0

when i start my computer a box comes up saying "missing shortcut" and a few of the shortcuts that it says are missing is:
morze5.exe
nbjikk9x.exe
j635cgrl.exe
3x23gli3.exe
and everytime i click one box off another one comes up. i looked them up on the net and the only one i found was morze5.exe and i know its some sort of spyware and what not so i downloaded Ad-aware and XoftSpy. the ad-aware found some Malware and deleted that stuff but i still get the missing shortcut boxes, and when i run the ad-aware again it finds the same stuff that it said it deleted. after i run those programs and restart my computer it seems like i get even more missing shortcut boxes.

are these problems something i can fix or should i give in and take my computer to get fixed before it dies?

3
Contributors
10
Replies
11
Views
13 Years
Discussion Span
Last Post by crunchie
0

Looks like you have/had a virus. Might be an idea to have an online scan, so go to http://housecall.trendmicro.com/ for an on-line scan & set it to autoclean for you.
I know you have Adaware, but I have a 'canned' message that includes it that i will paste here with instructions on how to set it up. Very important to update it often before running it.
Download & instal Adaware from http://majorgeeks.com/download.php?det=506
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
Also in tweaks under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion.'
Remove what it finds by placing a check in the box to the left of the object.
Download & instal Spybot S&D from http://www.safer-networking.org/index.php?page=download Update it B4 scanning.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. Download that & you can keep it updated by selecting the same link that you use to download it.
To be extra sure that everything is gone you can also download a program called 'HijackThis' which is used to identify & remove foreigners.
Download HijackThis from http://209.133.47.200/~merijn/files/HijackThis.exe & unzip it into it's own, permanent folder, not a temporary one. Start HJT & press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file & paste it into the body of your post. DO NOT FIX ANYTHING YET.

0

thanx i did everything that u said, heres the log, i hope this is what u wanted:


