ascoredhat
asked on
Need Help with HijackThis results log
Hi,
I'm having problems with stuff that has been put on my computer by malicious websites and used HijackThis software to scan my registry. As I have been told, I have copied the log of it's results to show to those of you far smarter than me to help recognize the doo-doo that can be eliminated.
What's currently happening is when windows comes up after startup, I get a long line of files where it says it is missing shortcuts to (with the searching flashlight). Some of those files: morse5.exe, mk4n7orb.exe, kj0nn008.ee, w9ad4x1p.exe, be8k663j.exe, ba990uf3.exe, t0uy3zf9.exe, whzw0cjn.exe, morze1.exe. I noticed that alot of these are in the results of the HijackThis scan.
After cancelling all of them, messages come up saying "an error has occured in your program. To keep working anyway,click ignore. Otherwise Close. I click close and get the red X message 'This program has performed an illegal operation and will be shut down. General protection fault in module DDEML.DLL".
After being on the computer for a short time, everything will give me the error message that the computer is out of memory.
Here is the HijackThis Log file:
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-B
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Clear Search - {00000000-0000-0000-0000-0
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-8
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\a
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPC
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPM
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPO
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.e
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRu
O4 - HKLM\..\Run: [IVZMTDMK] C:\WINDOWS\IVZMTDMK.exe
O4 - HKLM\..\Run: [indoww] C:\WINDOWS\SYSTEM\indoww.e
O4 - HKLM\..\Run: [L0DUFJU5.EXE] C:\WINDOWS\L0DUFJU5.EXE /dk
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\A
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUND
O4 - HKCU\..\Run: [MemoryZipperPlus] C:\PROGRAM FILES\MEMZIP\MEMZIP.EXE
O4 - HKCU\..\Run: [L0DUFJU5.EXE] C:\WINDOWS\L0DUFJU5.EXE /dk
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: MHTD0QQC.lnk = C:\WINDOWS\mhtd0qqc.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: DU0UNQAH.lnk = C:\WINDOWS\du0unqah.exe
O4 - Startup: FZ4XA4G4.lnk = C:\WINDOWS\fz4xa4g4.exe
O4 - Startup: NOVYKVCP.lnk = C:\WINDOWS\novykvcp.exe
O4 - Startup: MK4N7ORB.lnk = C:\WINDOWS\mk4n7orb.exe
O4 - Startup: KJ0NN008.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: W9AD4X1P.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: BE8K663J.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: GJ0QDO1E.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: RCCGY1AM.lnk = C:\WINDOWS\rccgy1am.exe
O4 - Startup: 24N9C9AJ.lnk = C:\WINDOWS\24n9c9aj.exe
O4 - Startup: L8R79XUC.lnk = C:\WINDOWS\l8r79xuc.exe
O4 - Startup: PZBXTENM.lnk = C:\WINDOWS\pzbxtenm.exe
O4 - Startup: VLT9ZNK2.lnk = C:\WINDOWS\vlt9znk2.exe
O4 - Startup: 0PYJHQBR.lnk = C:\WINDOWS\0pyjhqbr.exe
O4 - Startup: BA9Q0UF3.lnk = C:\WINDOWS\ba9q0uf3.exe
O4 - Startup: UFZIY351.lnk = C:\WINDOWS\ufziy351.exe
O4 - Startup: D3EUHQJX.lnk = C:\WINDOWS\d3euhqjx.exe
O4 - Startup: FDUWFG08.lnk = C:\WINDOWS\fduwfg08.exe
O4 - Startup: T0UY3ZF9.lnk = C:\WINDOWS\t0uy3zf9.exe
O4 - Startup: ODHFNIIA.lnk = C:\WINDOWS\odhfniia.exe
O4 - Startup: WHZW0CJN.lnk = C:\WINDOWS\whzw0cjn.exe
