MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Please help me unhijack my computer
July 10, 2020, 04:37:54 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
July 10, 2020, 04:37:54 PM

Login with username, password and session length
 Featured Sites:
News
12th Anniversary Celebrating 12 Years! (1997 - 2009) 12th Anniversary
Thanks to ALL that make this site what it is!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Please help me unhijack my computer  (Read 5561 times)
Sandour
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 55


Bookmark and Share

View Profile
« on: May 26, 2005, 03:28:42 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: ME
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



I have tried to clean my computer to no avail. I downloaded ad-aware and spybot s&d, and no matter how often I run them and they clean the system, I just keep getting more viruses.  Also I think that whatever junk has gotten into my computer is affecting spybot because it will update the definitions it will say 1988 bad items blocked and then when I ask it to check again it drops back to 1986 items blocked so I run update again it goes back to 1988 and then i hit check again and it's back to 1986 items blocked.

I read suggestions on your forums here and downloaded hijack this and am copying the log info for you here.  I am not very computer savy in the sense that I don't know enough to come up with solutions on my own, but I can follow instructions very well.  So if you tell me where to go and what to do (i.e. click on start menu, click on run, type winipcnfg, etc) I can do that no problem.

Anyhow, sorry for the long post (it's about to get longer), here is my hijack this log which is super long.  Please help me.