Logfile of HijackThis v1.97.7
Scan saved at 5:41:26 PM, on 4/1/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ONLINE SERVICES\MSN50\MSNDC.EXE
C:\PROGRAM FILES\SCANSOFT\TEXTBRIDGE PLUS\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MY DOCUMENTS\MONET'S\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\SCANSOFT\TEXTBR~1\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [LIU] C:\PROGRAM FILES\LOGITECH\QUICKCAM\RUBICON.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [D5WAL0A4.EXE] C:\WINDOWS\D5WAL0A4.EXE /dk
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\Online Services\MSN50\MSNDC.EXE
O4 - Startup: NBJIKK9X.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\TextBridge Plus\Ereg\REMIND32.EXE
O4 - Startup: 4FT20M4B.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Startup: J635CGRL.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Startup: 3X23GLJ3.lnk = C:\WINDOWS\7k0mn61j.exe
O4 - Startup: OX3L9L80.lnk = C:\WINDOWS\ox3l9l80.exe
O4 - Startup: 5M83F3VU.lnk = C:\WINDOWS\7k0mn61j.exe
O4 - Startup: IE0AV37Z.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: XVZP5H1T.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: XRZX60G7.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: J1I5783O.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Startup: WYQ70XWE.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Startup: WH06KMP4.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: XDYL8O08.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: 0BGTYPZN.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: D382KJDP.lnk = C:\WINDOWS\d382kjdp.exe
O4 - Startup: QK3M7B8Y.lnk = C:\WINDOWS\qk3m7b8y.exe
O4 - Startup: B49IHXT1.lnk = C:\WINDOWS\b49ihxt1.exe
O4 - Startup: Y90IY7HN.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: GRM8QKT4.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: BK05ZC5E.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: 6OV8V52Q.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: 7K0MN61J.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: 9A7TNCNH.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: H8IE077I.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: FMZGYVLP.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: 2IH7TJ8Y.lnk = C:\WINDOWS\2ih7tj8y.exe
O4 - Startup: 6DPUI0AD.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Startup: GLJEHB27.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Startup: 6ZUELDYV.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Startup: QOC1DTAG.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: YKWUHMRL.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: RAB3XFXU.lnk = C:\WINDOWS\rab3xfxu.exe
O4 - Startup: RIZ6792K.lnk = C:\WINDOWS\riz6792k.exe
O4 - Startup: AKAQLPZ3.lnk = C:\WINDOWS\akaqlpz3.exe
O4 - Startup: 556DQX7A.lnk = C:\WINDOWS\556dqx7a.exe
O4 - Startup: G7QKVIRH.lnk = C:\WINDOWS\g7qkvirh.exe
O4 - Startup: 7RMHOUG2.lnk = C:\WINDOWS\7rmhoug2.exe
O4 - Startup: D5WAL0A4.lnk = C:\WINDOWS\d5wal0a4.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\6ov8v52q.exe
O4 - Global Startup: NBJIKK9X.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: 4FT20M4B.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: J635CGRL.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: 3X23GLJ3.lnk = C:\WINDOWS\3x23glj3.exe
O4 - Global Startup: OX3L9L80.lnk = C:\WINDOWS\ox3l9l80.exe
O4 - Global Startup: 5M83F3VU.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: IE0AV37Z.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: XVZP5H1T.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: XRZX60G7.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: J1I5783O.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: WYQ70XWE.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: WH06KMP4.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: XDYL8O08.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: 0BGTYPZN.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: D382KJDP.lnk = C:\WINDOWS\d382kjdp.exe
O4 - Global Startup: QK3M7B8Y.lnk = C:\WINDOWS\qk3m7b8y.exe
O4 - Global Startup: B49IHXT1.lnk = C:\WINDOWS\b49ihxt1.exe
O4 - Global Startup: Y90IY7HN.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: GRM8QKT4.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: BK05ZC5E.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: 6OV8V52Q.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: 7K0MN61J.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: 9A7TNCNH.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: H8IE077I.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: FMZGYVLP.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: 2IH7TJ8Y.lnk = C:\WINDOWS\2ih7tj8y.exe
O4 - Global Startup: 6DPUI0AD.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: GLJEHB27.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: 6ZUELDYV.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: QOC1DTAG.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: YKWUHMRL.lnk = C:\WINDOWS\h8ie077i.exe
O4 - Global Startup: RAB3XFXU.lnk = C:\WINDOWS\rab3xfxu.exe
O4 - Global Startup: RIZ6792K.lnk = C:\WINDOWS\riz6792k.exe
O4 - Global Startup: AKAQLPZ3.lnk = C:\WINDOWS\akaqlpz3.exe
O4 - Global Startup: 556DQX7A.lnk = C:\WINDOWS\556dqx7a.exe
O4 - Global Startup: G7QKVIRH.lnk = C:\WINDOWS\g7qkvirh.exe
O4 - Global Startup: 7RMHOUG2.lnk = C:\WINDOWS\7rmhoug2.exe
O4 - Global Startup: D5WAL0A4.lnk = C:\WINDOWS\d5wal0a4.exe
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: MSN (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06869d73e24033c22119/netzip/RdxIE601.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

0

Then download the attatchment here (Adtomi Cleanup.zip).
And follow the instructions.

Unzip it to C:\Windows
See if there is an Adtomi icon in your system tray , and if so exit from it.


Now locate and Double Click Cleanup.bat that is in the folder you unzipped ( C:\Windows\Adtomi Cleanup )

***Do not Touch the VBS files. The bat file will run the scripts.

It will remove the Adtomi Spyware files from the Windows Folder
Clean the Startup Folders
Create Backups of the Adtomi exe files it deletes and save them in this folder
Create a list of all oddly named files deleted from the Windows Folder
Uninstall the BHO
Start HijackThis and give you directions on what to remove.

Reboot then post a new log plz.

0

here ya go...