O4 - Startup: 8BEN0JXE.lnk = C:\WINDOWS\8ben0jxe.exe
O4 - Startup: C9CBJYUB.lnk = C:\WINDOWS\c9cbjyub.exe
O4 - Startup: 7PLHWPAC.lnk = C:\WINDOWS\7plhwpac.exe
O4 - Startup: 52E0HLXL.lnk = C:\WINDOWS\52e0hlxl.exe
O4 - Startup: V5XTLGE6.lnk = C:\WINDOWS\v5xtlge6.exe
O4 - Startup: L0DUFJU5.lnk = C:\WINDOWS\l0dufju5.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: MHTD0QQC.lnk = C:\WINDOWS\mhtd0qqc.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: DU0UNQAH.lnk = C:\WINDOWS\du0unqah.exe
O4 - Global Startup: FZ4XA4G4.lnk = C:\WINDOWS\fz4xa4g4.exe
O4 - Global Startup: NOVYKVCP.lnk = C:\WINDOWS\novykvcp.exe
O4 - Global Startup: MK4N7ORB.lnk = C:\WINDOWS\mk4n7orb.exe
O4 - Global Startup: KJ0NN008.lnk = C:\WINDOWS\kj0nn008.exe
O4 - Global Startup: W9AD4X1P.lnk = C:\WINDOWS\w9ad4x1p.exe
O4 - Global Startup: BE8K663J.lnk = C:\WINDOWS\be8k663j.exe
O4 - Global Startup: GJ0QDO1E.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Global Startup: RCCGY1AM.lnk = C:\WINDOWS\rccgy1am.exe
O4 - Global Startup: 24N9C9AJ.lnk = C:\WINDOWS\24n9c9aj.exe
O4 - Global Startup: L8R79XUC.lnk = C:\WINDOWS\l8r79xuc.exe
O4 - Global Startup: PZBXTENM.lnk = C:\WINDOWS\pzbxtenm.exe
O4 - Global Startup: VLT9ZNK2.lnk = C:\WINDOWS\vlt9znk2.exe
O4 - Global Startup: 0PYJHQBR.lnk = C:\WINDOWS\0pyjhqbr.exe
O4 - Global Startup: BA9Q0UF3.lnk = C:\WINDOWS\ba9q0uf3.exe
O4 - Global Startup: UFZIY351.lnk = C:\WINDOWS\ufziy351.exe
O4 - Global Startup: D3EUHQJX.lnk = C:\WINDOWS\d3euhqjx.exe
O4 - Global Startup: FDUWFG08.lnk = C:\WINDOWS\fduwfg08.exe
O4 - Global Startup: T0UY3ZF9.lnk = C:\WINDOWS\t0uy3zf9.exe
O4 - Global Startup: ODHFNIIA.lnk = C:\WINDOWS\odhfniia.exe
O4 - Global Startup: WHZW0CJN.lnk = C:\WINDOWS\whzw0cjn.exe
O4 - Global Startup: 8BEN0JXE.lnk = C:\WINDOWS\8ben0jxe.exe
O4 - Global Startup: C9CBJYUB.lnk = C:\WINDOWS\c9cbjyub.exe
O4 - Global Startup: 7PLHWPAC.lnk = C:\WINDOWS\7plhwpac.exe
O4 - Global Startup: 52E0HLXL.lnk = C:\WINDOWS\52e0hlxl.exe
O4 - Global Startup: V5XTLGE6.lnk = C:\WINDOWS\v5xtlge6.exe
O4 - Global Startup: L0DUFJU5.lnk = C:\WINDOWS\l0dufju5.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O12 - Plugin for .ipp: C:\PROGRA~1\INTERN~1\Plugi
O12 - Plugin for .ipt: C:\PROGRA~1\INTERN~1\Plugi
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {908F3C82-B57E-11D4-BF33-0
O16 - DPF: {C606BA60-AB76-48B6-96A7-2
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
O16 - DPF: {10000273-8230-4DD4-BE4F-6
O16 - DPF: {77E32299-629F-43C6-AB77-6
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D
O16 - DPF: {0335A685-ED24-4F7B-A08E-3
O19 - User stylesheet: C:\WINDOWS\hh.htt
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
Oh please, any help would be so, so, soooooo appreciated!!
Dave
I'm having problems with stuff that has been put on my computer by malicious websites and used HijackThis software to scan my registry. As I have been told, I have copied the log of it's results to show to those of you far smarter than me to help recognize the doo-doo that can be eliminated.
What's currently happening is when windows comes up after startup, I get a long line of files where it says it is missing shortcuts to (with the searching flashlight). Some of those files: morse5.exe, mk4n7orb.exe, kj0nn008.ee, w9ad4x1p.exe, be8k663j.exe, ba990uf3.exe, t0uy3zf9.exe, whzw0cjn.exe, morze1.exe. I noticed that alot of these are in the results of the HijackThis scan.
