POPUPS have taken over! Could someone look over my HJT log?

scrumptousscrumptous Florida
edited April 2006 in Spyware & Virus Removal
I've been invaded by popups. I'm also getting several error messages.

Error starting program...a required .DLL file. DLL was not found.
Explorer...program has performed an illegal operation.
And a Ms04704812569 fault

I've ran Spybot Search and Destroy. I have also tried several times to run Adaware. It starts running, but then hangs up and does not respond.

Attached is my HJT log. Please help me! :confused:

Thanks,
Whit

Comments

  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    I don't see your Hijack This log??
  • scrumptousscrumptous Florida
    edited March 2006
    skywalker45 wrote:
    I don't see your Hijack This log??


    OOPS! Major blonde moment. Forgot to attach on the first post. But...here it is.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:34:10 PM, on 3/22/06
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\COMPAQ\INTERNET\WATCHDOG.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\MOUSEPAD4.EXE
    C:\WINDOWS\SYSC00.EXE
    C:\WINDOWS\MS08125697048.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\COMMON FILES\VCCLIENT\VCCLIENT.EXE
    C:\PROGRAM FILES\COMMON FILES\VCCLIENT\VCMAIN.EXE
    C:\TOOLS_95\IMGICON.EXE
    C:\TOOLS_95\IOWATCH.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
    C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\TANGOMANAGER.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltel.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\esabzq3t.slt\prefs.js)
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgoogle.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\esabzq3t.slt\prefs.js)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD4.exe
    O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD4.exe
    O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME4.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [ms08125697048] C:\WINDOWS\ms08125697048.exe
    O4 - HKLM\..\Run: [ms04704812569] C:\WINDOWS\ms04704812569.exe
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\OWINKRAG.EXE CORN001
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "c:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
    O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
    O4 - HKCU\..\Run: [wzqf] C:\STUB_113_4_0_4_0.EXE
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
    O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
    O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM\owinkrag.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4427/mcfscan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2918.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
  • scrumptousscrumptous Florida
    edited March 2006
    Finally got Adaware to run. I've ran Bitdefender and Kaspersky. Already had Spyblaster loaded. I'm trying out the Zone Alarm firewall, and I have installed the AntiVir until I purchase antivirus software. I am attaching the logs from Bitdender, Kaspersky, and a new HJT log. The popups are as bas as they were at the beginning of the week, but still having problems.

    Any help/suggestions would be greatly appreciated!

    Thanks,
    Whit

    BitDefender Online Scanner - Real Time Virus Report



    Generated at: Fri, Mar 24, 2006 - 06:21:50






    Scan Info



    Scanned Files
    196047

    Infected Files
    20








    Virus Detected



    Application.Adware.NewDotNet.B.Dropper
    1

    Trojan.Dropper.Agent.AIE
    1

    Trojan.Downloader.Small.BKE
    1

    Trojan.Startpage.AHA
    1

    Trojan.Dropper.Agent.HL
    2

    Trojan.Clicker.VB.AZ
    1

    Trojan.Downloader.EW
    1

    Trojan.Downloader.Vb.TW
    2

    Trojan.Downloader.Small.CAM
    1

    Trojan.VB.Browen.A
    1

    BehavesLike:Trojan.LowZones
    3

    Adware.Wheaterbug.A
    1

    Backdoor.Rbot.ABM
    1

    Adware.BookedSpace.E
    1

    GenPack:Generic.Malware.SFM.17ADEEB6
    1

    Trojan.Dropper.Vb.KK
    1












    This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.


    Friday, March 24, 2006 6:58:01 PM
    Operating System: Microsoft Windows 98
    Kaspersky On-line Scanner version: 5.0.78.0
    Kaspersky Anti-Virus database last update: 24/03/2006
    Kaspersky Anti-Virus database records: 172700


    Scan Settings
    Scan using the following antivirus database standard
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    a:\
    c:\
    d:\
    e:\

    Scan Statistics
    Total number of scanned objects 30341
    Number of viruses found 12
    Number of infected objects 21
    Number of suspicious objects 8
    Duration of the scan process 09:03:31