Logfile of HijackThis v1.99.1
Scan saved at 11:13:50 PM, on 25/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\FMCTRL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\CONSUMER INPUT\CONSUMERINPUT.EXE
C:\PROGRAM FILES\CONSUMER INPUT\CONSUMERINPUTUA.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-CA\MSNAPPAU.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\APPLICATION DATA\RUIE.EXE
C:\PROGRAM FILES\TIMELEFT3\TIMELEFT.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\DVZCOMMON\DVZMSGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
N1 - Netscape 4: user_pref("browser.startup.homepage", "https://easyweb.tdcanadatrust.com/"); (C:\Program Files\Netscape\Users\mustang920\prefs.js)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {12FBE752-23BC-236A-CEAA-75D20FABD9CE} - C:\WINDOWS\SYSTEM\LOKETOJ.DLL (file missing)
O2 - BHO: (no name) - {2874473F-D4DF-D353-A4CC-836DD446B6C4} - C:\WINDOWS\SYSTEM\FGRJD.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-CA\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [NvColorInit] RUNDLL32.EXE NVQTWK.DLL,NvColorInit
O4 - HKLM\..\Run: [NVQuickTweak] RUNDLL32.EXE NVQTWK.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Consumer Input] C:\Program Files\Consumer Input\ConsumerInput.exe
O4 - HKLM\..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\ConsumerInputUa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [mjpwqa] c:\windows\system\mjpwqa.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Ruao] C:\WINDOWS\Application Data\ruie.exe
O4 - HKCU\..\Run: [Eppfulkz] \plumgp.exe
O4 - HKCU\..\Run: [Ckmhk] \lplzr.exe
O4 - HKCU\..\Run: [Mkxtc] \zdgrs.exe
O4 - HKCU\..\Run: [Gvg] \exay.exe
O4 - HKCU\..\Run: [Ofogsspa] \vtglqr.exe
O4 - HKCU\..\Run: [Trcpewgh] \anaxfgq.exe
O4 - HKCU\..\Run: [Yroddgjp] \mfw.exe
O4 - HKCU\..\Run: [Aeov] \nwbqjuv.exe
O4 - HKCU\..\Run: [Tknggkei] \jid.exe
O4 - HKCU\..\Run: [Kmsw] \voparvzo.exe
O4 - HKCU\..\Run: [Edhz] \feqywov.exe
O4 - HKCU\..\Run: [Wsgtgaqf] \sebhcq.exe
O4 - HKCU\..\Run: [Msgxlqso] \pmtzlmb.exe
O4 - HKCU\..\Run: [Bbnxq] \ktbp.exe
O4 - HKCU\..\Run: [Xdu] \eyulfr.exe
O4 - HKCU\..\Run: [Zgrzom] \nwbwb.exe
O4 - HKCU\..\Run: [Lizcg] \pird.exe
O4 - HKCU\..\Run: [Pnagdxh] \pyci.exe
O4 - HKCU\..\Run: [Audrbwea] \tvdsuokt.exe
O4 - HKCU\..\Run: [Afekmpvq] \ncxump.exe
O4 - HKCU\..\Run: [Mlgx] \fvrgzmfg.exe
O4 - HKCU\..\Run: [Ihzw] \nnrczxyf.exe
O4 - HKCU\..\Run: [Msssqar] \qlbnltf.exe
O4 - HKCU\..\Run: [Aopmgn] \gjsp.exe
O4 - HKCU\..\Run: [Lvrcqqye] \vpsp.exe
O4 - HKCU\..\Run: [Ldjs] \hnm.exe
O4 - HKCU\..\Run: [Cmowvfyy] \hiuxrgss.exe
O4 - HKCU\..\Run: [Igllmoh] \yawb.exe
O4 - HKCU\..\Run: [Ltjpmq] \clkwz.exe
O4 - HKCU\..\Run: [Sgi] \orjtpbe.exe
O4 - HKCU\..\Run: [Txa] \lvvbcapa.exe
O4 - HKCU\..\Run: [Vahreu] \gtc.exe
O4 - HKCU\..\Run: [Nisbz] \reardq.exe
O4 - HKCU\..\Run: [Zsviefd] \hlzivy.exe
O4 - HKCU\..\Run: [Zuxdvjh] \fouxtfv.exe
O4 - HKCU\..\Run: [Bvjvsys] \nny.exe
O4 - HKCU\..\Run: [Cohtra] \grdjpfcz.exe
O4 - HKCU\..\Run: [Tkmthu] \lddojmta.exe
O4 - HKCU\..\Run: [Jwabptzz] \edz.exe
O4 - HKCU\..\Run: [Owd] \jsq.exe
O4 - HKCU\..\Run: [Dlcvoh] \rdvwkwdi.exe
O4 - HKCU\..\Run: [Lqemrcg] \mjj.exe
O4 - HKCU\..\Run: [Wyo] \qqdtuwg.exe
O4 - HKCU\..\Run: [Nbnjrux] \pea.exe
O4 - HKCU\..\Run: [Bgz] \lwaih.exe
O4 - HKCU\..\Run: [Biolvy] \rtdhkfxs.exe
O4 - HKCU\..\Run: [Ijt] \gch.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [Tdk] \clypckg.exe
O4 - HKCU\..\Run: [Wpezd] \hiey.exe
O4 - HKCU\..\Run: [Soylwkz] \lplggb.exe
O4 - HKCU\..\RunServices: [Ruao] C:\WINDOWS\Application Data\ruie.exe