After cancelling all of them, messages come up saying "an error has occured in your program. To keep working anyway,click ignore. Otherwise Close. I click close and get the red X message 'This program has performed an illegal operation and will be shut down. General protection fault in module DDEML.DLL".
After being on the computer for a short time, everything will give me the error message that the computer is out of memory.
Here is the HijackThis Log file:
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-B
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Clear Search - {00000000-0000-0000-0000-0
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-8
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\a
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPC
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUALIPINSIGHT\IPM
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPO
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.e
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRu
O4 - HKLM\..\Run: [IVZMTDMK] C:\WINDOWS\IVZMTDMK.exe
O4 - HKLM\..\Run: [indoww] C:\WINDOWS\SYSTEM\indoww.e
O4 - HKLM\..\Run: [L0DUFJU5.EXE] C:\WINDOWS\L0DUFJU5.EXE /dk
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\A
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUND
O4 - HKCU\..\Run: [MemoryZipperPlus] C:\PROGRAM FILES\MEMZIP\MEMZIP.EXE
O4 - HKCU\..\Run: [L0DUFJU5.EXE] C:\WINDOWS\L0DUFJU5.EXE /dk
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: MHTD0QQC.lnk = C:\WINDOWS\mhtd0qqc.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: DU0UNQAH.lnk = C:\WINDOWS\du0unqah.exe
O4 - Startup: FZ4XA4G4.lnk = C:\WINDOWS\fz4xa4g4.exe
O4 - Startup: NOVYKVCP.lnk = C:\WINDOWS\novykvcp.exe
O4 - Startup: MK4N7ORB.lnk = C:\WINDOWS\mk4n7orb.exe
O4 - Startup: KJ0NN008.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: W9AD4X1P.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: BE8K663J.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: GJ0QDO1E.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: RCCGY1AM.lnk = C:\WINDOWS\rccgy1am.exe
O4 - Startup: 24N9C9AJ.lnk = C:\WINDOWS\24n9c9aj.exe
O4 - Startup: L8R79XUC.lnk = C:\WINDOWS\l8r79xuc.exe
O4 - Startup: PZBXTENM.lnk = C:\WINDOWS\pzbxtenm.exe
O4 - Startup: VLT9ZNK2.lnk = C:\WINDOWS\vlt9znk2.exe
O4 - Startup: 0PYJHQBR.lnk = C:\WINDOWS\0pyjhqbr.exe
O4 - Startup: BA9Q0UF3.lnk = C:\WINDOWS\ba9q0uf3.exe
O4 - Startup: UFZIY351.lnk = C:\WINDOWS\ufziy351.exe
O4 - Startup: D3EUHQJX.lnk = C:\WINDOWS\d3euhqjx.exe
O4 - Startup: FDUWFG08.lnk = C:\WINDOWS\fduwfg08.exe
O4 - Startup: T0UY3ZF9.lnk = C:\WINDOWS\t0uy3zf9.exe
O4 - Startup: ODHFNIIA.lnk = C:\WINDOWS\odhfniia.exe
O4 - Startup: WHZW0CJN.lnk = C:\WINDOWS\whzw0cjn.exe
O4 - Startup: 8BEN0JXE.lnk = C:\WINDOWS\8ben0jxe.exe
O4 - Startup: C9CBJYUB.lnk = C:\WINDOWS\c9cbjyub.exe
O4 - Startup: 7PLHWPAC.lnk = C:\WINDOWS\7plhwpac.exe
O4 - Startup: 52E0HLXL.lnk = C:\WINDOWS\52e0hlxl.exe
O4 - Startup: V5XTLGE6.lnk = C:\WINDOWS\v5xtlge6.exe
O4 - Startup: L0DUFJU5.lnk = C:\WINDOWS\l0dufju5.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: MHTD0QQC.lnk = C:\WINDOWS\mhtd0qqc.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: DU0UNQAH.lnk = C:\WINDOWS\du0unqah.exe
O4 - Global Startup: FZ4XA4G4.lnk = C:\WINDOWS\fz4xa4g4.exe
O4 - Global Startup: NOVYKVCP.lnk = C:\WINDOWS\novykvcp.exe
O4 - Global Startup: MK4N7ORB.lnk = C:\WINDOWS\mk4n7orb.exe
O4 - Global Startup: KJ0NN008.lnk = C:\WINDOWS\kj0nn008.exe
O4 - Global Startup: W9AD4X1P.lnk = C:\WINDOWS\w9ad4x1p.exe
