0

hijackthis log: please review:cool:
Logfile of HijackThis v1.97.7
Scan saved at 4:50:14 PM, on 4/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\WINDOWS\SYSTEM\A.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\WINDOWS\SYSTEM\SVDPJJSV.EXE
C:\TOOLS_95\IOWATCH.EXE
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\MICROSOFT REFERENCE\BOOKSHELF 2000\QSHELF2K.EXE
C:\QUICKENW\QWDLLS.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PROFILES\BARRY\DESKTOP\MOZILLA\MOZILLA.EXE
C:\PROGRAM FILES\LYCOS MESSENGER\MESSENGER.EXE
C:\PROGRAM FILES\SPYWAREBLASTER\SPYWAREBLASTER.EXE
C:\WINDOWS\PROFILES\BARRY\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=99
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zianet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ZiaNet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {0034C07B-6FB8-43a1-B6C8-FB838EDB558E} - C:\PROGRAM FILES\LYCOS MESSENGER\BARRATOOLS.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM218.DLL
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM215.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: &Mundo ADSL - {BEBF337B-9073-4574-9FC1-E0175BB25292} - C:\PROGRAM FILES\LYCOS MESSENGER\BARRATOOLS.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [zpdgging] C:\WINDOWS\SYSTEM\svdpjjsv.exe
O4 - HKLM\..\Run: [zkhed] C:\WINDOWS\zkhed.exe
O4 - HKLM\..\Run: [vkx] C:\WINDOWS\vkx.exe
O4 - HKLM\..\Run: [cnih] C:\WINDOWS\cnih.exe
O4 - HKLM\..\Run: [hqpgv] C:\WINDOWS\hqpgv.exe
O4 - HKLM\..\Run: [cdap] C:\WINDOWS\cdap.exe
O4 - HKLM\..\Run: [oxavanqz] C:\WINDOWS\oxavanqz.exe
O4 - HKLM\..\Run: [popupkl] C:\WINDOWS\popupkl.exe
O4 - HKLM\..\Run: [kryr] C:\WINDOWS\kryr.exe
O4 - HKLM\..\Run: [kpmzsr] C:\WINDOWS\kpmzsr.exe
O4 - HKLM\..\Run: [bixilop] C:\WINDOWS\bixilop.exe
O4 - HKLM\..\Run: [fchmxat] C:\WINDOWS\fchmxat.exe
O4 - HKLM\..\Run: [avkvqf] C:\WINDOWS\avkvqf.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [MESSENGER] C:\PROGRAM FILES\LYCOS MESSENGER\MESSENGER.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - User Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - User Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - User Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - User Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - User Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Lycos Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Lycos Messenger (HKLM)
O9 - Extra button: Dell Home (HKCU)

2
Contributors
6
Replies
7
Views
13 Years
Discussion Span
Last Post by desertbabe
0

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {0034C07B-6FB8-43a1-B6C8-FB838EDB558E} - C:\PROGRAM FILES\LYCOS MESSENGER\BARRATOOLS.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM218.DLL
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM215.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: &Mundo ADSL - {BEBF337B-9073-4574-9FC1-E0175BB25292} - C:\PROGRAM FILES\LYCOS MESSENGER\BARRATOOLS.DLL

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [zpdgging] C:\WINDOWS\SYSTEM\svdpjjsv.exe
O4 - HKLM\..\Run: [zkhed] C:\WINDOWS\zkhed.exe
O4 - HKLM\..\Run: [vkx] C:\WINDOWS\vkx.exe
O4 - HKLM\..\Run: [cnih] C:\WINDOWS\cnih.exe
O4 - HKLM\..\Run: [hqpgv] C:\WINDOWS\hqpgv.exe
O4 - HKLM\..\Run: [cdap] C:\WINDOWS\cdap.exe
O4 - HKLM\..\Run: [oxavanqz] C:\WINDOWS\oxavanqz.exe
O4 - HKLM\..\Run: [popupkl] C:\WINDOWS\popupkl.exe
O4 - HKLM\..\Run: [kryr] C:\WINDOWS\kryr.exe
O4 - HKLM\..\Run: [kpmzsr] C:\WINDOWS\kpmzsr.exe
O4 - HKLM\..\Run: [bixilop] C:\WINDOWS\bixilop.exe
O4 - HKLM\..\Run: [fchmxat] C:\WINDOWS\fchmxat.exe
O4 - HKLM\..\Run: [avkvqf] C:\WINDOWS\avkvqf.exe
O4 - HKCU\..\Run: [MESSENGER] C:\PROGRAM FILES\LYCOS MESSENGER\MESSENGER.EXE

O9 - Extra button: Lycos Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Lycos Messenger (HKLM)

Reboot into safe mode following the instructions here & navigate to & delete

C:\PROGRAM FILES\MYWEBSEARCH< this folder
C:\PROGRAM FILES\MYWAY< this folder
C:\PROGRAM FILES\LYCOS MESSENGER< this folder
C:\Program Files\Internet Optimizer< this folder
C:\WINDOWS\SYSTEM\SahAgent.exe< this one
C:\WINDOWS\SYSTEM\A.EXE< this one
C:\WINDOWS\SYSTEM\svdpjjsv.exe< this one

Reboot normally & Go here for an on-line scan & set it to autoclean for you.