O4 - HKCU\..\RunServices: [Eppfulkz] \plumgp.exe
O4 - HKCU\..\RunServices: [Ckmhk] \lplzr.exe
O4 - HKCU\..\RunServices: [Mkxtc] \zdgrs.exe
O4 - HKCU\..\RunServices: [Gvg] \exay.exe
O4 - HKCU\..\RunServices: [Ofogsspa] \vtglqr.exe
O4 - HKCU\..\RunServices: [Trcpewgh] \anaxfgq.exe
O4 - HKCU\..\RunServices: [Yroddgjp] \mfw.exe
O4 - HKCU\..\RunServices: [Aeov] \nwbqjuv.exe
O4 - HKCU\..\RunServices: [Tknggkei] \jid.exe
O4 - HKCU\..\RunServices: [Kmsw] \voparvzo.exe
O4 - HKCU\..\RunServices: [Edhz] \feqywov.exe
O4 - HKCU\..\RunServices: [Wsgtgaqf] \sebhcq.exe
O4 - HKCU\..\RunServices: [Msgxlqso] \pmtzlmb.exe
O4 - HKCU\..\RunServices: [Bbnxq] \ktbp.exe
O4 - HKCU\..\RunServices: [Xdu] \eyulfr.exe
O4 - HKCU\..\RunServices: [Zgrzom] \nwbwb.exe
O4 - HKCU\..\RunServices: [Lizcg] \pird.exe
O4 - HKCU\..\RunServices: [Pnagdxh] \pyci.exe
O4 - HKCU\..\RunServices: [Audrbwea] \tvdsuokt.exe
O4 - HKCU\..\RunServices: [Afekmpvq] \ncxump.exe
O4 - HKCU\..\RunServices: [Mlgx] \fvrgzmfg.exe
O4 - HKCU\..\RunServices: [Ihzw] \nnrczxyf.exe
O4 - HKCU\..\RunServices: [Msssqar] \qlbnltf.exe
O4 - HKCU\..\RunServices: [Aopmgn] \gjsp.exe
O4 - HKCU\..\RunServices: [Lvrcqqye] \vpsp.exe
O4 - HKCU\..\RunServices: [Ldjs] \hnm.exe
O4 - HKCU\..\RunServices: [Cmowvfyy] \hiuxrgss.exe
O4 - HKCU\..\RunServices: [Igllmoh] \yawb.exe
O4 - HKCU\..\RunServices: [Ltjpmq] \clkwz.exe
O4 - HKCU\..\RunServices: [Sgi] \orjtpbe.exe
O4 - HKCU\..\RunServices: [Txa] \lvvbcapa.exe
O4 - HKCU\..\RunServices: [Vahreu] \gtc.exe
O4 - HKCU\..\RunServices: [Nisbz] \reardq.exe
O4 - HKCU\..\RunServices: [Zsviefd] \hlzivy.exe
O4 - HKCU\..\RunServices: [Zuxdvjh] \fouxtfv.exe
O4 - HKCU\..\RunServices: [Bvjvsys] \nny.exe
O4 - HKCU\..\RunServices: [Cohtra] \grdjpfcz.exe
O4 - HKCU\..\RunServices: [Tkmthu] \lddojmta.exe
O4 - HKCU\..\RunServices: [Jwabptzz] \edz.exe
O4 - HKCU\..\RunServices: [Owd] \jsq.exe
O4 - HKCU\..\RunServices: [Dlcvoh] \rdvwkwdi.exe
O4 - HKCU\..\RunServices: [Lqemrcg] \mjj.exe
O4 - HKCU\..\RunServices: [Wyo] \qqdtuwg.exe
O4 - HKCU\..\RunServices: [Nbnjrux] \pea.exe
O4 - HKCU\..\RunServices: [Bgz] \lwaih.exe
O4 - HKCU\..\RunServices: [Biolvy] \rtdhkfxs.exe
O4 - HKCU\..\RunServices: [Ijt] \gch.exe
O4 - HKCU\..\RunServices: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\RunServices: [Tdk] \clypckg.exe
O4 - HKCU\..\RunServices: [Wpezd] \hiey.exe
O4 - HKCU\..\RunServices: [Soylwkz] \lplggb.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: http://staplescanada.webprint.com
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.ca/r/neutral/controls/MsnPUpld.cab?4,0,1323,0
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wordcube/wordcube.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldwinner.com/games/v40/focus/focus.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v42/bjattack/bjattack.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - https://www.cbs.gov.on.ca/obra/forms/Codebase/FormCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/055cbf5070c97d2a2b15/netzip/RdxIE601.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://www.betteresolution.com/univoice/voice.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} (Setup Class) - http://www.consumerinput.com/panel/grapevine/dcainst.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vto_x.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v44/sol/sol.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v48/haunted/haunted.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: May 26, 2005, 08:39:46 AM »