O4 - Global Startup: BE8K663J.lnk = C:\WINDOWS\be8k663j.exe
O4 - Global Startup: GJ0QDO1E.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Global Startup: RCCGY1AM.lnk = C:\WINDOWS\rccgy1am.exe
O4 - Global Startup: 24N9C9AJ.lnk = C:\WINDOWS\24n9c9aj.exe
O4 - Global Startup: L8R79XUC.lnk = C:\WINDOWS\l8r79xuc.exe
O4 - Global Startup: PZBXTENM.lnk = C:\WINDOWS\pzbxtenm.exe
O4 - Global Startup: VLT9ZNK2.lnk = C:\WINDOWS\vlt9znk2.exe
O4 - Global Startup: 0PYJHQBR.lnk = C:\WINDOWS\0pyjhqbr.exe
O4 - Global Startup: BA9Q0UF3.lnk = C:\WINDOWS\ba9q0uf3.exe
O4 - Global Startup: UFZIY351.lnk = C:\WINDOWS\ufziy351.exe
O4 - Global Startup: D3EUHQJX.lnk = C:\WINDOWS\d3euhqjx.exe
O4 - Global Startup: FDUWFG08.lnk = C:\WINDOWS\fduwfg08.exe
O4 - Global Startup: T0UY3ZF9.lnk = C:\WINDOWS\t0uy3zf9.exe
O4 - Global Startup: ODHFNIIA.lnk = C:\WINDOWS\odhfniia.exe
O4 - Global Startup: WHZW0CJN.lnk = C:\WINDOWS\whzw0cjn.exe
O4 - Global Startup: 8BEN0JXE.lnk = C:\WINDOWS\8ben0jxe.exe
O4 - Global Startup: C9CBJYUB.lnk = C:\WINDOWS\c9cbjyub.exe
O4 - Global Startup: 7PLHWPAC.lnk = C:\WINDOWS\7plhwpac.exe
O4 - Global Startup: 52E0HLXL.lnk = C:\WINDOWS\52e0hlxl.exe
O4 - Global Startup: V5XTLGE6.lnk = C:\WINDOWS\v5xtlge6.exe
O4 - Global Startup: L0DUFJU5.lnk = C:\WINDOWS\l0dufju5.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O12 - Plugin for .ipp: C:\PROGRA~1\INTERN~1\Plugi
O12 - Plugin for .ipt: C:\PROGRA~1\INTERN~1\Plugi
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {908F3C82-B57E-11D4-BF33-0
O16 - DPF: {C606BA60-AB76-48B6-96A7-2
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
O16 - DPF: {10000273-8230-4DD4-BE4F-6
O16 - DPF: {77E32299-629F-43C6-AB77-6
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D
O16 - DPF: {0335A685-ED24-4F7B-A08E-3
O19 - User stylesheet: C:\WINDOWS\hh.htt
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
Oh please, any help would be so, so, soooooo appreciated!!
Dave
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check out this web site.
http://www.thatcomputerguy.us/
Go to their forums, to security - nice people, very knowledgeable, quick response.
I've used their help with Hijack This lists for many friends, co-workers, acquaintances, etc..
Also, I've found that Ad-aware (Lavasoft.com - free version) catches things that Spybot misses, and vice versa - I run both.
Another thing to look into is Spyware Blaster - one can never have enough secrurity tools!
Good luck!
http://www.thatcomputerguy.us/
Go to their forums, to security - nice people, very knowledgeable, quick response.
I've used their help with Hijack This lists for many friends, co-workers, acquaintances, etc..
Also, I've found that Ad-aware (Lavasoft.com - free version) catches things that Spybot misses, and vice versa - I run both.
Another thing to look into is Spyware Blaster - one can never have enough secrurity tools!
Good luck!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello again!
I'm currently working on a friends computer to remove spyware/parasites/malware,
Came across a few things you have on your computer.
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6
02 - BHO: (no name) - {00041A26-7033-432C-94C7-6
02 - BHO: Clear Search - {00000000-0000-0000-0000-0
02 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8
03 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-8
http://bannerfarm.ace.advertising.com/bannerfarm/42634/VBouncerOuter1301.exe - spyware/malware.
Some of these things you should probably NOT automatically try to remove.
