EXE & Shortcut Errors on Startup

Discussion in 'adware, spyware & hijack cleaning' started by mudkitty, Apr 1, 2004.

Thread Status:
Not open for further replies.
  1. mudkitty

    mudkitty Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    4
    EXE & Shortcut Errors on startup
    Need some help here guys!

    While looking for a solution to this problem, I have noticed a few others with the same problem, but no one seems to know what to do, so hopefully you wizzes out there can help.

    On one of our computers we are running Win98. After the pc loads, we immediately get a pop up saying
    "Missing Shortcut - Windows is searching for morze1.exe (or any another random file, e.g. a5qqoqlj.exe) To locate file yourself click browse"
    if you cancel it just pops up another one. Then it will pop up
    "Problem with Shortcut - file has been moved or changed. the nearest match is ** (a another random file) Do you want to point to this file"
    You cant get rid of it.

    If we look at our msconfig, it is continously adding these random files to our startup.

    We ran a hijackthis log: you can access it at www.aokoffice.com/hijackthis.log
    I am a novice to hijackthis program, so i have made no changes to it. We have ran virus programs, nothing found and have ran Adaware with the lastest update.

    Any ideas, thoughts or suggestions? Also, not sure if it is related, we also cannot click on the start bar or taskbar.

    Thanks for any help,

    Lisa

    Logfile of HijackThis v1.97.7
    Scan saved at 11:52:31 AM, on 4/1/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\SHARP\LASER MULTIFUNCTION\MFPSS\STATSRV\SPSTSRV32.EXE
    C:\PROGRAM FILES\SHARP\LASER MULTIFUNCTION\SPEMAILASSIST.EXE
    C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
    C:\WINDOWS\SYSTEM\DEVMONX.EXE
    C:\PROGRAM FILES\SHARP\SHARPDESK\SHARPTRAY.EXE
    C:\PROGRAM FILES\SHARP\LASER MULTIFUNCTION\MFPSS\STATCLI\SPSTCLI32.EXE
    C:\WINDOWS\Twunk_16.exe
    C:\PROGRAM FILES\SHARP\LASER MULTIFUNCTION\MFPSS\STATCLI\SPSTDISP32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\C7UO9YJR.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
    O3 - Toolbar: (no name) - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [Conexant3] C:\PROGRA~1\SHARP\LASERM~1\MFPSS\STATSRV\SPSTSR~1.EXE
    O4 - HKLM\..\Run: [Conexant4] C:\PROGRA~1\SHARP\LASERM~1\SPEMAI~1.EXE
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [C7UO9YJR.EXE] C:\WINDOWS\C7UO9YJR.EXE /dk
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [C7UO9YJR.EXE] C:\WINDOWS\C7UO9YJR.EXE /dk
    O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\SHERI\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
    O4 - Startup: MORZE2.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: GXNN1FV5.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: P2800OTO.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: ZRUNYNV0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: OMTX8A83.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: 0AB9UM8N.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: MIAKQPQD.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: WB4LF8Y3.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: 60H0P5BM.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: 89ROM048.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: FTA3Y9A0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - Startup: C9TKX30G.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - Startup: PIN20JFJ.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - Startup: 7PNQ9F3G.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: EQ1HIUEA.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: THAQJU4I.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: MLTY3KZ6.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - Startup: 0Y5K5RON.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - Startup: UU62ICD3.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: TU5WNWP2.lnk = C:\WINDOWS\tu5wnwp2.exe
    O4 - Startup: TUXMQMEN.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - Startup: VU1YZANM.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - Startup: XH2IZXA1.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - Startup: 0VHB9IJ0.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - Startup: D9Y3B1DN.lnk = C:\WINDOWS\d9y3b1dn.exe
    O4 - Startup: 5RN5A0GH.lnk = C:\WINDOWS\51eo7w23.exe