Hi and Welcome
You have a bit of a mess thats going to take a lot of cleaning...Just take your time as there is no rush and it might take a few logs to get it all clear.

It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes
.These instructions are for HJT v1.99.1 only



-------------------------------------------------------------
SHOW HIDDEN FILES AND FOLDERS.
Right click Start/ Explorer | View | Folder Options | View tab
Select Show all Files
Uncheck Hide file extensions for known file types
Select Like Current Folder button at top | Yes | Apply | OK
------------------------------------------------------------------


Please start by putting your computer in SAFE MODE.  During reboot, tap the F8 key. Select Safe Mode and then run HJT.
--------------------------------------------------------------




Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {12FBE752-23BC-236A-CEAA-75D20FABD9CE} - C:\WINDOWS\SYSTEM\LOKETOJ.DLL (file missing)
O2 - BHO: (no name) - {2874473F-D4DF-D353-A4CC-836DD446B6C4} - C:\WINDOWS\SYSTEM\FGRJD.DLL (file missing)
O4 - HKLM\..\Run: [mjpwqa] c:\windows\system\mjpwqa.exe
O4 - HKCU\..\Run: [Ruao] C:\WINDOWS\Application Data\ruie.exe
O4 - HKCU\..\Run: [Eppfulkz] \plumgp.exe
O4 - HKCU\..\Run: [Ckmhk] \lplzr.exe
O4 - HKCU\..\Run: [Mkxtc] \zdgrs.exe
O4 - HKCU\..\Run: [Gvg] \exay.exe
O4 - HKCU\..\Run: [Ofogsspa] \vtglqr.exe
O4 - HKCU\..\Run: [Trcpewgh] \anaxfgq.exe
O4 - HKCU\..\Run: [Yroddgjp] \mfw.exe
O4 - HKCU\..\Run: [Aeov] \nwbqjuv.exe
O4 - HKCU\..\Run: [Tknggkei] \jid.exe
O4 - HKCU\..\Run: [Kmsw] \voparvzo.exe
O4 - HKCU\..\Run: [Edhz] \feqywov.exe
O4 - HKCU\..\Run: [Wsgtgaqf] \sebhcq.exe
O4 - HKCU\..\Run: [Msgxlqso] \pmtzlmb.exe
O4 - HKCU\..\Run: [Bbnxq] \ktbp.exe
O4 - HKCU\..\Run: [Xdu] \eyulfr.exe
O4 - HKCU\..\Run: [Zgrzom] \nwbwb.exe
O4 - HKCU\..\Run: [Lizcg] \pird.exe
O4 - HKCU\..\Run: [Pnagdxh] \pyci.exe
O4 - HKCU\..\Run: [Audrbwea] \tvdsuokt.exe
O4 - HKCU\..\Run: [Afekmpvq] \ncxump.exe
O4 - HKCU\..\Run: [Mlgx] \fvrgzmfg.exe
O4 - HKCU\..\Run: [Ihzw] \nnrczxyf.exe
O4 - HKCU\..\Run: [Msssqar] \qlbnltf.exe
O4 - HKCU\..\Run: [Aopmgn] \gjsp.exe
O4 - HKCU\..\Run: [Lvrcqqye] \vpsp.exe
O4 - HKCU\..\Run: [Ldjs] \hnm.exe
O4 - HKCU\..\Run: [Cmowvfyy] \hiuxrgss.exe
O4 - HKCU\..\Run: [Igllmoh] \yawb.exe
O4 - HKCU\..\Run: [Ltjpmq] \clkwz.exe
O4 - HKCU\..\Run: [Sgi] \orjtpbe.exe
O4 - HKCU\..\Run: [Txa] \lvvbcapa.exe
O4 - HKCU\..\Run: [Vahreu] \gtc.exe
O4 - HKCU\..\Run: [Nisbz] \reardq.exe
O4 - HKCU\..\Run: [Zsviefd] \hlzivy.exe
O4 - HKCU\..\Run: [Zuxdvjh] \fouxtfv.exe
O4 - HKCU\..\Run: [Bvjvsys] \nny.exe
O4 - HKCU\..\Run: [Cohtra] \grdjpfcz.exe
O4 - HKCU\..\Run: [Tkmthu] \lddojmta.exe
O4 - HKCU\..\Run: [Jwabptzz] \edz.exe
O4 - HKCU\..\Run: [Owd] \jsq.exe
