihilator Kernel - {D880FC15-AF5D-4929-9FB5-F06D01CDF70C} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Ad Annihilator - {B2A8E0D7-5764-433D-A89B-2332B9D9BE00} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [CAISafe] C:\WINDOWS\SYSTEM\ZoneLabs\isafe.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O8 - Extra context menu item: [Block this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3245
O8 - Extra context menu item: [Unblock this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3246
O8 - Extra context menu item: [Find this resource in resource list] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3253
O8 - Extra context menu item: [Find blocking filter] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3254
O8 - Extra context menu item: [Open all links] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3247
O8 - Extra context menu item: [Add to organizer] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3250
O8 - Extra context menu item: [Locate target document] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3255
O8 - Extra context menu item: [Show/hide menu and toolbars] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3252
O8 - Extra context menu item: [Resume resource loading] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3251
O8 - Extra context menu item: [Block this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3256
O8 - Extra context menu item: [Unblock this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3257
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: (no name) - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Toolbar - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {95B60F20-F68B-11D3-8D27-009027DF735C} - http://business.dellnet.com/ (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .gov/legtrain/mc/MuniCodeChapter06/Ch06Art08Division02: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
(New Log File)
Logfile of HijackThis v1.99.1
Scan saved at 11:43:35 AM, on 4/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\MAILFRONTIER\MANTISPM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\HIJACKTHIS_199\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlasorthogonality.com/seminars.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: (no name) - {7B481A98-AB27-C48D-0A46-FBCACFD79A9A} - C:\WINDOWS\SYSTEM\UCQS.DLL
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Ad Annihilator Kernel - {D880FC15-AF5D-4929-9FB5-F06D01CDF70C} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Ad Annihilator - {B2A8E0D7-5764-433D-A89B-2332B9D9BE00} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [CAISafe] C:\WINDOWS\SYSTEM\ZoneLabs\isafe.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O8 - Extra context menu item: [Block this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3245
O8 - Extra context menu item: [Unblock this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3246
O8 - Extra context menu item: [Find this resource in resource list] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3253
O8 - Extra context menu item: [Find blocking filter] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3254
O8 - Extra context menu item: [Open all links] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3247
O8 - Extra context menu item: [Add to organizer] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3250
O8 - Extra context menu item: [Locate target document] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3255
O8 - Extra context menu item: [Show/hide menu and toolbars] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3252
O8 - Extra context menu item: [Resume resource loading] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3251
O8 - Extra context menu item: [Block this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3256
O8 - Extra context menu item: [Unblock this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3257
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: (no name) - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Toolbar - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {95B60F20-F68B-11D3-8D27-009027DF735C} - http://business.dellnet.com/ (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .gov/legtrain/mc/MuniCodeChapter06/Ch06Art08Division02: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
Dear SVT Representative,
Thanks for this great free service! I have run Ad-ware and spybot but my problem is not fixed. I am having the same problem as user "Enachi" was on 4-01-05. I read his thread. He was trying to get rid of offeroptimizer and farmmext programs that were sending him pop ups when ever he switched to a new site on the Internet. I am having the same problem. Please Help!
Thank YOU VERY VERY MUCH!!!(please disregard the following logfile and see the one below it which I ran after making sure invisible files were shown.)
Her is my hijackthis thread.
Logfile of HijackThis v1.99.1
Scan saved at 5:50:43 PM, on 4/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\MAILFRONTIER\MANTISPM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\HIJACKTHIS_199\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlasorthogonality.com/seminars.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: (no name) - {7B481A98-AB27-C48D-0A46-FBCACFD79A9A} - C:\WINDOWS\SYSTEM\UCQS.DLL
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Ad Annihilator Kernel - {D880FC15-AF5D-4929-9FB5-F06D01CDF70C} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Ad Annihilator - {B2A8E0D7-5764-433D-A89B-2332B9D9BE00} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [CAISafe] C:\WINDOWS\SYSTEM\ZoneLabs\isafe.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O8 - Extra context menu item: [Block this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3245
O8 - Extra context menu item: [Unblock this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3246
O8 - Extra context menu item: [Find this resource in resource list] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3253
O8 - Extra context menu item: [Find blocking filter] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3254
O8 - Extra context menu item: [Open all links] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3247
O8 - Extra context menu item: [Add to organizer] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3250
O8 - Extra context menu item: [Locate target document] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3255
O8 - Extra context menu item: [Show/hide menu and toolbars] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3252
O8 - Extra context menu item: [Resume resource loading] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3251
O8 - Extra context menu item: [Block this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3256
O8 - Extra context menu item: [Unblock this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3257
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: (no name) - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Toolbar - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {95B60F20-F68B-11D3-8D27-009027DF735C} - http://business.dellnet.com/ (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .gov/legtrain/mc/MuniCodeChapter06/Ch06Art08Division02: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
(New Log File)
Logfile of HijackThis v1.99.1
Scan saved at 11:43:35 AM, on 4/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\MAILFRONTIER\MANTISPM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\HIJACKTHIS_199\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlasorthogonality.com/seminars.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: (no name) - {7B481A98-AB27-C48D-0A46-FBCACFD79A9A} - C:\WINDOWS\SYSTEM\UCQS.DLL
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Ad Annihilator Kernel - {D880FC15-AF5D-4929-9FB5-F06D01CDF70C} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Ad Annihilator - {B2A8E0D7-5764-433D-A89B-2332B9D9BE00} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [CAISafe] C:\WINDOWS\SYSTEM\ZoneLabs\isafe.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O8 - Extra context menu item: [Block this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3245
O8 - Extra context menu item: [Unblock this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3246
O8 - Extra context menu item: [Find this resource in resource list] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3253
O8 - Extra context menu item: [Find blocking filter] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3254
O8 - Extra context menu item: [Open all links] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3247
O8 - Extra context menu item: [Add to organizer] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3250
O8 - Extra context menu item: [Locate target document] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3255
O8 - Extra context menu item: [Show/hide menu and toolbars] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3252
O8 - Extra context menu item: [Resume resource loading] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3251
O8 - Extra context menu item: [Block this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3256
O8 - Extra context menu item: [Unblock this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3257
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: (no name) - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Toolbar - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {95B60F20-F68B-11D3-8D27-009027DF735C} - http://business.dellnet.com/ (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .gov/legtrain/mc/MuniCodeChapter06/Ch06Art08Division02: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
0
Comments
How to see hidden files in Windows
Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7B481A98-AB27-C48D-0A46-FBCACFD79A9A} - C:\WINDOWS\SYSTEM\UCQS.DLL
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
Reboot your computer into Safe Mode
Then delete these files or directories (Do not be concerned if they do not exist):
C:\WINDOWS\SYSTEM\UCQS.DLL
C:\WINDOWS\web\related.htm
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER
Reboot your computer to go back to normal mode and post a new log.