Logfile of HijackThis v1.97.7
Scan saved at 12:51:27 AM, on 4/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SCANSOFT\TEXTBRIDGE PLUS\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SCANSOFT\TEXTBRIDGE PLUS\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\MY DOCUMENTS\MONET'S\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\SCANSOFT\TEXTBR~1\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [LIU] C:\PROGRAM FILES\LOGITECH\QUICKCAM\RUBICON.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [SOUNDD] C:\WINDOWS\SYSTEM\SOUNDD.exe
O4 - HKLM\..\Run: [I3KY1Q03.EXE] C:\WINDOWS\I3KY1Q03.EXE /dk
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [I3KY1Q03.EXE] C:\WINDOWS\I3KY1Q03.EXE /dk
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\Online Services\MSN50\MSNDC.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\TextBridge Plus\Ereg\REMIND32.EXE
O4 - Startup: MORZE5.lnk.disabled
O4 - Startup: J635CGRL.lnk.disabled
O4 - Startup: OX3L9L80.lnk.disabled
O4 - Startup: IE0AV37Z.lnk.disabled
O4 - Startup: XRZX60G7.lnk.disabled
O4 - Startup: MORZE1.lnk.disabled
O4 - Startup: WYQ70XWE.lnk.disabled
O4 - Startup: XDYL8O08.lnk.disabled
O4 - Startup: D382KJDP.lnk.disabled
O4 - Startup: B49IHXT1.lnk.disabled
O4 - Startup: 7K0MN61J.lnk.disabled
O4 - Startup: GRM8QKT4.lnk.disabled
O4 - Startup: 9A7TNCNH.lnk.disabled
O4 - Startup: FMZGYVLP.lnk.disabled
O4 - Startup: 6DPUI0AD.lnk.disabled
O4 - Startup: 6ZUELDYV.lnk.disabled
O4 - Startup: YKWUHMRL.lnk.disabled
O4 - Startup: QOC1DTAG.lnk.disabled
O4 - Startup: RAB3XFXU.lnk.disabled
O4 - Startup: G7QKVIRH.lnk.disabled
O4 - Startup: D5WAL0A4.lnk.disabled
O4 - Startup: EE8FBV7T.lnk.disabled
O4 - Startup: ELR03ZHU.lnk.disabled
O4 - Startup: QAYFRXNN.lnk.disabled
O4 - Startup: MUPULJ08.lnk.disabled
O4 - Startup: UOZQIM5T.lnk.disabled
O4 - Startup: 6HB07R50.lnk.disabled
O4 - Startup: FFPDJIGU.lnk.disabled
O4 - Startup: 5BEU3YG8.lnk.disabled
O4 - Startup: PF8D0XQ6.lnk.disabled
O4 - Startup: WPTOHVTM.lnk.disabled
O4 - Startup: 6TN47D1C.lnk.disabled
O4 - Startup: 9PRF9DYQ.lnk.disabled
O4 - Startup: 3TGTYLZZ.lnk.disabled
O4 - Startup: 106YZGMZ.lnk.disabled
O4 - Startup: 7RMHOUG2.lnk.disabled
O4 - Startup: 556DQX7A.lnk.disabled
O4 - Startup: AKAQLPZ3.lnk.disabled
O4 - Startup: RIZ6792K.lnk.disabled
O4 - Startup: GLJEHB27.lnk.disabled
O4 - Startup: 2IH7TJ8Y.lnk.disabled
O4 - Startup: H8IE077I.lnk.disabled
O4 - Startup: BK05ZC5E.lnk.disabled
O4 - Startup: 6OV8V52Q.lnk.disabled
O4 - Startup: Y90IY7HN.lnk.disabled
O4 - Startup: QK3M7B8Y.lnk.disabled
O4 - Startup: 0BGTYPZN.lnk.disabled
O4 - Startup: WH06KMP4.lnk.disabled
O4 - Startup: J1I5783O.lnk.disabled
O4 - Startup: XVZP5H1T.lnk.disabled