O4 - HKCU\..\Run: [Dlcvoh] \rdvwkwdi.exe
O4 - HKCU\..\Run: [Lqemrcg] \mjj.exe
O4 - HKCU\..\Run: [Wyo] \qqdtuwg.exe
O4 - HKCU\..\Run: [Nbnjrux] \pea.exe
O4 - HKCU\..\Run: [Bgz] \lwaih.exe
O4 - HKCU\..\Run: [Biolvy] \rtdhkfxs.exe
O4 - HKCU\..\Run: [Ijt] \gch.exe
O4 - HKCU\..\Run: [Tdk] \clypckg.exe
O4 - HKCU\..\Run: [Wpezd] \hiey.exe
O4 - HKCU\..\Run: [Soylwkz] \lplggb.exe
O4 - HKCU\..\RunServices: [Ruao] C:\WINDOWS\Application Data\ruie.exe
O4 - HKCU\..\RunServices: [Eppfulkz] \plumgp.exe
O4 - HKCU\..\RunServices: [Ckmhk] \lplzr.exe
O4 - HKCU\..\RunServices: [Mkxtc] \zdgrs.exe
O4 - HKCU\..\RunServices: [Gvg] \exay.exe
O4 - HKCU\..\RunServices: [Ofogsspa] \vtglqr.exe
O4 - HKCU\..\RunServices: [Trcpewgh] \anaxfgq.exe
O4 - HKCU\..\RunServices: [Yroddgjp] \mfw.exe
O4 - HKCU\..\RunServices: [Aeov] \nwbqjuv.exe
O4 - HKCU\..\RunServices: [Tknggkei] \jid.exe
O4 - HKCU\..\RunServices: [Kmsw] \voparvzo.exe
O4 - HKCU\..\RunServices: [Edhz] \feqywov.exe
O4 - HKCU\..\RunServices: [Wsgtgaqf] \sebhcq.exe
O4 - HKCU\..\RunServices: [Msgxlqso] \pmtzlmb.exe
O4 - HKCU\..\RunServices: [Bbnxq] \ktbp.exe
O4 - HKCU\..\RunServices: [Xdu] \eyulfr.exe
O4 - HKCU\..\RunServices: [Zgrzom] \nwbwb.exe
O4 - HKCU\..\RunServices: [Lizcg] \pird.exe
O4 - HKCU\..\RunServices: [Pnagdxh] \pyci.exe
O4 - HKCU\..\RunServices: [Audrbwea] \tvdsuokt.exe
O4 - HKCU\..\RunServices: [Afekmpvq] \ncxump.exe
O4 - HKCU\..\RunServices: [Mlgx] \fvrgzmfg.exe
O4 - HKCU\..\RunServices: [Ihzw] \nnrczxyf.exe
O4 - HKCU\..\RunServices: [Msssqar] \qlbnltf.exe
O4 - HKCU\..\RunServices: [Aopmgn] \gjsp.exe
O4 - HKCU\..\RunServices: [Lvrcqqye] \vpsp.exe
O4 - HKCU\..\RunServices: [Ldjs] \hnm.exe
O4 - HKCU\..\RunServices: [Cmowvfyy] \hiuxrgss.exe
O4 - HKCU\..\RunServices: [Igllmoh] \yawb.exe
O4 - HKCU\..\RunServices: [Ltjpmq] \clkwz.exe
O4 - HKCU\..\RunServices: [Sgi] \orjtpbe.exe
O4 - HKCU\..\RunServices: [Txa] \lvvbcapa.exe
O4 - HKCU\..\RunServices: [Vahreu] \gtc.exe
O4 - HKCU\..\RunServices: [Nisbz] \reardq.exe
O4 - HKCU\..\RunServices: [Zsviefd] \hlzivy.exe
O4 - HKCU\..\RunServices: [Zuxdvjh] \fouxtfv.exe
O4 - HKCU\..\RunServices: [Bvjvsys] \nny.exe
O4 - HKCU\..\RunServices: [Cohtra] \grdjpfcz.exe
O4 - HKCU\..\RunServices: [Tkmthu] \lddojmta.exe
O4 - HKCU\..\RunServices: [Jwabptzz] \edz.exe
O4 - HKCU\..\RunServices: [Owd] \jsq.exe
O4 - HKCU\..\RunServices: [Dlcvoh] \rdvwkwdi.exe
O4 - HKCU\..\RunServices: [Lqemrcg] \mjj.exe
O4 - HKCU\..\RunServices: [Wyo] \qqdtuwg.exe
O4 - HKCU\..\RunServices: [Nbnjrux] \pea.exe
O4 - HKCU\..\RunServices: [Bgz] \lwaih.exe
O4 - HKCU\..\RunServices: [Biolvy] \rtdhkfxs.exe
O4 - HKCU\..\RunServices: [Ijt] \gch.exe
O4 - HKCU\..\RunServices: [Tdk] \clypckg.exe
O4 - HKCU\..\RunServices: [Wpezd] \hiey.exe
O4 - HKCU\..\RunServices: [Soylwkz] \lplggb.exe