Also is the following application a trojan?
Type: Application
C:windows\Temp
MS-Dos name: RNDRCUS.EXE
Description: www.abetterinternet.com
"a utility for downloading files and up grading software"
Logfile of HijackThis v1.99.1
Scan saved at 5:49:27 PM, on 4/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\MAILFRONTIER\MANTISPM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\HIJACKTHIS_199\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlasorthogonality.com/seminars.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Ad Annihilator Kernel - {D880FC15-AF5D-4929-9FB5-F06D01CDF70C} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Ad Annihilator - {B2A8E0D7-5764-433D-A89B-2332B9D9BE00} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [CAISafe] C:\WINDOWS\SYSTEM\ZoneLabs\isafe.exe
O8 - Extra context menu item: [Block this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3245
O8 - Extra context menu item: [Unblock this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3246
O8 - Extra context menu item: [Find this resource in resource list] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3253
O8 - Extra context menu item: [Find blocking filter] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3254
O8 - Extra context menu item: [Open all links] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3247
O8 - Extra context menu item: [Add to organizer] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3250
O8 - Extra context menu item: [Locate target document] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3255
O8 - Extra context menu item: [Show/hide menu and toolbars] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3252
O8 - Extra context menu item: [Resume resource loading] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3251
O8 - Extra context menu item: [Block this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3256
O8 - Extra context menu item: [Unblock this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3257
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: (no name) - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Toolbar - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: Dell Home - {95B60F20-F68B-11D3-8D27-009027DF735C} - http://business.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .gov/legtrain/mc/MuniCodeChapter06/Ch06Art08Division02: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
Your log looks clean now. Are you having any more problems?
I am not having any more problems except I am not sure if this following program is a trojan. I think it is because Zone alarm said it is infected. The infection it says is:
win32.clspring!generic
failure to repair
details: c:\windows\system\aznzvj.exe
Should I just delete it in safe mode? Also could you look one more time at my hijackthis thread. Thank you very much.
Sincerely Miciel.
Logfile of HijackThis v1.99.1
Scan saved at 1:15:36 PM, on 4/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\MAILFRONTIER\MANTISPM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HIJACKTHIS_199\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Ad Annihilator Kernel - {D880FC15-AF5D-4929-9FB5-F06D01CDF70C} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Ad Annihilator - {B2A8E0D7-5764-433D-A89B-2332B9D9BE00} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [CAISafe] C:\WINDOWS\SYSTEM\ZoneLabs\isafe.exe
O8 - Extra context menu item: [Block this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3245
O8 - Extra context menu item: [Unblock this banner] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3246
O8 - Extra context menu item: [Find this resource in resource list] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3253
O8 - Extra context menu item: [Find blocking filter] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3254
O8 - Extra context menu item: [Open all links] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3247
O8 - Extra context menu item: [Add to organizer] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3250
O8 - Extra context menu item: [Locate target document] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3255
O8 - Extra context menu item: [Show/hide menu and toolbars] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3252
O8 - Extra context menu item: [Resume resource loading] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3251
O8 - Extra context menu item: [Block this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3256
O8 - Extra context menu item: [Unblock this popup] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3257
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Options - {8131EDD7-9F34-4F7E-8B18-708D21B32888} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: (no name) - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra 'Tools' menuitem: Ad Annihilator Toolbar - {5300D45F-2512-49DB-80D2-804A75E65664} - C:\PROGRA~1\ADANNI~1\ADANNI~2.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Dell Home - {95B60F20-F68B-11D3-8D27-009027DF735C} - http://business.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .gov/legtrain/mc/MuniCodeChapter06/Ch06Art08Division02: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
Run this online virus scan. When it's done it will give you the option to view a report of what was found on your computer. Not everything will be removed. Copy that report and post it here.
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Thank you for your help in the past I am having a new problem. Recently my browser itself "Opera" seems to have contracted a virus or something. The shell and the web page I am on all of the sudden changes color to reds, orange and yellow and some greens colors. This happens at various times. Sometimes when I am surfing on the net or if I open Microsoft Windows. Can you look at my Hijack thread. Thank you. Also all files are visible and I have run the suggested virus software. Are Spybot and Adware SE still the programs of choice? Thanx.
Logfile of HijackThis v1.99.1
Scan saved at 3:17:23 PM, on 12/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SECURITY TASK MANAGER\SPYPROTECTOR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PORT EXPLORER\PORTEXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [Spy Protector] C:\PROGRAM FILES\SECURITY TASK MANAGER\SPYPROTECTOR.EXE /autostart
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\SYSTEM\E_SRCV03.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
Thanks again,
Miciel