    O4 - Startup: 51EO7W23.lnk = C:\WINDOWS\51eo7w23.exe
    O4 - Startup: C8T1K5K0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: LQFOHHYN.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: 03BYRI2Z.lnk = C:\WINDOWS\03byri2z.exe
    O4 - Startup: I0DFYL30.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - Startup: G0R7H28R.lnk = C:\WINDOWS\g0r7h28r.exe
    O4 - Startup: OD9G0TBQ.lnk = C:\WINDOWS\od9g0tbq.exe
    O4 - Startup: 74LGBQ0P.lnk = C:\WINDOWS\74lgbq0p.exe
    O4 - Startup: 6OZZWJLL.lnk = C:\WINDOWS\6ozzwjll.exe
    O4 - Startup: P038GBJD.lnk = C:\WINDOWS\p038gbjd.exe
    O4 - Startup: E29FU2L7.lnk = C:\WINDOWS\e29fu2l7.exe
    O4 - Startup: BKDJRWN1.lnk = C:\WINDOWS\bkdjrwn1.exe
    O4 - Startup: HIQTYMY5.lnk = C:\WINDOWS\hiqtymy5.exe
    O4 - Startup: D8CNAM35.lnk = C:\WINDOWS\d8cnam35.exe
    O4 - Startup: 0UXGLBKT.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - Startup: G67600GW.lnk = C:\WINDOWS\tu5wnwp2.exe
    O4 - Startup: 33UU42E2.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - Startup: XZQE31LI.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - Startup: 7BFNII2T.lnk = C:\WINDOWS\7bfnii2t.exe
    O4 - Startup: JJ0UYIAE.lnk = C:\WINDOWS\d0nzf0uz.exe
    O4 - Startup: C6XT9DXB.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - Startup: 16ZL27DZ.lnk = C:\WINDOWS\16zl27dz.exe
    O4 - Startup: MIQY4VH1.lnk = C:\WINDOWS\miqy4vh1.exe
    O4 - Startup: MHFKRT8D.lnk = C:\WINDOWS\mhfkrt8d.exe
    O4 - Startup: E6AWAFLO.lnk = C:\WINDOWS\e6awaflo.exe
    O4 - Startup: WQM4NBM1.lnk = C:\WINDOWS\wqm4nbm1.exe
    O4 - Startup: 15RLZJ6O.lnk = C:\WINDOWS\15rlzj6o.exe
    O4 - Startup: 4HN4FHOH.lnk = C:\WINDOWS\4hn4fhoh.exe
    O4 - Startup: JOT0THOE.lnk = C:\WINDOWS\jot0thoe.exe
    O4 - Startup: 44TUJ1H3.lnk = C:\WINDOWS\44tuj1h3.exe
    O4 - Startup: TU3FMH2N.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - Startup: KJTI4UWC.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - Startup: QCD9TJKQ.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - Startup: DE3WRZFD.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - Startup: Z20112XE.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - Startup: 0KNAUA9E.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - Startup: 91OY3V1Z.lnk = C:\WINDOWS\91oy3v1z.exe
    O4 - Startup: 2WYM0NJ0.lnk = C:\WINDOWS\2wym0nj0.exe
    O4 - Startup: ZKAM5LT3.lnk = C:\WINDOWS\zkam5lt3.exe
    O4 - Startup: 6GRC2HDT.lnk = C:\WINDOWS\6grc2hdt.exe
    O4 - Startup: 8I9T1L31.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - Startup: CF93E62R.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - Startup: 5L7DKOD5.lnk = C:\WINDOWS\5l7dkod5.exe
    O4 - Startup: YLOBMUK9.lnk = C:\WINDOWS\ylobmuk9.exe
    O4 - Startup: K20PJY1I.lnk = C:\WINDOWS\k20pjy1i.exe
    O4 - Startup: RUC8C9JJ.lnk = C:\WINDOWS\ruc8c9jj.exe
    O4 - Startup: 0PXP0B3C.lnk = C:\WINDOWS\0pxp0b3c.exe
    O4 - Startup: D0NZF0UZ.lnk = C:\WINDOWS\d0nzf0uz.exe
    O4 - Startup: G99VC4YK.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - Startup: HB3RKLX9.lnk = C:\WINDOWS\hb3rklx9.exe
    O4 - Startup: 75BDO96P.lnk = C:\WINDOWS\75bdo96p.exe
    O4 - Startup: MAZ2NACZ.lnk = C:\WINDOWS\maz2nacz.exe
    O4 - Startup: YN04MU8N.lnk = C:\WINDOWS\yn04mu8n.exe
    O4 - Startup: MTPYZCCR.lnk = C:\WINDOWS\mtpyzccr.exe
    O4 - Startup: 1Q16FV45.lnk = C:\WINDOWS\1q16fv45.exe
    O4 - Startup: 8KFAZR99.lnk = C:\WINDOWS\8kfazr99.exe
    O4 - Startup: XH78QJ2A.lnk = C:\WINDOWS\xh78qj2a.exe
    O4 - Startup: 183OFRXT.lnk = C:\WINDOWS\183ofrxt.exe
    O4 - Startup: 4BE9CWH5.lnk = C:\WINDOWS\4be9cwh5.exe
    O4 - Startup: L0F89J00.lnk = C:\WINDOWS\l0f89j00.exe
    O4 - Startup: 2TEHBB6P.lnk = C:\WINDOWS\2tehbb6p.exe
    O4 - Startup: A5QQOQ1J.lnk = C:\WINDOWS\a5qqoq1j.exe
    O4 - Startup: ZJKAH6O0.lnk = C:\WINDOWS\zjkah6o0.exe
    O4 - Startup: N5B6CW80.lnk = C:\WINDOWS\n5b6cw80.exe
    O4 - Startup: TVX9E7VK.lnk = C:\WINDOWS\tvx9e7vk.exe
    O4 - Startup: 9IJAUILU.lnk = C:\WINDOWS\9ijauilu.exe
    O4 - Startup: J721C5B0.lnk = C:\WINDOWS\j721c5b0.exe
    O4 - Startup: 7IJUY1O6.lnk = C:\WINDOWS\7ijuy1o6.exe
    O4 - Startup: 257GM903.lnk = C:\WINDOWS\257gm903.exe
    O4 - Startup: 0VQCJ1KI.lnk = C:\WINDOWS\0vqcj1ki.exe
    O4 - Startup: QP9IFT6Z.lnk = C:\WINDOWS\qp9ift6z.exe
    O4 - Startup: E14OP80J.lnk = C:\WINDOWS\e14op80j.exe
    O4 - Startup: M0BKDVFO.lnk = C:\WINDOWS\m0bkdvfo.exe
    O4 - Startup: KV07WAVJ.lnk = C:\WINDOWS\kv07wavj.exe