Post a new log after.

0

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {0034C07B-6FB8-43a1-B6C8-FB838EDB558E} - C:\PROGRAM FILES\LYCOS MESSENGER\BARRATOOLS.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM218.DLL
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM215.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: &Mundo ADSL - {BEBF337B-9073-4574-9FC1-E0175BB25292} - C:\PROGRAM FILES\LYCOS MESSENGER\BARRATOOLS.DLL

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [zpdgging] C:\WINDOWS\SYSTEM\svdpjjsv.exe
O4 - HKLM\..\Run: [zkhed] C:\WINDOWS\zkhed.exe
O4 - HKLM\..\Run: [vkx] C:\WINDOWS\vkx.exe
O4 - HKLM\..\Run: [cnih] C:\WINDOWS\cnih.exe
O4 - HKLM\..\Run: [hqpgv] C:\WINDOWS\hqpgv.exe
O4 - HKLM\..\Run: [cdap] C:\WINDOWS\cdap.exe
O4 - HKLM\..\Run: [oxavanqz] C:\WINDOWS\oxavanqz.exe
O4 - HKLM\..\Run: [popupkl] C:\WINDOWS\popupkl.exe
O4 - HKLM\..\Run: [kryr] C:\WINDOWS\kryr.exe
O4 - HKLM\..\Run: [kpmzsr] C:\WINDOWS\kpmzsr.exe
O4 - HKLM\..\Run: [bixilop] C:\WINDOWS\bixilop.exe
O4 - HKLM\..\Run: [fchmxat] C:\WINDOWS\fchmxat.exe
O4 - HKLM\..\Run: [avkvqf] C:\WINDOWS\avkvqf.exe
O4 - HKCU\..\Run: [MESSENGER] C:\PROGRAM FILES\LYCOS MESSENGER\MESSENGER.EXE

O9 - Extra button: Lycos Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Lycos Messenger (HKLM)

Reboot into safe mode following the instructions here & navigate to & delete

C:\PROGRAM FILES\MYWEBSEARCH< this folder
C:\PROGRAM FILES\MYWAY< this folder
C:\PROGRAM FILES\LYCOS MESSENGER< this folder
C:\Program Files\Internet Optimizer< this folder
C:\WINDOWS\SYSTEM\SahAgent.exe< this one
C:\WINDOWS\SYSTEM\A.EXE< this one
C:\WINDOWS\SYSTEM\svdpjjsv.exe< this one

Reboot normally & Go here for an on-line scan & set it to autoclean for you.

Post a new log after.

Thank you Crunchie!! I followed all instructions with hope!! Here is my latest log. :p

Logfile of HijackThis v1.97.7
Scan saved at 3:33:02 PM, on 5/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MOZILLA\MOZILLA.EXE
C:\WINDOWS\PROFILES\BARRY\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=99
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zianet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ZiaNet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [zpdgging] C:\WINDOWS\SYSTEM\svdpjjsv.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - User Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - User Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - User Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - User Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - User Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Dell Home (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

0

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL

O4 - HKLM\..\Run: [zpdgging] C:\WINDOWS\SYSTEM\svdpjjsv.exe

Reboot into safe mode following the instructions here & navigate to & delete

C:\WINDOWS\SYSTEM\svdpjjsv.exe< this one
C:\PROGRA~1\TOOLBAR< this one

Reboot normally after doing the above then post a fresh log plz.

0

Followed instructions, latest hj log included:

Logfile of HijackThis v1.97.7
Scan saved at 5:04:02 PM, on 5/4/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\TOOLS_95\IOWATCH.EXE
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\MICROSOFT REFERENCE\BOOKSHELF 2000\QSHELF2K.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PROFILES\BARRY\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=99
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zianet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ZiaNet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - User Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - User Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - User Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - User Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - User Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Dell Home (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
:D

0

Thank you soooo much Mr. Crunchie! The services you provide are just awesome. :)

Good job, you got them.

Check out the "So how did I get infected to start with..." thread here.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.