O4 - Startup: 5M83F3VU.lnk.disabled
O4 - Startup: 3X23GLJ3.lnk.disabled
O4 - Startup: 4FT20M4B.lnk.disabled
O4 - Startup: NBJIKK9X.lnk.disabled
O4 - Global Startup: 4FT20M4B.lnk.disabled
O4 - Global Startup: J635CGRL.lnk.disabled
O4 - Global Startup: OX3L9L80.lnk.disabled
O4 - Global Startup: 5M83F3VU.lnk.disabled
O4 - Global Startup: XVZP5H1T.lnk.disabled
O4 - Global Startup: XRZX60G7.lnk.disabled
O4 - Global Startup: J1I5783O.lnk.disabled
O4 - Global Startup: WYQ70XWE.lnk.disabled
O4 - Global Startup: XDYL8O08.lnk.disabled
O4 - Global Startup: 0BGTYPZN.lnk.disabled
O4 - Global Startup: QK3M7B8Y.lnk.disabled
O4 - Global Startup: B49IHXT1.lnk.disabled
O4 - Global Startup: GRM8QKT4.lnk.disabled
O4 - Global Startup: BK05ZC5E.lnk.disabled
O4 - Global Startup: 7K0MN61J.lnk.disabled
O4 - Global Startup: 9A7TNCNH.lnk.disabled
O4 - Global Startup: FMZGYVLP.lnk.disabled
O4 - Global Startup: 2IH7TJ8Y.lnk.disabled
O4 - Global Startup: GLJEHB27.lnk.disabled
O4 - Global Startup: 6ZUELDYV.lnk.disabled
O4 - Global Startup: YKWUHMRL.lnk.disabled
O4 - Global Startup: RAB3XFXU.lnk.disabled
O4 - Global Startup: AKAQLPZ3.lnk.disabled
O4 - Global Startup: 556DQX7A.lnk.disabled
O4 - Global Startup: 7RMHOUG2.lnk.disabled
O4 - Global Startup: D5WAL0A4.lnk.disabled
O4 - Global Startup: EE8FBV7T.lnk.disabled
O4 - Global Startup: 3TGTYLZZ.lnk.disabled
O4 - Global Startup: 9PRF9DYQ.lnk.disabled
O4 - Global Startup: QAYFRXNN.lnk.disabled
O4 - Global Startup: MUPULJ08.lnk.disabled
O4 - Global Startup: WPTOHVTM.lnk.disabled
O4 - Global Startup: PF8D0XQ6.lnk.disabled
O4 - Global Startup: 6HB07R50.lnk.disabled
O4 - Global Startup: FFPDJIGU.lnk.disabled
O4 - Global Startup: MORZE5.lnk.disabled
O4 - Global Startup: NBJIKK9X.lnk.disabled
O4 - Global Startup: 3X23GLJ3.lnk.disabled
O4 - Global Startup: IE0AV37Z.lnk.disabled
O4 - Global Startup: MORZE1.lnk.disabled
O4 - Global Startup: WH06KMP4.lnk.disabled
O4 - Global Startup: D382KJDP.lnk.disabled
O4 - Global Startup: Y90IY7HN.lnk.disabled
O4 - Global Startup: 6OV8V52Q.lnk.disabled
O4 - Global Startup: H8IE077I.lnk.disabled
O4 - Global Startup: 6DPUI0AD.lnk.disabled
O4 - Global Startup: QOC1DTAG.lnk.disabled
O4 - Global Startup: RIZ6792K.lnk.disabled
O4 - Global Startup: G7QKVIRH.lnk.disabled
O4 - Global Startup: 106YZGMZ.lnk.disabled
O4 - Global Startup: ELR03ZHU.lnk.disabled
O4 - Global Startup: 6TN47D1C.lnk.disabled
O4 - Global Startup: UOZQIM5T.lnk.disabled
O4 - Global Startup: 5BEU3YG8.lnk.disabled
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: MSN (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06869d73e24033c22119/netzip/RdxIE601.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