    O4 - Startup: LVILVP92.lnk = C:\WINDOWS\lvilvp92.exe
    O4 - Startup: WN8205MR.lnk = C:\WINDOWS\wn8205mr.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
    O4 - Startup: C7UO9YJR.lnk = C:\WINDOWS\c7uo9yjr.exe
    O4 - User Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\SHERI\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
    O4 - User Startup: MORZE2.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: GXNN1FV5.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: P2800OTO.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: ZRUNYNV0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: OMTX8A83.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: 0AB9UM8N.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: MIAKQPQD.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: WB4LF8Y3.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: 60H0P5BM.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: 89ROM048.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: FTA3Y9A0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - User Startup: C9TKX30G.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - User Startup: PIN20JFJ.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - User Startup: 7PNQ9F3G.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: EQ1HIUEA.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: THAQJU4I.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: MLTY3KZ6.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - User Startup: 0Y5K5RON.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - User Startup: UU62ICD3.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: TU5WNWP2.lnk = C:\WINDOWS\tu5wnwp2.exe
    O4 - User Startup: TUXMQMEN.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - User Startup: VU1YZANM.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - User Startup: XH2IZXA1.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - User Startup: 0VHB9IJ0.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - User Startup: D9Y3B1DN.lnk = C:\WINDOWS\d9y3b1dn.exe
    O4 - User Startup: 5RN5A0GH.lnk = C:\WINDOWS\51eo7w23.exe
    O4 - User Startup: 51EO7W23.lnk = C:\WINDOWS\51eo7w23.exe
    O4 - User Startup: C8T1K5K0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: LQFOHHYN.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: 03BYRI2Z.lnk = C:\WINDOWS\03byri2z.exe
    O4 - User Startup: I0DFYL30.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - User Startup: G0R7H28R.lnk = C:\WINDOWS\g0r7h28r.exe
    O4 - User Startup: OD9G0TBQ.lnk = C:\WINDOWS\od9g0tbq.exe
    O4 - User Startup: 74LGBQ0P.lnk = C:\WINDOWS\74lgbq0p.exe
    O4 - User Startup: 6OZZWJLL.lnk = C:\WINDOWS\6ozzwjll.exe
    O4 - User Startup: P038GBJD.lnk = C:\WINDOWS\p038gbjd.exe
    O4 - User Startup: E29FU2L7.lnk = C:\WINDOWS\e29fu2l7.exe
    O4 - User Startup: BKDJRWN1.lnk = C:\WINDOWS\bkdjrwn1.exe
    O4 - User Startup: HIQTYMY5.lnk = C:\WINDOWS\hiqtymy5.exe
    O4 - User Startup: D8CNAM35.lnk = C:\WINDOWS\d8cnam35.exe
    O4 - User Startup: 0UXGLBKT.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - User Startup: G67600GW.lnk = C:\WINDOWS\tu5wnwp2.exe
    O4 - User Startup: 33UU42E2.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - User Startup: XZQE31LI.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - User Startup: 7BFNII2T.lnk = C:\WINDOWS\7bfnii2t.exe
    O4 - User Startup: JJ0UYIAE.lnk = C:\WINDOWS\d0nzf0uz.exe
    O4 - User Startup: C6XT9DXB.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - User Startup: 16ZL27DZ.lnk = C:\WINDOWS\16zl27dz.exe
    O4 - User Startup: MIQY4VH1.lnk = C:\WINDOWS\miqy4vh1.exe
    O4 - User Startup: MHFKRT8D.lnk = C:\WINDOWS\mhfkrt8d.exe
    O4 - User Startup: E6AWAFLO.lnk = C:\WINDOWS\e6awaflo.exe
    O4 - User Startup: WQM4NBM1.lnk = C:\WINDOWS\wqm4nbm1.exe
    O4 - User Startup: 15RLZJ6O.lnk = C:\WINDOWS\15rlzj6o.exe
    O4 - User Startup: 4HN4FHOH.lnk = C:\WINDOWS\4hn4fhoh.exe
    O4 - User Startup: JOT0THOE.lnk = C:\WINDOWS\jot0thoe.exe
    O4 - User Startup: 44TUJ1H3.lnk = C:\WINDOWS\44tuj1h3.exe
    O4 - User Startup: TU3FMH2N.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - User Startup: KJTI4UWC.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - User Startup: QCD9TJKQ.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - User Startup: DE3WRZFD.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - User Startup: Z20112XE.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - User Startup: 0KNAUA9E.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - User Startup: 91OY3V1Z.lnk = C:\WINDOWS\91oy3v1z.exe