    Infected Object Name Virus Name Last Action
    c:\WINDOWS\SYSTEM\winspy.exe Infected: Trojan-Downloader.Win32.Small.ckq skipped

    c:\WINDOWS\keyboard4.exe Infected: Trojan-Downloader.Win32.VB.zk skipped

    c:\WINDOWS\Application Data\IM\Identities\{2784F865-C2D4-11D7-A631-0040D0050D5E}\Message Store\Inbox.imm/[From "eBay Member: whitesandbeaches" ][Date Sun, 19 Jun 2005 17:29:35 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped

    c:\WINDOWS\Application Data\IM\Identities\{2784F865-C2D4-11D7-A631-0040D0050D5E}\Message Store\Inbox.imm/[From "eBay Member: emelyh2005" ][Date Thu, 16 Jun 2005 16:04:08 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped

    c:\WINDOWS\Application Data\IM\Identities\{2784F865-C2D4-11D7-A631-0040D0050D5E}\Message Store\Inbox.imm Mail: infected - 2 skipped

    c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/drsmartload1.exe Suspicious: Password-protected-EXE skipped

    c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped

    c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped

    c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped

    c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/drsmartload1.exe Suspicious: Password-protected-EXE skipped

    c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip ZIP: suspicious - 1 skipped

    c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped

    c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip ZIP: suspicious - 1 skipped

    c:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

    c:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

    c:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

    c:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

    c:\WINDOWS\pf78.exe NSIS: infected - 4 skipped

    c:\WINDOWS\mousepad4.exe Infected: Trojan-Clicker.Win32.VB.lv skipped

    c:\WINDOWS\newname4.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped

    c:\WINDOWS\redqwnh.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

    c:\WINDOWS\SYSC00.exe Infected: Trojan.Win32.VB.tg skipped

    c:\WINDOWS\uni_eh.exe Infected: Trojan.Win32.VB.tg skipped

    c:\WINDOWS\unin101.exe Infected: Trojan.Win32.VB.tg skipped

    c:\WINDOWS\sys015697048122006.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

    c:\WINDOWS\ms04704812569.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

    c:\413_13_op.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped

    c:\installerus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

    c:\krw1dn.exe Infected: Trojan-Downloader.Win32.Agent.agy skipped

    Scan process completed.


    Logfile of HijackThis v1.99.1
    Scan saved at 9:46:42 AM, on 3/25/06
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\COMPAQ\INTERNET\WATCHDOG.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\MOUSEPAD4.EXE
    C:\WINDOWS\SYSC00.EXE
    C:\WINDOWS\SYS09256970481.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\TOOLS_95\IMGICON.EXE
    C:\TOOLS_95\IOWATCH.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
    C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\TANGOMANAGER.EXE
    C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
    C:\HJT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltel.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\esabzq3t.slt\prefs.js)
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgoogle.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\esabzq3t.slt\prefs.js)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD4.exe
    O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD4.exe
    O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME4.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [ms04704812569] C:\WINDOWS\ms04704812569.exe
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\OWINKRAG.EXE CORN001
    O4 - HKLM\..\Run: [sys09256970481] C:\WINDOWS\sys09256970481.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "c:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
    O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
    O4 - HKCU\..\Run: [wzqf] C:\STUB_113_4_0_4_0.EXE
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
    O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
    O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM\owinkrag.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4427/mcfscan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2918.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_ansi.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    Hi Scrumptous. I'm doing some research on your log and I'll get back with you as soon as possible.
  • scrumptousscrumptous Florida
    edited March 2006
    Thanks...will be waiting on suggestions.

    Whitney
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    Hi. Well I'm finally getting back with you. Sorry it took me so long. You might want to print these instructions as you will not have access to the internet for part of this fix. If you are on a broadband connection I recommend you unplug your network cable when you begin this fix.

    Please open Hijack This and put a check (tick) next to the following entries:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD4.exe
    O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD4.exe
    O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME4.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [ms04704812569] C:\WINDOWS\ms04704812569.exe
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM\OWINKRAG.EXE CORN001
    O4 - HKLM\..\Run: [sys09256970481] C:\WINDOWS\sys09256970481.exe
    O4 - HKCU\..\Run: [wzqf] C:\STUB_113_4_0_4_0.EXE
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM\owinkrag.exe

    Close all other browsers/windows and click Fix Checked.

    Next boot the PC into safe mode. Do that by rebooting. As the PC is booting press and hold the F8 key until the Windows 98 boot menu appears. Select safe mode and then press enter.