 ---------------------------------------------------------------------------
Open Windows Explorer and delete the following EXE   files Most of these you will find in the C:\WINDOWS\SYSTEM\ folder

O4 - HKCU\..\Run: [Ruao] C:\WINDOWS\Application Data\ruie.exe
O4 - HKCU\..\Run: [Eppfulkz] \plumgp.exe
O4 - HKCU\..\Run: [Ckmhk] \lplzr.exe
O4 - HKCU\..\Run: [Mkxtc] \zdgrs.exe
O4 - HKCU\..\Run: [Gvg] \exay.exe
O4 - HKCU\..\Run: [Ofogsspa] \vtglqr.exe
O4 - HKCU\..\Run: [Trcpewgh] \anaxfgq.exe
O4 - HKCU\..\Run: [Yroddgjp] \mfw.exe
O4 - HKCU\..\Run: [Aeov] \nwbqjuv.exe
O4 - HKCU\..\Run: [Tknggkei] \jid.exe
O4 - HKCU\..\Run: [Kmsw] \voparvzo.exe
O4 - HKCU\..\Run: [Edhz] \feqywov.exe
O4 - HKCU\..\Run: [Wsgtgaqf] \sebhcq.exe
O4 - HKCU\..\Run: [Msgxlqso] \pmtzlmb.exe
O4 - HKCU\..\Run: [Bbnxq] \ktbp.exe
O4 - HKCU\..\Run: [Xdu] \eyulfr.exe
O4 - HKCU\..\Run: [Zgrzom] \nwbwb.exe
O4 - HKCU\..\Run: [Lizcg] \pird.exe
O4 - HKCU\..\Run: [Pnagdxh] \pyci.exe
O4 - HKCU\..\Run: [Audrbwea] \tvdsuokt.exe
O4 - HKCU\..\Run: [Afekmpvq] \ncxump.exe
O4 - HKCU\..\Run: [Mlgx] \fvrgzmfg.exe
O4 - HKCU\..\Run: [Ihzw] \nnrczxyf.exe
O4 - HKCU\..\Run: [Msssqar] \qlbnltf.exe
O4 - HKCU\..\Run: [Aopmgn] \gjsp.exe
O4 - HKCU\..\Run: [Lvrcqqye] \vpsp.exe
O4 - HKCU\..\Run: [Ldjs] \hnm.exe
O4 - HKCU\..\Run: [Cmowvfyy] \hiuxrgss.exe
O4 - HKCU\..\Run: [Igllmoh] \yawb.exe
O4 - HKCU\..\Run: [Ltjpmq] \clkwz.exe
O4 - HKCU\..\Run: [Sgi] \orjtpbe.exe
O4 - HKCU\..\Run: [Txa] \lvvbcapa.exe
O4 - HKCU\..\Run: [Vahreu] \gtc.exe
O4 - HKCU\..\Run: [Nisbz] \reardq.exe
O4 - HKCU\..\Run: [Zsviefd] \hlzivy.exe
O4 - HKCU\..\Run: [Zuxdvjh] \fouxtfv.exe
O4 - HKCU\..\Run: [Bvjvsys] \nny.exe
O4 - HKCU\..\Run: [Cohtra] \grdjpfcz.exe
O4 - HKCU\..\Run: [Tkmthu] \lddojmta.exe
O4 - HKCU\..\Run: [Jwabptzz] \edz.exe
O4 - HKCU\..\Run: [Owd] \jsq.exe
O4 - HKCU\..\Run: [Dlcvoh] \rdvwkwdi.exe
O4 - HKCU\..\Run: [Lqemrcg] \mjj.exe
O4 - HKCU\..\Run: [Wyo] \qqdtuwg.exe
O4 - HKCU\..\Run: [Nbnjrux] \pea.exe
O4 - HKCU\..\Run: [Bgz] \lwaih.exe
O4 - HKCU\..\Run: [Biolvy] \rtdhkfxs.exe
O4 - HKCU\..\Run: [Ijt] \gch.exe
O4 - HKCU\..\Run: [Tdk] \clypckg.exe
O4 - HKCU\..\Run: [Wpezd] \hiey.exe
O4 - HKCU\..\Run: [Soylwkz] \lplggb.exe



------------------------------------------------------------------------
Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will  clean out your tempory files.