    O4 - User Startup: 2WYM0NJ0.lnk = C:\WINDOWS\2wym0nj0.exe
    O4 - User Startup: ZKAM5LT3.lnk = C:\WINDOWS\zkam5lt3.exe
    O4 - User Startup: 6GRC2HDT.lnk = C:\WINDOWS\6grc2hdt.exe
    O4 - User Startup: 8I9T1L31.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - User Startup: CF93E62R.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - User Startup: 5L7DKOD5.lnk = C:\WINDOWS\5l7dkod5.exe
    O4 - User Startup: YLOBMUK9.lnk = C:\WINDOWS\ylobmuk9.exe
    O4 - User Startup: K20PJY1I.lnk = C:\WINDOWS\k20pjy1i.exe
    O4 - User Startup: RUC8C9JJ.lnk = C:\WINDOWS\ruc8c9jj.exe
    O4 - User Startup: 0PXP0B3C.lnk = C:\WINDOWS\0pxp0b3c.exe
    O4 - User Startup: D0NZF0UZ.lnk = C:\WINDOWS\d0nzf0uz.exe
    O4 - User Startup: G99VC4YK.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - User Startup: HB3RKLX9.lnk = C:\WINDOWS\hb3rklx9.exe
    O4 - User Startup: 75BDO96P.lnk = C:\WINDOWS\75bdo96p.exe
    O4 - User Startup: MAZ2NACZ.lnk = C:\WINDOWS\maz2nacz.exe
    O4 - User Startup: YN04MU8N.lnk = C:\WINDOWS\yn04mu8n.exe
    O4 - User Startup: MTPYZCCR.lnk = C:\WINDOWS\mtpyzccr.exe
    O4 - User Startup: 1Q16FV45.lnk = C:\WINDOWS\1q16fv45.exe
    O4 - User Startup: 8KFAZR99.lnk = C:\WINDOWS\8kfazr99.exe
    O4 - User Startup: XH78QJ2A.lnk = C:\WINDOWS\xh78qj2a.exe
    O4 - User Startup: 183OFRXT.lnk = C:\WINDOWS\183ofrxt.exe
    O4 - User Startup: 4BE9CWH5.lnk = C:\WINDOWS\4be9cwh5.exe
    O4 - User Startup: L0F89J00.lnk = C:\WINDOWS\l0f89j00.exe
    O4 - User Startup: 2TEHBB6P.lnk = C:\WINDOWS\2tehbb6p.exe
    O4 - User Startup: A5QQOQ1J.lnk = C:\WINDOWS\a5qqoq1j.exe
    O4 - User Startup: ZJKAH6O0.lnk = C:\WINDOWS\zjkah6o0.exe
    O4 - User Startup: N5B6CW80.lnk = C:\WINDOWS\n5b6cw80.exe
    O4 - User Startup: TVX9E7VK.lnk = C:\WINDOWS\tvx9e7vk.exe
    O4 - User Startup: 9IJAUILU.lnk = C:\WINDOWS\9ijauilu.exe
    O4 - User Startup: J721C5B0.lnk = C:\WINDOWS\j721c5b0.exe
    O4 - User Startup: 7IJUY1O6.lnk = C:\WINDOWS\7ijuy1o6.exe
    O4 - User Startup: 257GM903.lnk = C:\WINDOWS\257gm903.exe
    O4 - User Startup: 0VQCJ1KI.lnk = C:\WINDOWS\0vqcj1ki.exe
    O4 - User Startup: QP9IFT6Z.lnk = C:\WINDOWS\qp9ift6z.exe
    O4 - User Startup: E14OP80J.lnk = C:\WINDOWS\e14op80j.exe
    O4 - User Startup: M0BKDVFO.lnk = C:\WINDOWS\m0bkdvfo.exe
    O4 - User Startup: KV07WAVJ.lnk = C:\WINDOWS\kv07wavj.exe
    O4 - User Startup: LVILVP92.lnk = C:\WINDOWS\lvilvp92.exe
    O4 - User Startup: WN8205MR.lnk = C:\WINDOWS\wn8205mr.exe
    O4 - User Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
    O4 - User Startup: C7UO9YJR.lnk = C:\WINDOWS\c7uo9yjr.exe
    O4 - Global Startup: A5QQOQ1J.lnk = C:\WINDOWS\a5qqoq1j.exe
    O4 - Global Startup: ZJKAH6O0.lnk = C:\WINDOWS\zjkah6o0.exe
    O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - Global Startup: N5B6CW80.lnk = C:\WINDOWS\n5b6cw80.exe
    O4 - Global Startup: TVX9E7VK.lnk = C:\WINDOWS\tvx9e7vk.exe
    O4 - Global Startup: 0KNAUA9E.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - Global Startup: C6XT9DXB.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - Global Startup: 9IJAUILU.lnk = C:\WINDOWS\9ijauilu.exe
    O4 - Global Startup: J721C5B0.lnk = C:\WINDOWS\j721c5b0.exe
    O4 - Global Startup: 7IJUY1O6.lnk = C:\WINDOWS\7ijuy1o6.exe
    O4 - Global Startup: 257GM903.lnk = C:\WINDOWS\257gm903.exe
    O4 - Global Startup: QP9IFT6Z.lnk = C:\WINDOWS\qp9ift6z.exe
    O4 - Global Startup: 0VQCJ1KI.lnk = C:\WINDOWS\0vqcj1ki.exe
    O4 - Global Startup: E14OP80J.lnk = C:\WINDOWS\e14op80j.exe
    O4 - Global Startup: M0BKDVFO.lnk = C:\WINDOWS\m0bkdvfo.exe
    O4 - Global Startup: 03BYRI2Z.lnk = C:\WINDOWS\03byri2z.exe
    O4 - Global Startup: KV07WAVJ.lnk = C:\WINDOWS\kv07wavj.exe
    O4 - Global Startup: LVILVP92.lnk = C:\WINDOWS\lvilvp92.exe
    O4 - Global Startup: WN8205MR.lnk = C:\WINDOWS\wn8205mr.exe
    O4 - Global Startup: C7UO9YJR.lnk = C:\WINDOWS\c7uo9yjr.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O12 - Plugin for .PDF: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37902.512974537
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {8E0B62E8-7811-4287-8026-9FE822D326B8} - http://www.webcademy.com/downloads/Install/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.9.27.1/ttinst.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