0

Ok. Will have to do the Adtomi thing again.
First up press ctrl+ ALT+DEL once to bring up task manage & stop the running process on the funny named file with 8 assorted letters & numbers, that will be listed towards the bottom of the running process list in your hijackthis log,
and there might also be morze1 running, if so end that process as well

In your case the file/ process to stop is : C:\WINDOWS\I3KY1Q03.EXE

Now locate and Double Click Cleanup.bat that is in the folder you unzipped ( C:\Windows\Adtomi Cleanup )

***Do not Touch the VBS files. The bat file will run the scripts.

It will remove the Adtomi Spyware files from the Windows Folder
Clean the Startup Folders
Create Backups of the Adtomi exe files it deletes and save them in this folder
Create a list of all oddly named files deleted from the Windows Folder
Uninstall the BHO
Start HijackThis and give you directions on what to remove.

When you have finished please restart the computer.

Run HijackThis again and post the contents of your new log and the contents of Adtomi.txt in your next reply in your Forum Topic.

0

here u go, i wasnt sure what the adtomi.txt was but i put "adtomi.txt" in the FIND thing on my computer and it found it for me, i hope thats the right thing u were looking for...

Logfile of HijackThis v1.97.7
Scan saved at 12:29:33 AM, on 4/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SCANSOFT\TEXTBRIDGE PLUS\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ONLINE SERVICES\MSN50\MSNDC.EXE
C:\PROGRAM FILES\SCANSOFT\TEXTBRIDGE PLUS\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\MONET'S\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\SCANSOFT\TEXTBR~1\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [LIU] C:\PROGRAM FILES\LOGITECH\QUICKCAM\RUBICON.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [SOUNDD] C:\WINDOWS\SYSTEM\SOUNDD.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\Online Services\MSN50\MSNDC.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\TextBridge Plus\Ereg\REMIND32.EXE
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: MSN (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06869d73e24033c22119/netzip/RdxIE601.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB

--------------------------------------------------------------------------
Adtomi.txt:

4/5/04 12:50:45 AM
C:\WINDOWS\5beu3yg8.exe
C:\WINDOWS\9prf9dyq.exe
C:\WINDOWS\qayfrxnn.exe
C:\WINDOWS\6hb07r50.exe
C:\WINDOWS\pf8d0xq6.exe
C:\WINDOWS\i3ky1q03.exe
C:\WINDOWS\qq5yfm3i.exe
C:\WINDOWS\rh81tcrx.exe
C:\WINDOWS\jta1w9nd.exe


4/5/04 12:50:53 AM
No Larger Files Found

4/6/04 12:13:17 AM
No Smaller Files Found

4/6/04 12:13:24 AM
No Larger Files Found

0

You've done a really good job there. Well done. We'll just finish cleaning up now. Have only HJT running & fix these entries=

R3 - Default URLSearchHook is missing
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [SOUNDD] C:\WINDOWS\SYSTEM\SOUNDD.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06869d7...ip/RdxIE601.cab

Reboot into safe mode following the instructions here. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 & navigate to & delete
C:\WINDOWS\SYSTEM\SOUNDD.exe< this file

Whilst there see if you can find any of these files that the adtomi remover found & remove them. There should be none though.

C:\WINDOWS\5beu3yg8.exe
C:\WINDOWS\9prf9dyq.exe
C:\WINDOWS\qayfrxnn.exe
C:\WINDOWS\6hb07r50.exe
C:\WINDOWS\pf8d0xq6.exe
C:\WINDOWS\i3ky1q03.exe
C:\WINDOWS\qq5yfm3i.exe
C:\WINDOWS\rh81tcrx.exe
C:\WINDOWS\jta1w9nd.exe

Then reboot normally & we should be able to give you the all clear.

0

ok i did those things, and the files that u told me to look for were not there, just like u said they shouldnt be. but i did however find these:

106yzgmz
2ih7t8y
3tgtylzz
9995wko3
b49ihxt1
d382kjdp

are those good files, or should they be removed also? and some of the backups to the files with the number/letter combinations ended up in my folder, so what do i do with them? i put them in their own folder, but should i delete them?

you've been a great help to me...thank u :)

0

I did however find these:

106yzgmz
2ih7t8y
3tgtylzz
9995wko3
b49ihxt1
d382kjdp

are those good files, or should they be removed also?

Remove them. Remove the backups, as well.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.