Tech Support banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hi! I am trying to fix my mom's computer. It's really slow and every time she tries to use the internet, she gets all kinds of popups. She also has desktop icons and "favorite links" to porn sites she says she's never visited. I've tried to educate her on never opening links and such, but I fear she has a system in a mess. I appreciate it, and mom thanks you!

Logfile of HijackThis v1.99.1
Scan saved at 5:21:05 PM, on 12/23/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\RARI\MSDTC.EXE
C:\WINDOWS\EAAP\WRH.EXE
C:\PROGRAM FILES\3-BUTTON MOUSE\SCW32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1138173744\EE\AOLHOSTMANAGER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1138173744\EE\AOLSERVICEHOST.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1138173744\EE\SERVICES\ANTISPYWAREAPP\VER2_0_7\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1138173744\EE\AOLSERVICEHOST.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://zoosecret.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zoosecret.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.syspage.com/ads/homepagesai.php?id=start33
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {81B84A5E-FBBD-F44E-9AFF-F0FA3FDF3B91} - C:\WINDOWS\SYSTEM\AEOKAE.DLL
O2 - BHO: (no name) - {B82E53B8-E95E-EBA8-7BE1-B19EF865079A} - C:\WINDOWS\SYSTEM\SLHXBJ.DLL (file missing)
O2 - BHO: (no name) - {81B84A5E-FBBD-F44E-9AFF-F0FA3FDF3B91} - C:\WINDOWS\SYSTEM\AEOKAE.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [MMHID] rundll32 mmhid.dll,StartMmHid
O4 - HKLM\..\Run: [AT&T WorldNet Update Program] C:\PROGRA~1\WORLDNET\WNS25\Update\lgcsetup.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [kuuhuqrefscul] C:\WINDOWS\SYSTEM\faghmi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [7Cmea] C:\QHGYHXQ.EXE
O4 - HKLM\..\Run: [dinst]
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138173744\ee\AOLHostManager.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKCU\..\Run: [Bwth] "C:\WINDOWS\rari\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [Lwhqd] C:\WINDOWS\Eaap\wrh.exe
O4 - Startup: 3-Button Mouse.lnk = C:\Program Files\3-Button Mouse\Scw32.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} - http://www.therealyellowpageslive.net/live/ezinit.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 

·
Security Team (ret.)
Joined
·
7,403 Posts
Hi....


Please download, update and run (one at a time of course!) Spybot Search & Destroy v1.4 and Ad-aware SE v1.06 . Fix whatever they suggest.

If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer:

Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.

Anti-trojan
Please download, update and run the A2 (A squared) anti-trojan. Let it fix whatever it wants to.

Anti-virus
Also, run this pc through the...
Panda Online virus scanner
or
Trend Micro Housecall Online virus scanner

Let it delete whatever it finds. If it cannot delete it, then post the log and we will delete it manually.


Reboot and post a new HJT log when done.
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #3 ·
Any better?

I took your advice and ran all the suggested programs (quite an undertaking on her 28.8 dialup). They each found several problems, and I did delete them. I rebooted and took another scan. However, this scan still looks awful long. Any advice is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:27:46 PM, on 12/24/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\RARI\MSDTC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EAAP\WRH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\3-BUTTON MOUSE\SCW32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1138173744\EE\AOLHOSTMANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1138173744\EE\AOLSERVICEHOST.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1138173744\EE\SERVICES\ANTISPYWAREAPP\VER2_0_7\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1138173744\EE\AOLSERVICEHOST.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://zoosecret.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zoosecret.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {81B84A5E-FBBD-F44E-9AFF-F0FA3FDF3B91} - C:\WINDOWS\SYSTEM\AEOKAE.DLL
O2 - BHO: (no name) - {B82E53B8-E95E-EBA8-7BE1-B19EF865079A} - C:\WINDOWS\SYSTEM\SLHXBJ.DLL (file missing)
O2 - BHO: (no name) - {81B84A5E-FBBD-F44E-9AFF-F0FA3FDF3B91} - C:\WINDOWS\SYSTEM\AEOKAE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [MMHID] rundll32 mmhid.dll,StartMmHid
O4 - HKLM\..\Run: [AT&T WorldNet Update Program] C:\PROGRA~1\WORLDNET\WNS25\Update\lgcsetup.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [kuuhuqrefscul] C:\WINDOWS\SYSTEM\faghmi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [7Cmea] C:\QHGYHXQ.EXE
O4 - HKLM\..\Run: [dinst]
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138173744\ee\AOLHostManager.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKCU\..\Run: [Bwth] "C:\WINDOWS\rari\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [Lwhqd] C:\WINDOWS\Eaap\wrh.exe
O4 - Startup: 3-Button Mouse.lnk = C:\Program Files\3-Button Mouse\Scw32.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} - http://www.therealyellowpageslive.net/live/ezinit.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 

·
Security Team (ret.)
Joined
·
7,403 Posts
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


R3 - URLSearchHook: (no name) - {81B84A5E-FBBD-F44E-9AFF-F0FA3FDF3B91} - C:\WINDOWS\SYSTEM\AEOKAE.DLL
O2 - BHO: (no name) - {B82E53B8-E95E-EBA8-7BE1-B19EF865079A} - C:\WINDOWS\SYSTEM\SLHXBJ.DLL (file missing)
O2 - BHO: (no name) - {81B84A5E-FBBD-F44E-9AFF-F0FA3FDF3B91} - C:\WINDOWS\SYSTEM\AEOKAE.DLL
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O4 - HKLM\..\Run: [kuuhuqrefscul] C:\WINDOWS\SYSTEM\faghmi.exe
O4 - HKLM\..\Run: [7Cmea] C:\QHGYHXQ.EXE
O4 - HKLM\..\Run: [dinst]
O4 - HKCU\..\Run: [Bwth] "C:\WINDOWS\rari\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [Lwhqd] C:\WINDOWS\Eaap\wrh.exe


Open Windows Explorer and delete the following highlighted file/s

C:\WINDOWS\SYSTEM\AEOKAE.DLL
C:\WINDOWS\SYSTEM\faghmi.exe
C:\QHGYHXQ.EXE
C:\WINDOWS\Eaap\wrh.exe

Reboot and post a new log....
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top