    edited by dvk01 to post hjt log
     
    mudkitty, Apr 1, 2004
    #1
  2. M2S

    M2S Registered Member

    Joined:
    Mar 20, 2004
    Posts:
    12
    mudkitty

    I would be better if you post your log here as a reply, instead of linking to a website.
     
    M2S, Apr 1, 2004
    #2
  3. mudkitty

    mudkitty Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    4
    Okay, Thanks!

    Logfile of HijackThis v1.97.7
    Scan saved at 11:52:31 AM, on 4/1/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\SHARP\LASER MULTIFUNCTION\MFPSS\STATSRV\SPSTSRV32.EXE
    C:\PROGRAM FILES\SHARP\LASER MULTIFUNCTION\SPEMAILASSIST.EXE
    C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
    C:\WINDOWS\SYSTEM\DEVMONX.EXE
    C:\PROGRAM FILES\SHARP\SHARPDESK\SHARPTRAY.EXE
    C:\PROGRAM FILES\SHARP\LASER MULTIFUNCTION\MFPSS\STATCLI\SPSTCLI32.EXE
    C:\WINDOWS\Twunk_16.exe
    C:\PROGRAM FILES\SHARP\LASER MULTIFUNCTION\MFPSS\STATCLI\SPSTDISP32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\C7UO9YJR.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
    O3 - Toolbar: (no name) - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [Conexant3] C:\PROGRA~1\SHARP\LASERM~1\MFPSS\STATSRV\SPSTSR~1.EXE
    O4 - HKLM\..\Run: [Conexant4] C:\PROGRA~1\SHARP\LASERM~1\SPEMAI~1.EXE
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [C7UO9YJR.EXE] C:\WINDOWS\C7UO9YJR.EXE /dk
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [C7UO9YJR.EXE] C:\WINDOWS\C7UO9YJR.EXE /dk
    O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\SHERI\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
    O4 - Startup: MORZE2.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: GXNN1FV5.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: P2800OTO.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: ZRUNYNV0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: OMTX8A83.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: 0AB9UM8N.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: MIAKQPQD.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: WB4LF8Y3.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: 60H0P5BM.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: 89ROM048.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: FTA3Y9A0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - Startup: C9TKX30G.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - Startup: PIN20JFJ.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - Startup: 7PNQ9F3G.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: EQ1HIUEA.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: THAQJU4I.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: MLTY3KZ6.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - Startup: 0Y5K5RON.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - Startup: UU62ICD3.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: TU5WNWP2.lnk = C:\WINDOWS\tu5wnwp2.exe
    O4 - Startup: TUXMQMEN.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - Startup: VU1YZANM.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - Startup: XH2IZXA1.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - Startup: 0VHB9IJ0.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - Startup: D9Y3B1DN.lnk = C:\WINDOWS\d9y3b1dn.exe
    O4 - Startup: 5RN5A0GH.lnk = C:\WINDOWS\51eo7w23.exe
    O4 - Startup: 51EO7W23.lnk = C:\WINDOWS\51eo7w23.exe
    O4 - Startup: C8T1K5K0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: LQFOHHYN.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - Startup: 03BYRI2Z.lnk = C:\WINDOWS\03byri2z.exe
    O4 - Startup: I0DFYL30.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - Startup: G0R7H28R.lnk = C:\WINDOWS\g0r7h28r.exe
    O4 - Startup: OD9G0TBQ.lnk = C:\WINDOWS\od9g0tbq.exe
    O4 - Startup: 74LGBQ0P.lnk = C:\WINDOWS\74lgbq0p.exe
    O4 - Startup: 6OZZWJLL.lnk = C:\WINDOWS\6ozzwjll.exe
    O4 - Startup: P038GBJD.lnk = C:\WINDOWS\p038gbjd.exe
    O4 - Startup: E29FU2L7.lnk = C:\WINDOWS\e29fu2l7.exe
    O4 - Startup: BKDJRWN1.lnk = C:\WINDOWS\bkdjrwn1.exe
    O4 - Startup: HIQTYMY5.lnk = C:\WINDOWS\hiqtymy5.exe
    O4 - Startup: D8CNAM35.lnk = C:\WINDOWS\d8cnam35.exe
    O4 - Startup: 0UXGLBKT.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - Startup: G67600GW.lnk = C:\WINDOWS\tu5wnwp2.exe
    O4 - Startup: 33UU42E2.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - Startup: XZQE31LI.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - Startup: 7BFNII2T.lnk = C:\WINDOWS\7bfnii2t.exe
    O4 - Startup: JJ0UYIAE.lnk = C:\WINDOWS\d0nzf0uz.exe
    O4 - Startup: C6XT9DXB.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - Startup: 16ZL27DZ.lnk = C:\WINDOWS\16zl27dz.exe
    O4 - Startup: MIQY4VH1.lnk = C:\WINDOWS\miqy4vh1.exe
    O4 - Startup: MHFKRT8D.lnk = C:\WINDOWS\mhfkrt8d.exe
    O4 - Startup: E6AWAFLO.lnk = C:\WINDOWS\e6awaflo.exe
    O4 - Startup: WQM4NBM1.lnk = C:\WINDOWS\wqm4nbm1.exe
    O4 - Startup: 15RLZJ6O.lnk = C:\WINDOWS\15rlzj6o.exe
    O4 - Startup: 4HN4FHOH.lnk = C:\WINDOWS\4hn4fhoh.exe
    O4 - Startup: JOT0THOE.lnk = C:\WINDOWS\jot0thoe.exe
    O4 - Startup: 44TUJ1H3.lnk = C:\WINDOWS\44tuj1h3.exe
    O4 - Startup: TU3FMH2N.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - Startup: KJTI4UWC.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - Startup: QCD9TJKQ.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - Startup: DE3WRZFD.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - Startup: Z20112XE.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - Startup: 0KNAUA9E.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - Startup: 91OY3V1Z.lnk = C:\WINDOWS\91oy3v1z.exe
