majdave Posted May 28, 2005 Posted May 28, 2005 Hi All!Had a seminar at the company on computer cleanup. Recently installed a high speed connection, but as soon as I started running Explorer in the clear (bad idea I now know), I was swamped with adware and spyware. I have run SPYBOT and AD-WARE SE, but still think I have some of the bad-guy stuff on my computer. I now run Mozilla Firefox as my browser and am very happy with the change.Anyway, here's my Hijack This Log. I'm pretty sure Q330995.exe needs to go, as well as the two with (no name). Any and all help appreciated greatly! (sorry if there is nothing interesting or really nasty in the log. if that's the case, someone please tell me)Logfile of HijackThis v1.99.1Scan saved at 9:51:32 PM, on 5/26/2005Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v5.50 (5.50.4134.0100)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXEC:\WINDOWS\SYSTEM\HPSYSDRV.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXEC:\WINDOWS\SYSTEM\HPZTSB06.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\PROGRAM FILES\FELLOWES\MEDIAFACE 4.0\SETHOOK.EXEC:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXEC:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\PROJECT SELECTOR\PROJSELECTOR.EXEC:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\DRAGTODISC\DRGTODSC.EXEC:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\RXMON.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXEC:\WINDOWS\RunDLL.exeC:\SCANJET\PRECISIONSCAN\HPPPT.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXEC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXEC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXEC:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\PLAYLIST.EXEC:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXEC:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\SYSTEM\HPZSTATX.EXEC:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailureR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailureR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailureR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: (no name) - {D94D8BEE-EDBE-41CD-BA43-4E6B40EDEFED} - C:\WINDOWS\SYSTEM\ODLKE.DLLO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLLO3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeO4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -sO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exeO4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exeO4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exeO4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exeO4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottimeO4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -rO4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exeO4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exeO4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exeO4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exeO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRYO4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exeO4 - Startup: HP Parallel Port Test.lnk = C:\SCANJET\PrecisionScan\hpppt.exeO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\IomegaWare\Commander.exeO4 - Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exeO4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exeO4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exeO4 - Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = C:\Program Files\Scrapbook Designer\scrapremind.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXEO9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXEO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dllO14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.comO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exeO16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exeO16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/v...can/mcasupd.cabO18 - Filter: text/html - {3DE29399-93C2-4C5A-8C36-D531100AABB7} - C:\WINDOWS\SYSTEM\ODLKE.DLLO18 - Filter: text/plain - {3DE29399-93C2-4C5A-8C36-D531100AABB7} - C:\WINDOWS\SYSTEM\ODLKE.DLL
dman Posted May 28, 2005 Posted May 28, 2005 Tarun is the expert at this and will probably make better reply when he goes online. In the meantime, try pasting your log here:http://www.hijackthis.de/enIt looks like you have a few nasties.
Tarun Posted May 28, 2005 Posted May 28, 2005 Generated by Tarun's HijackThis Converter.Created registry value. Safe to remove:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailureR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailureR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailureR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailureChanged registry value. Safe to remove:R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailureCreated registry value. Safe to remove:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostEnumeration of existing IE's BHO's. Safe to remove:O2 - BHO: (no name) - {D94D8BEE-EDBE-41CD-BA43-4E6B40EDEFED} - C:\WINDOWS\SYSTEM\ODLKE.DLLEnumeration of suspicious auto-loading registry entries. Safe to remove:O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeO4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -sO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exeO4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottimeO4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -rO4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exeO4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRYO4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exeO4 - Startup: HP Parallel Port Test.lnk = C:\SCANJET\PrecisionScan\hpppt.exeO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\IomegaWare\Commander.exeO4 - Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exeO4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exeO4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exeO4 - Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = C:\Program Files\Scrapbook Designer\scrapremind.exeExtra "Tools" menu items and buttons. Safe to remove:O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXEO9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXEO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dllChanging of IERESET.INF. Safe to remove:O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.comDownloaded Program Files item. Safe to remove:O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exeO16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exeO16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/v...can/mcasupd.cabEnumeration of existing protocols and filters. Safe to remove:O18 - Filter: text/html - {3DE29399-93C2-4C5A-8C36-D531100AABB7} - C:\WINDOWS\SYSTEM\ODLKE.DLLO18 - Filter: text/plain - {3DE29399-93C2-4C5A-8C36-D531100AABB7} - C:\WINDOWS\SYSTEM\ODLKE.DLLGlad to hear you're using Firefox. You may also wish to switch to Quicktime Alternative and Real Alternative.Believe it or not, System Restore doesn't work on Windows ME at all. The thing is seriously a joke. Roxio GoBack however has worked flawlessly on Windows ME operating systems.Since I had GoBack, I made use of System Restore Remover Pro. It lets you get rid of PCHealth, System Restore, and the "System File Protection" (all recommended)Another cool thing to use on your Windows ME OS is Tihiy's Win9x Revolutions Pack. You get all the XP perks, etc.
majdave Posted May 30, 2005 Author Posted May 30, 2005 Tarun,Thanks for the reply, and the advice. I'll certainly look into downloaded those programs. I don't spend as much time on the computer as I used to... having a 16-month old eats up a lot of the free time. But I like to keep things running as smoothly and painlessly as possible. Having places like this to go to helps when I don't have the time to figure out everything for myself.If you ever need help with a helicopter problem, give me a call! LOLFor any others out there reading this post and wondering if you should take the plunge with Highjack This!... go for it! This site provides some fantastic advice and info.MAJDAVE
majdave Posted May 30, 2005 Author Posted May 30, 2005 Tarun,Foolow-up #2... I used Hijack this to remove the lines you recommended. Program performed as advertised... no problem at all. I also downloaded and ran System Restore Reomover Pro... another great idea! Took a couple of reboots for everything to come back on line, but having all that ME baggage gone has got to be a good thing.Thanks!MAJDAVE
Tarun Posted May 30, 2005 Posted May 30, 2005 Tarun,Thanks for the reply, and the advice. I'll certainly look into downloaded those programs. I don't spend as much time on the computer as I used to... having a 16-month old eats up a lot of the free time. But I like to keep things running as smoothly and painlessly as possible. Having places like this to go to helps when I don't have the time to figure out everything for myself.If you ever need help with a helicopter problem, give me a call! LOLFor any others out there reading this post and wondering if you should take the plunge with Highjack This!... go for it! This site provides some fantastic advice and info.MAJDAVE<{POST_SNAPBACK}>Ooh, a 16 month old and a misbehaving computer. Well, hopefully now it's one less headache. Tarun,Foolow-up #2... I used Hijack this to remove the lines you recommended. Program performed as advertised... no problem at all. I also downloaded and ran System Restore Reomover Pro... another great idea! Took a couple of reboots for everything to come back on line, but having all that ME baggage gone has got to be a good thing.Thanks!MAJDAVE<{POST_SNAPBACK}>I'm actually considering adding the System Restore Remover Pro to my tech cd (which needs updating). I've been so busy fixing my site I've neglected it. Glad to hear everything is working well for you. Do post any other problems you may have, be it here or on my Lunarsoft site.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now