Thread: Adware...it's gotta be here somewhere...
View Single Post
Old 08-20-2005, 10:43 PM   #5 (permalink)
Alex159
I helped the forums.
 
Join Date: Aug 2005
Posts: 11
OS: Win98


Alright I did what you suggested and here's what I have so far. First, the Hijackthis Log.

Logfile of HijackThis v1.99.1
Scan saved at 11:40:33 PM, on 8/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...LC=0409&c=1c00
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*;
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .m4a: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/def...ploader_v5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
--------------------------------------------------------------------------


And here's the Panda Active Scan log.


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WGDAP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SRGE.DLL
Adware:adware/mediatickets No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\MediaGatewayX.dll
Adware:adware/enhsrch No disinfected C:\WINDOWS\dinst.exe
Adware:adware/savenow No disinfected C:\WINDOWS\ALL USERS\APPLICATION DATA\nsv
Adware:adware/delfinmedia No disinfected C:\WINDOWS\ALL USERS\APPLICATION DATA\vidctrl
Adware:adware/apropos No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DRRAW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DJRAW16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DWGSIG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WG2_32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RKCLTC1.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInst.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\n9058rq5.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MRVIDC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GSOUPPOL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\sRge.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Imv16.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lskrn13n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SYDOC401.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RLGWIZC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CPASPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mvtext40.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mvwmdm.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RFAPH.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\FCAMEBUF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SGDOC401.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WGDAP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DPCPCSVC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CAGMGR32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mjltus40.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MTRECR40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MUSHRUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MPCMS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mxpmsp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JMVAEE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\KZRNEL32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\demasf.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WZTSECUR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav22A1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav22E6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav6021.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav61A5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8101.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8103.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8112.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8114.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8120.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8124.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8131.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8134.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8140.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8142.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8145.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8151.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8153.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8160.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8161.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8164.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8170.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8172.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8175.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8182.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8191.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8195.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81E0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81E3.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\Start Menu\Programs\Disabled Startup Items\utrt.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING32.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\gvwvv.dat
Adware:Adware/QoolShown No disinfected C:\WINDOWS\fgfggsk.dll
Adware:Adware/MyDailyHoroscopeNo disinfected C:\WINDOWS\setup_silent_26223.exe
Adware:Adware/Midaddle No disinfected C:\WINDOWS\ru.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\xodooar.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\banner.dll
Adware:Adware/EnhSrch No disinfected C:\WINDOWS\dinst.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\xdsddp.exe
Adware:Adware/ISearch No disinfected C:\Program Files\Common Files\SYSTEM\Mapi\1033\95\MTE2NzY6ODoxNg.exe
Adware:Adware/eZula No disinfected C:\Program Files\WAV to MP3 Encoder\mm332.exe
Adware:Adware/Apropos No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7395.TMP\ProxyStub.dll
Adware:Adware/nCase No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73B5.TMP
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8002.TMP
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20050819175611.zip[RemoveDisplayUtility.exe]


Thanks for all your help so far. I really appreciate it.
Alex159 is offline