    O4 - Startup: 2WYM0NJ0.lnk = C:\WINDOWS\2wym0nj0.exe
    O4 - Startup: ZKAM5LT3.lnk = C:\WINDOWS\zkam5lt3.exe
    O4 - Startup: 6GRC2HDT.lnk = C:\WINDOWS\6grc2hdt.exe
    O4 - Startup: 8I9T1L31.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - Startup: CF93E62R.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - Startup: 5L7DKOD5.lnk = C:\WINDOWS\5l7dkod5.exe
    O4 - Startup: YLOBMUK9.lnk = C:\WINDOWS\ylobmuk9.exe
    O4 - Startup: K20PJY1I.lnk = C:\WINDOWS\k20pjy1i.exe
    O4 - Startup: RUC8C9JJ.lnk = C:\WINDOWS\ruc8c9jj.exe
    O4 - Startup: 0PXP0B3C.lnk = C:\WINDOWS\0pxp0b3c.exe
    O4 - Startup: D0NZF0UZ.lnk = C:\WINDOWS\d0nzf0uz.exe
    O4 - Startup: G99VC4YK.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - Startup: HB3RKLX9.lnk = C:\WINDOWS\hb3rklx9.exe
    O4 - Startup: 75BDO96P.lnk = C:\WINDOWS\75bdo96p.exe
    O4 - Startup: MAZ2NACZ.lnk = C:\WINDOWS\maz2nacz.exe
    O4 - Startup: YN04MU8N.lnk = C:\WINDOWS\yn04mu8n.exe
    O4 - Startup: MTPYZCCR.lnk = C:\WINDOWS\mtpyzccr.exe
    O4 - Startup: 1Q16FV45.lnk = C:\WINDOWS\1q16fv45.exe
    O4 - Startup: 8KFAZR99.lnk = C:\WINDOWS\8kfazr99.exe
    O4 - Startup: XH78QJ2A.lnk = C:\WINDOWS\xh78qj2a.exe
    O4 - Startup: 183OFRXT.lnk = C:\WINDOWS\183ofrxt.exe
    O4 - Startup: 4BE9CWH5.lnk = C:\WINDOWS\4be9cwh5.exe
    O4 - Startup: L0F89J00.lnk = C:\WINDOWS\l0f89j00.exe
    O4 - Startup: 2TEHBB6P.lnk = C:\WINDOWS\2tehbb6p.exe
    O4 - Startup: A5QQOQ1J.lnk = C:\WINDOWS\a5qqoq1j.exe
    O4 - Startup: ZJKAH6O0.lnk = C:\WINDOWS\zjkah6o0.exe
    O4 - Startup: N5B6CW80.lnk = C:\WINDOWS\n5b6cw80.exe
    O4 - Startup: TVX9E7VK.lnk = C:\WINDOWS\tvx9e7vk.exe
    O4 - Startup: 9IJAUILU.lnk = C:\WINDOWS\9ijauilu.exe
    O4 - Startup: J721C5B0.lnk = C:\WINDOWS\j721c5b0.exe
    O4 - Startup: 7IJUY1O6.lnk = C:\WINDOWS\7ijuy1o6.exe
    O4 - Startup: 257GM903.lnk = C:\WINDOWS\257gm903.exe
    O4 - Startup: 0VQCJ1KI.lnk = C:\WINDOWS\0vqcj1ki.exe
    O4 - Startup: QP9IFT6Z.lnk = C:\WINDOWS\qp9ift6z.exe
    O4 - Startup: E14OP80J.lnk = C:\WINDOWS\e14op80j.exe
    O4 - Startup: M0BKDVFO.lnk = C:\WINDOWS\m0bkdvfo.exe
    O4 - Startup: KV07WAVJ.lnk = C:\WINDOWS\kv07wavj.exe
    O4 - Startup: LVILVP92.lnk = C:\WINDOWS\lvilvp92.exe
    O4 - Startup: WN8205MR.lnk = C:\WINDOWS\wn8205mr.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
    O4 - Startup: C7UO9YJR.lnk = C:\WINDOWS\c7uo9yjr.exe
    O4 - User Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\SHERI\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
    O4 - User Startup: MORZE2.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: GXNN1FV5.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: P2800OTO.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: ZRUNYNV0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: OMTX8A83.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: 0AB9UM8N.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: MIAKQPQD.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: WB4LF8Y3.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: 60H0P5BM.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: 89ROM048.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: FTA3Y9A0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - User Startup: C9TKX30G.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - User Startup: PIN20JFJ.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - User Startup: 7PNQ9F3G.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: EQ1HIUEA.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: THAQJU4I.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: MLTY3KZ6.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - User Startup: 0Y5K5RON.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - User Startup: UU62ICD3.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: TU5WNWP2.lnk = C:\WINDOWS\tu5wnwp2.exe
    O4 - User Startup: TUXMQMEN.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - User Startup: VU1YZANM.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - User Startup: XH2IZXA1.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - User Startup: 0VHB9IJ0.lnk = C:\WINDOWS\0vhb9ij0.exe
    O4 - User Startup: D9Y3B1DN.lnk = C:\WINDOWS\d9y3b1dn.exe
    O4 - User Startup: 5RN5A0GH.lnk = C:\WINDOWS\51eo7w23.exe
    O4 - User Startup: 51EO7W23.lnk = C:\WINDOWS\51eo7w23.exe
    O4 - User Startup: C8T1K5K0.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: LQFOHHYN.lnk = C:\WINDOWS\8i9t1l31.exe
    O4 - User Startup: 03BYRI2Z.lnk = C:\WINDOWS\03byri2z.exe
    O4 - User Startup: I0DFYL30.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - User Startup: G0R7H28R.lnk = C:\WINDOWS\g0r7h28r.exe
    O4 - User Startup: OD9G0TBQ.lnk = C:\WINDOWS\od9g0tbq.exe
    O4 - User Startup: 74LGBQ0P.lnk = C:\WINDOWS\74lgbq0p.exe
    O4 - User Startup: 6OZZWJLL.lnk = C:\WINDOWS\6ozzwjll.exe
    O4 - User Startup: P038GBJD.lnk = C:\WINDOWS\p038gbjd.exe
    O4 - User Startup: E29FU2L7.lnk = C:\WINDOWS\e29fu2l7.exe
    O4 - User Startup: BKDJRWN1.lnk = C:\WINDOWS\bkdjrwn1.exe
    O4 - User Startup: HIQTYMY5.lnk = C:\WINDOWS\hiqtymy5.exe
    O4 - User Startup: D8CNAM35.lnk = C:\WINDOWS\d8cnam35.exe
    O4 - User Startup: 0UXGLBKT.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - User Startup: G67600GW.lnk = C:\WINDOWS\tu5wnwp2.exe
    O4 - User Startup: 33UU42E2.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - User Startup: XZQE31LI.lnk = C:\WINDOWS\jj0uyiae.exe