Go to the site listed below, where you'll find fairly comprehensive lists of CLSID's and programs with links on info. and
how to remove them. They try to keep these lists very complete, but I've found that they are not 100 percent complete.
http://www.sysinfo.org/
Note: anytime you have to edit the Registry - careful! - backup!
As always: your fellow user/abuser in computer chaos! :)) (I love experts-exchange!) Time for a libation!
Later!
I'm currently working on a friends computer to remove spyware/parasites/malware,
Came across a few things you have on your computer.
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6
02 - BHO: (no name) - {00041A26-7033-432C-94C7-6
02 - BHO: Clear Search - {00000000-0000-0000-0000-0
02 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8
03 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-8
http://bannerfarm.ace.advertising.com/bannerfarm/42634/VBouncerOuter1301.exe - spyware/malware.
Some of these things you should probably NOT automatically try to remove.
Go to the site listed below, where you'll find fairly comprehensive lists of CLSID's and programs with links on info. and
how to remove them. They try to keep these lists very complete, but I've found that they are not 100 percent complete.
http://www.sysinfo.org/
Note: anytime you have to edit the Registry - careful! - backup!
As always: your fellow user/abuser in computer chaos! :)) (I love experts-exchange!) Time for a libation!
Later!
Just to let you know, these:
O4 - Startup: DU0UNQAH.lnk = C:\WINDOWS\du0unqah.exe
O4 - Startup: FZ4XA4G4.lnk = C:\WINDOWS\fz4xa4g4.exe
O4 - Startup: NOVYKVCP.lnk = C:\WINDOWS\novykvcp.exe
O4 - Startup: MK4N7ORB.lnk = C:\WINDOWS\mk4n7orb.exe
O4 - Startup: KJ0NN008.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: W9AD4X1P.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: BE8K663J.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: GJ0QDO1E.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: RCCGY1AM.lnk = C:\WINDOWS\rccgy1am.exe
O4 - Startup: 24N9C9AJ.lnk = C:\WINDOWS\24n9c9aj.exe
O4 - Startup: L8R79XUC.lnk = C:\WINDOWS\l8r79xuc.exe
O4 - Startup: PZBXTENM.lnk = C:\WINDOWS\pzbxtenm.exe
O4 - Startup: VLT9ZNK2.lnk = C:\WINDOWS\vlt9znk2.exe
O4 - Startup: 0PYJHQBR.lnk = C:\WINDOWS\0pyjhqbr.exe
O4 - Startup: BA9Q0UF3.lnk = C:\WINDOWS\ba9q0uf3.exe
O4 - Startup: UFZIY351.lnk = C:\WINDOWS\ufziy351.exe
O4 - Startup: D3EUHQJX.lnk = C:\WINDOWS\d3euhqjx.exe
O4 - Startup: FDUWFG08.lnk = C:\WINDOWS\fduwfg08.exe
O4 - Startup: T0UY3ZF9.lnk = C:\WINDOWS\t0uy3zf9.exe
O4 - Startup: ODHFNIIA.lnk = C:\WINDOWS\odhfniia.exe
O4 - Startup: WHZW0CJN.lnk = C:\WINDOWS\whzw0cjn.exe
O4 - Startup: 8BEN0JXE.lnk = C:\WINDOWS\8ben0jxe.exe
O4 - Startup: C9CBJYUB.lnk = C:\WINDOWS\c9cbjyub.exe
O4 - Startup: 7PLHWPAC.lnk = C:\WINDOWS\7plhwpac.exe
O4 - Startup: 52E0HLXL.lnk = C:\WINDOWS\52e0hlxl.exe
O4 - Startup: V5XTLGE6.lnk = C:\WINDOWS\v5xtlge6.exe
O4 - Startup: L0DUFJU5.lnk = C:\WINDOWS\l0dufju5.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: MHTD0QQC.lnk = C:\WINDOWS\mhtd0qqc.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: DU0UNQAH.lnk = C:\WINDOWS\du0unqah.exe