 
Restart your computer and post a new HijackThis log

Logged

An Australian Member of

EDDY
Sandour
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 55


Bookmark and Share

View Profile
« Reply #2 on: May 27, 2005, 02:02:49 AM »

Hi Pancake,

Thanks for responding and for helping.  I know, I have a bit of a mess going on.  I did everything you told me to do, but I only found this stuff to have hjt fix:

O2 - BHO: (no name) - {12FBE752-23BC-236A-CEAA-75D20FABD9CE} - C:\WINDOWS\SYSTEM\LOKETOJ.DLL (file missing)
O2 - BHO: (no name) - {2874473F-D4DF-D353-A4CC-836DD446B6C4} - C:\WINDOWS\SYSTEM\FGRJD.DLL (file missing)
O4 - HKCU\..\Run: [Eppfulkz] \plumgp.exe
O4 - HKCU\..\Run: [Ckmhk] \lplzr.exe
O4 - HKCU\..\Run: [Mkxtc] \zdgrs.exe
O4 - HKCU\..\Run: [Gvg] \exay.exe
O4 - HKCU\..\Run: [Ofogsspa] \vtglqr.exe
O4 - HKCU\..\Run: [Trcpewgh] \anaxfgq.exe
O4 - HKCU\..\Run: [Yroddgjp] \mfw.exe
O4 - HKCU\..\Run: [Aeov] \nwbqjuv.exe
O4 - HKCU\..\Run: [Tknggkei] \jid.exe
O4 - HKCU\..\Run: [Kmsw] \voparvzo.exe
O4 - HKCU\..\Run: [Edhz] \feqywov.exe
O4 - HKCU\..\Run: [Wsgtgaqf] \sebhcq.exe
O4 - HKCU\..\Run: [Msgxlqso] \pmtzlmb.exe
O4 - HKCU\..\Run: [Bbnxq] \ktbp.exe
O4 - HKCU\..\Run: [Xdu] \eyulfr.exe
O4 - HKCU\..\Run: [Zgrzom] \nwbwb.exe
O4 - HKCU\..\Run: [Lizcg] \pird.exe
O4 - HKCU\..\Run: [Pnagdxh] \pyci.exe
O4 - HKCU\..\Run: [Audrbwea] \tvdsuokt.exe
O4 - HKCU\..\Run: [Afekmpvq] \ncxump.exe
O4 - HKCU\..\Run: [Mlgx] \fvrgzmfg.exe
O4 - HKCU\..\Run: [Ihzw] \nnrczxyf.exe
O4 - HKCU\..\Run: [Msssqar] \qlbnltf.exe
O4 - HKCU\..\Run: [Aopmgn] \gjsp.exe
O4 - HKCU\..\Run: [Lvrcqqye] \vpsp.exe
O4 - HKCU\..\Run: [Ldjs] \hnm.exe
O4 - HKCU\..\Run: [Cmowvfyy] \hiuxrgss.exe
O4 - HKCU\..\Run: [Igllmoh] \yawb.exe
O4 - HKCU\..\Run: [Ltjpmq] \clkwz.exe
O4 - HKCU\..\Run: [Sgi] \orjtpbe.exe
O4 - HKCU\..\Run: [Txa] \lvvbcapa.exe
O4 - HKCU\..\Run: [Vahreu] \gtc.exe
O4 - HKCU\..\Run: [Nisbz] \reardq.exe
O4 - HKCU\..\Run: [Zsviefd] \hlzivy.exe
O4 - HKCU\..\Run: [Zuxdvjh] \fouxtfv.exe
O4 - HKCU\..\Run: [Bvjvsys] \nny.exe
O4 - HKCU\..\Run: [Cohtra] \grdjpfcz.exe
O4 - HKCU\..\Run: [Tkmthu] \lddojmta.exe
O4 - HKCU\..\Run: [Jwabptzz] \edz.exe
O4 - HKCU\..\Run: [Owd] \jsq.exe
O4 - HKCU\..\Run: [Dlcvoh] \rdvwkwdi.exe
O4 - HKCU\..\Run: [Lqemrcg] \mjj.exe
O4 - HKCU\..\Run: [Wyo] \qqdtuwg.exe
O4 - HKCU\..\Run: [Nbnjrux] \pea.exe
O4 - HKCU\..\Run: [Bgz] \lwaih.exe
O4 - HKCU\..\Run: [Biolvy] \rtdhkfxs.exe
O4 - HKCU\..\Run: [Ijt] \gch.exe
O4 - HKCU\..\Run: [Tdk] \clypckg.exe
O4 - HKCU\..\Run: [Wpezd] \hiey.exe
O4 - HKCU\..\Run: [Soylwkz] \lplggb.exe
O4 - HKCU\..\RunServices: [Ruao] C:\WINDOWS\Application Data\ruie.exe

Nothing else in that list was on the hjt list.  So I fixed it all and then went to delete the files through windows explorer, except I couldn't find any of those files.  I rebooted, ran cleanup and restarted again and here is the new hjt log file.