    O4 - User Startup: 7BFNII2T.lnk = C:\WINDOWS\7bfnii2t.exe
    O4 - User Startup: JJ0UYIAE.lnk = C:\WINDOWS\d0nzf0uz.exe
    O4 - User Startup: C6XT9DXB.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - User Startup: 16ZL27DZ.lnk = C:\WINDOWS\16zl27dz.exe
    O4 - User Startup: MIQY4VH1.lnk = C:\WINDOWS\miqy4vh1.exe
    O4 - User Startup: MHFKRT8D.lnk = C:\WINDOWS\mhfkrt8d.exe
    O4 - User Startup: E6AWAFLO.lnk = C:\WINDOWS\e6awaflo.exe
    O4 - User Startup: WQM4NBM1.lnk = C:\WINDOWS\wqm4nbm1.exe
    O4 - User Startup: 15RLZJ6O.lnk = C:\WINDOWS\15rlzj6o.exe
    O4 - User Startup: 4HN4FHOH.lnk = C:\WINDOWS\4hn4fhoh.exe
    O4 - User Startup: JOT0THOE.lnk = C:\WINDOWS\jot0thoe.exe
    O4 - User Startup: 44TUJ1H3.lnk = C:\WINDOWS\44tuj1h3.exe
    O4 - User Startup: TU3FMH2N.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - User Startup: KJTI4UWC.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - User Startup: QCD9TJKQ.lnk = C:\WINDOWS\cf93e62r.exe
    O4 - User Startup: DE3WRZFD.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - User Startup: Z20112XE.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - User Startup: 0KNAUA9E.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - User Startup: 91OY3V1Z.lnk = C:\WINDOWS\91oy3v1z.exe
    O4 - User Startup: 2WYM0NJ0.lnk = C:\WINDOWS\2wym0nj0.exe
    O4 - User Startup: ZKAM5LT3.lnk = C:\WINDOWS\zkam5lt3.exe
    O4 - User Startup: 6GRC2HDT.lnk = C:\WINDOWS\6grc2hdt.exe
    O4 - User Startup: 8I9T1L31.lnk = C:\WINDOWS\xh2izxa1.exe
    O4 - User Startup: CF93E62R.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - User Startup: 5L7DKOD5.lnk = C:\WINDOWS\5l7dkod5.exe
    O4 - User Startup: YLOBMUK9.lnk = C:\WINDOWS\ylobmuk9.exe
    O4 - User Startup: K20PJY1I.lnk = C:\WINDOWS\k20pjy1i.exe
    O4 - User Startup: RUC8C9JJ.lnk = C:\WINDOWS\ruc8c9jj.exe
    O4 - User Startup: 0PXP0B3C.lnk = C:\WINDOWS\0pxp0b3c.exe
    O4 - User Startup: D0NZF0UZ.lnk = C:\WINDOWS\d0nzf0uz.exe
    O4 - User Startup: G99VC4YK.lnk = C:\WINDOWS\g99vc4yk.exe
    O4 - User Startup: HB3RKLX9.lnk = C:\WINDOWS\hb3rklx9.exe
    O4 - User Startup: 75BDO96P.lnk = C:\WINDOWS\75bdo96p.exe
    O4 - User Startup: MAZ2NACZ.lnk = C:\WINDOWS\maz2nacz.exe
    O4 - User Startup: YN04MU8N.lnk = C:\WINDOWS\yn04mu8n.exe
    O4 - User Startup: MTPYZCCR.lnk = C:\WINDOWS\mtpyzccr.exe
    O4 - User Startup: 1Q16FV45.lnk = C:\WINDOWS\1q16fv45.exe
    O4 - User Startup: 8KFAZR99.lnk = C:\WINDOWS\8kfazr99.exe
    O4 - User Startup: XH78QJ2A.lnk = C:\WINDOWS\xh78qj2a.exe
    O4 - User Startup: 183OFRXT.lnk = C:\WINDOWS\183ofrxt.exe
    O4 - User Startup: 4BE9CWH5.lnk = C:\WINDOWS\4be9cwh5.exe
    O4 - User Startup: L0F89J00.lnk = C:\WINDOWS\l0f89j00.exe
    O4 - User Startup: 2TEHBB6P.lnk = C:\WINDOWS\2tehbb6p.exe
    O4 - User Startup: A5QQOQ1J.lnk = C:\WINDOWS\a5qqoq1j.exe
    O4 - User Startup: ZJKAH6O0.lnk = C:\WINDOWS\zjkah6o0.exe
    O4 - User Startup: N5B6CW80.lnk = C:\WINDOWS\n5b6cw80.exe
    O4 - User Startup: TVX9E7VK.lnk = C:\WINDOWS\tvx9e7vk.exe
    O4 - User Startup: 9IJAUILU.lnk = C:\WINDOWS\9ijauilu.exe
    O4 - User Startup: J721C5B0.lnk = C:\WINDOWS\j721c5b0.exe
    O4 - User Startup: 7IJUY1O6.lnk = C:\WINDOWS\7ijuy1o6.exe
    O4 - User Startup: 257GM903.lnk = C:\WINDOWS\257gm903.exe
    O4 - User Startup: 0VQCJ1KI.lnk = C:\WINDOWS\0vqcj1ki.exe
    O4 - User Startup: QP9IFT6Z.lnk = C:\WINDOWS\qp9ift6z.exe
    O4 - User Startup: E14OP80J.lnk = C:\WINDOWS\e14op80j.exe
    O4 - User Startup: M0BKDVFO.lnk = C:\WINDOWS\m0bkdvfo.exe
    O4 - User Startup: KV07WAVJ.lnk = C:\WINDOWS\kv07wavj.exe
    O4 - User Startup: LVILVP92.lnk = C:\WINDOWS\lvilvp92.exe
    O4 - User Startup: WN8205MR.lnk = C:\WINDOWS\wn8205mr.exe
    O4 - User Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
    O4 - User Startup: C7UO9YJR.lnk = C:\WINDOWS\c7uo9yjr.exe
    O4 - Global Startup: A5QQOQ1J.lnk = C:\WINDOWS\a5qqoq1j.exe
    O4 - Global Startup: ZJKAH6O0.lnk = C:\WINDOWS\zjkah6o0.exe
    O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
    O4 - Global Startup: N5B6CW80.lnk = C:\WINDOWS\n5b6cw80.exe
    O4 - Global Startup: TVX9E7VK.lnk = C:\WINDOWS\tvx9e7vk.exe
    O4 - Global Startup: 0KNAUA9E.lnk = C:\WINDOWS\0knaua9e.exe
    O4 - Global Startup: C6XT9DXB.lnk = C:\WINDOWS\c6xt9dxb.exe
    O4 - Global Startup: 9IJAUILU.lnk = C:\WINDOWS\9ijauilu.exe
    O4 - Global Startup: J721C5B0.lnk = C:\WINDOWS\j721c5b0.exe
    O4 - Global Startup: 7IJUY1O6.lnk = C:\WINDOWS\7ijuy1o6.exe
    O4 - Global Startup: 257GM903.lnk = C:\WINDOWS\257gm903.exe
    O4 - Global Startup: QP9IFT6Z.lnk = C:\WINDOWS\qp9ift6z.exe
    O4 - Global Startup: 0VQCJ1KI.lnk = C:\WINDOWS\0vqcj1ki.exe
    O4 - Global Startup: E14OP80J.lnk = C:\WINDOWS\e14op80j.exe
    O4 - Global Startup: M0BKDVFO.lnk = C:\WINDOWS\m0bkdvfo.exe
    O4 - Global Startup: 03BYRI2Z.lnk = C:\WINDOWS\03byri2z.exe
    O4 - Global Startup: KV07WAVJ.lnk = C:\WINDOWS\kv07wavj.exe
    O4 - Global Startup: LVILVP92.lnk = C:\WINDOWS\lvilvp92.exe
    O4 - Global Startup: WN8205MR.lnk = C:\WINDOWS\wn8205mr.exe
    O4 - Global Startup: C7UO9YJR.lnk = C:\WINDOWS\c7uo9yjr.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
    O12 - Plugin for .PDF: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37902.512974537
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {8E0B62E8-7811-4287-8026-9FE822D326B8} - http://www.webcademy.com/downloads/Install/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.9.27.1/ttinst.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
     