    Next we need to make sure you can see all hidden files and folders.

    To view hidden files in Windows 98:
    • Close all programs so that you are at your desktop.
    • Double-click on the My Computer icon.
    • Select the View menu and then click Folder Options.
    • After the new window appears select the View tab.
    • Scroll down until you see the Show all files radio button and select it.
    • Press the Apply button and then the OK button and close the My Computer window.
    • Now your computer is configured to show all hidden files.

    Using Windows Explorer please delete all of the following:

    C:\STUB_113_4_0_4_0.EXE<----This file.
    C:\WINDOWS\KEYBOARD4.exe<----This file.
    C:\WINDOWS\MOUSEPAD4.exe<----This file.
    C:\WINDOWS\NEWNAME4.exe<----This file.
    C:\WINDOWS\SYSC00.exe<----This file.
    C:\WINDOWS\ms04704812569.exe<----This file.
    C:\WINDOWS\sys09256970481.exe<----This file.
    C:\WINDOWS\SYSTEM\OWINKRAG.EXE<----This file.
    C:\Program Files\Common Files\VCClient<----This folder.

    Reboot the PC into normal mode and post a fresh Hijack This log.
    :)
  • scrumptousscrumptous Florida
    edited March 2006
    Thanks for getting back to me. I know this site stays extremely busy. I deleted all the things you listed except C:\STUB_113_4_0_4_0.EXE. I couldn't find it. What are the mousepad, keyboard, newname, and sys? Here is the new HJT log. Anything else that needs to be deleted?

    Thanks,
    Whitney

    Logfile of HijackThis v1.99.1
    Scan saved at 9:12:37 PM, on 3/28/06
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\COMPAQ\INTERNET\WATCHDOG.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGCTRL.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\TOOLS_95\IMGICON.EXE
    C:\TOOLS_95\IOWATCH.EXE
    C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
    C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\TANGOMANAGER.EXE
    C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\UPDATE.EXE
    C:\HJT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltel.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c98&s=search&i=enu
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\esabzq3t.slt\prefs.js)
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgoogle.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\esabzq3t.slt\prefs.js)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "c:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
    O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
    O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
    O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
    O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM\owinkrag.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4427/mcfscan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2918.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_ansi.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
    O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/display/PopupSh.ocx
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    Kind of odd you couldn't find the one file. It's a Trojan downloader and it may have been generated by some of the other malware. We'll need to keep our eyes open for it in case it re-appears.

    The files that you asked about are just various malwares, mostly adware. Could you update me on your PC's performance? How are the pop-ups? I'll inspect your log for anything else that may need to go.
    :)
  • scrumptousscrumptous Florida
    edited March 2006
    Really not sure what I'm looking for in the C:\Stub. When going into the C drive, I don't see anything listed like that. Popups seem to have disappeared, but the computer is still running slow. I know the system is old, but any suggestions?

    Whit
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    Hopefully it's gone but what you would be looking for this:

    C:\STUB_113_4_0_4_0.EXE

    Is not in a folder of it's own. It would be an executable file with that name right off the C:\ drive. If you want have another look or you could use the Windows Search feature to search for the file. You would be looking for a file named this:

    STUB_113_4_0_4_0.EXE

    Let me know if you find it anywhere. Be sure to include hidden files in your search. If you find it anywhere delete all instances of it.
    :)
  • scrumptousscrumptous Florida
    edited April 2006
    Double checked to make sure that hidden files was checked. Looked again in C:\ drive for the STUB application, and I didn't see it. Ran a search for it and nothing came up. I typed just STUB in the file name and that particular file wasn't in there either. What type of application is it and what does it do?

    Whit
  • skywalker45skywalker45 Bloomington, IN. USA
    edited April 2006
    It's probably gone which is a good thing.
    :)
    It's a Trojan downloader which means it tries to connect to a remote host to download other trojans, adware, viruses, etc. But I don't think we need to worry about it. Are you having any more problems? Let me know.
  • scrumptousscrumptous Florida
    edited April 2006
    Other than an old system and a little slow, computer seems to be back to its old self. Thanks for all the help, skywalker.

    Whit
  • skywalker45skywalker45 Bloomington, IN. USA
    edited April 2006
    No problem Whit :)

    I'll close this thread now. If you need it re-opened just PM me or one of the other moderators and we'll open it for you.
This discussion has been closed.