Logfile of HijackThis v1.99.1
Scan saved at 9:53:13 PM, on 26/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\FMCTRL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\CONSUMER INPUT\CONSUMERINPUT.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-CA\MSNAPPAU.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\TIMELEFT3\TIMELEFT.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\DVZCOMMON\DVZMSGR.EXE
C:\PROGRAM FILES\CONSUMER INPUT\CONSUMERINPUTUA.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
N1 - Netscape 4: user_pref("browser.startup.homepage", "https://easyweb.tdcanadatrust.com/"); (C:\Program Files\Netscape\Users\mustang920\prefs.js)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-CA\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-CA\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [NvColorInit] RUNDLL32.EXE NVQTWK.DLL,NvColorInit
O4 - HKLM\..\Run: [NVQuickTweak] RUNDLL32.EXE NVQTWK.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Consumer Input] C:\Program Files\Consumer Input\ConsumerInput.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: http://staplescanada.webprint.com
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.ca/r/neutral/controls/MsnPUpld.cab?4,0,1323,0
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v40/wordcube/wordcube.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldwinner.com/games/v40/focus/focus.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v42/bjattack/bjattack.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - https://www.cbs.gov.on.ca/obra/forms/Codebase/FormCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/055cbf5070c97d2a2b15/netzip/RdxIE601.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://www.betteresolution.com/univoice/voice.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} (Setup Class) - http://www.consumerinput.com/panel/grapevine/dcainst.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vto_x.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v44/sol/sol.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v48/haunted/haunted.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: May 27, 2005, 03:16:32 AM »

That all looks fine.Are you still having any problems..
Logged

An Australian Member of

EDDY
Sandour
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 55


Bookmark and Share

View Profile
« Reply #4 on: May 27, 2005, 01:11:50 PM »

I cleaned it that easily?  I fully expected there to be more to it.  I don't seem to have any problems, but when I hit ctrl+alt+del and get the task menu I still see stuff like consumerinput and consumerinputua among other things and I know for sure that at least the consumer input is not supposed to be there.  I was actaully pretty proud of myself that I knew the ruie was bad when I saw it there before your help.

Should I uninstall, delete, then download and re-install spybot?  Or is it ok to use now as long as the number of bad items to be blocked doesn't fluctuate?
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: May 27, 2005, 11:50:16 PM »

You can stop it from running in Task Manager and then go and delete the folder.

C:\Program Files\Consumer Input\ConsumerInput.exe


You dont have to delete SpyBot.Just run it about once a week and get it to FIX any items it finds
Logged

An Australian Member of

EDDY
Sandour
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 55


Bookmark and Share

View Profile
« Reply #6 on: May 28, 2005, 05:37:34 AM »

Thanks Pancake.

Here is everything in my task log.  I still think there is stuff there that I don't need.  Here is what I have listed:

Tine Left countdown --- this is a counter i installed
Netscape --- i know this is ok
Explorer --- i know this is ok
Msnmsgr  --- i know this is ok
Qttask  *
Hpzstatx *
Rnathchk *
Msnappau  --- i know this is ok
Dvzmsgr *
Wkcalrem *
Loadqm *
Fmctrl *
Rundll32 --- i know this is ok
Systray --- i know this is ok
Winampa --- i know this is ok
Hpztsb04  *


* These are the items I am unsure of/think are spyware/hijack/virus.  Am I right?
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: May 28, 2005, 07:46:29 AM »

All those on that list are legit.
Logged

An Australian Member of

EDDY
Sandour
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 55


Bookmark and Share

View Profile
« Reply #8 on: May 28, 2005, 11:28:11 AM »

Awesome... so everything is all clean now.  Thank you very much for your help.  Especially since I am technically challenged!
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: May 28, 2005, 12:49:34 PM »

Ok,no problem.I will now close this thread....
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 06, 2020, 03:55:40 AM