    mudkitty, Apr 1, 2004
    #3
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    download this file here (Adtomi Cleanup.zip).
    http://www.wilderssecurity.com/attachments/9x_Adtomi_Cleanup.zip for 98 or ME
    http://www.wilderssecurity.com/attachments/XPAdtomi_Cleanup.zip for XP

    or alternatively from
    http://www.thespykiller.co.uk/downloads.htm


    It was created by Mosaic1 and is available here with her kind permission
    And follow the instructions.

    First If you have a Script Blocking Program enabled, disable it first so the scripts may run.

    Unzip it to C:\Windows

    See if there is an Adtomi or yahoo stocks icon in your system tray , it might be a red ?? and if so right click and select remove , you must be online for this part

    --A web page from Adtomi would appear "-uninstall was succesful!"
    then go off line
    (note not all infections have this icon, so if it isn't there then don't worry)

    next press ctrl+ ALT+DEL once to bring up task manage & stop the running process on the funny named file with 8 assorted letters & numbers, that will be listed towards the bottom of the running process list in your hijackthis log,
    and there might also be morze1 running, if so end that process as well
    in your case the process to stop is C7UO9YJR.EXE

    if you can't stop it running, then DO NOT CONTINUE, please ask for more help first

    Now locate and Double Click Cleanup.bat that is in the folder you unzipped ( C:\Windows\Adtomi Cleanup )

    ***Do not Touch the VBS files. The bat file will run the scripts.

    It will remove the Adtomi Spyware files from the Windows Folder
    Clean the Startup Folders
    Create Backups of the Adtomi exe files it deletes and save them in this folder
    Create a list of all oddly named files deleted from the Windows Folder
    Uninstall the BHO
    Start HijackThis and give you directions on what to remove.

    When you have finished please restart the computer.

    Run HijackThis again and post the contents of your new log and the contents of Adtomi.txt in your next reply in your Forum Topic.
     
    dvk01, Apr 1, 2004
    #4
  5. mudkitty

    mudkitty Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    4
    So far it has worked ! Thank you.


    Here is the Hijackthis log. Once again thanks and if i have any more problems i will let you know

    ~lisa

    Logfile of HijackThis v1.97.7
    Scan saved at 4:27:57 PM, on 4/1/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\SHARP\SHARPDESK\SHARPTRAY.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\SHERI\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
    O4 - User Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\SHERI\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
    O4 - User Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O12 - Plugin for .PDF: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37902.512974537
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {8E0B62E8-7811-4287-8026-9FE822D326B8} - http://www.webcademy.com/downloads/Install/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.9.27.1/ttinst.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
     
    mudkitty, Apr 1, 2004
    #5
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi mudkitty,

    Welcome to Wilders.

    Before you start, please unzip or move HijackThis to a separate folder. The program will make backups in the folder it's in. These easily get lost in a temporary folder or a folder with other programs.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - (no file)

    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

    Download CWShredder and run. Be sure ALL other windows are closed and use the Fix button and follow the instructions you will receive.

    Then reboot in Safe Mode and delete the following:

    C:\PROGRA~1\TOOLBAR\ <-- entire folder

    Reboot and then post a fresh HijackThis log.

    Regards,
    Kent
     
    puff-m-d, Apr 1, 2004
    #6
  7. mudkitty

    mudkitty Registered Member

    Joined:
    Apr 1, 2004
    Posts:
    4
    I won't be back on the computer until tomorrow morning, I will then do as you recommended and post back.

    Once again, thanks!

    ~lisa
     
    mudkitty, Apr 1, 2004
    #7
  8. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi mudkitty,

    I will look for reply tomorrow ;) ...

    Regards,
    Kent
     
    puff-m-d, Apr 1, 2004
    #8
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    we would really like to see the contents of the adtomi.txt file that was made in this folder C:\Windows\Adtomi Cleanup when you ran the cleanup script, so we can check all the files have been deleted

    double click on the adtomi.txt file, when it opens, copy & paste it's content to your next reply please
     
    dvk01, Apr 2, 2004
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...