O4 - Global Startup: FZ4XA4G4.lnk = C:\WINDOWS\fz4xa4g4.exe
O4 - Global Startup: NOVYKVCP.lnk = C:\WINDOWS\novykvcp.exe
O4 - Global Startup: MK4N7ORB.lnk = C:\WINDOWS\mk4n7orb.exe
O4 - Global Startup: KJ0NN008.lnk = C:\WINDOWS\kj0nn008.exe
O4 - Global Startup: W9AD4X1P.lnk = C:\WINDOWS\w9ad4x1p.exe
O4 - Global Startup: BE8K663J.lnk = C:\WINDOWS\be8k663j.exe
O4 - Global Startup: GJ0QDO1E.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Global Startup: RCCGY1AM.lnk = C:\WINDOWS\rccgy1am.exe
O4 - Global Startup: 24N9C9AJ.lnk = C:\WINDOWS\24n9c9aj.exe
O4 - Global Startup: L8R79XUC.lnk = C:\WINDOWS\l8r79xuc.exe
O4 - Global Startup: PZBXTENM.lnk = C:\WINDOWS\pzbxtenm.exe
O4 - Global Startup: VLT9ZNK2.lnk = C:\WINDOWS\vlt9znk2.exe
O4 - Global Startup: 0PYJHQBR.lnk = C:\WINDOWS\0pyjhqbr.exe
O4 - Global Startup: BA9Q0UF3.lnk = C:\WINDOWS\ba9q0uf3.exe
O4 - Global Startup: UFZIY351.lnk = C:\WINDOWS\ufziy351.exe
O4 - Global Startup: D3EUHQJX.lnk = C:\WINDOWS\d3euhqjx.exe
O4 - Global Startup: FDUWFG08.lnk = C:\WINDOWS\fduwfg08.exe
O4 - Global Startup: T0UY3ZF9.lnk = C:\WINDOWS\t0uy3zf9.exe
O4 - Global Startup: ODHFNIIA.lnk = C:\WINDOWS\odhfniia.exe
O4 - Global Startup: WHZW0CJN.lnk = C:\WINDOWS\whzw0cjn.exe
O4 - Global Startup: 8BEN0JXE.lnk = C:\WINDOWS\8ben0jxe.exe
O4 - Global Startup: C9CBJYUB.lnk = C:\WINDOWS\c9cbjyub.exe
O4 - Global Startup: 7PLHWPAC.lnk = C:\WINDOWS\7plhwpac.exe
O4 - Global Startup: 52E0HLXL.lnk = C:\WINDOWS\52e0hlxl.exe
O4 - Global Startup: V5XTLGE6.lnk = C:\WINDOWS\v5xtlge6.exe
O4 - Global Startup: L0DUFJU5.lnk = C:\WINDOWS\l0dufju5.exe
Are viruses. It looks like Bagle.Q to me, right off the bat, but maybe its a Klez strain. Try downloading this program: http://vil.nai.com/vil/stinger/ and scanning your computer for viruses. I know you may have a virus scanner on your computer, but you may have a very recent virus on there as well. Give that a shot, because those Global Startups with random names in your Windows folder are viruses.
O4 - Startup: DU0UNQAH.lnk = C:\WINDOWS\du0unqah.exe
O4 - Startup: FZ4XA4G4.lnk = C:\WINDOWS\fz4xa4g4.exe
O4 - Startup: NOVYKVCP.lnk = C:\WINDOWS\novykvcp.exe
O4 - Startup: MK4N7ORB.lnk = C:\WINDOWS\mk4n7orb.exe
O4 - Startup: KJ0NN008.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: W9AD4X1P.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: BE8K663J.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: GJ0QDO1E.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Startup: RCCGY1AM.lnk = C:\WINDOWS\rccgy1am.exe
O4 - Startup: 24N9C9AJ.lnk = C:\WINDOWS\24n9c9aj.exe
O4 - Startup: L8R79XUC.lnk = C:\WINDOWS\l8r79xuc.exe
O4 - Startup: PZBXTENM.lnk = C:\WINDOWS\pzbxtenm.exe
O4 - Startup: VLT9ZNK2.lnk = C:\WINDOWS\vlt9znk2.exe
O4 - Startup: 0PYJHQBR.lnk = C:\WINDOWS\0pyjhqbr.exe
O4 - Startup: BA9Q0UF3.lnk = C:\WINDOWS\ba9q0uf3.exe
O4 - Startup: UFZIY351.lnk = C:\WINDOWS\ufziy351.exe
O4 - Startup: D3EUHQJX.lnk = C:\WINDOWS\d3euhqjx.exe
O4 - Startup: FDUWFG08.lnk = C:\WINDOWS\fduwfg08.exe
O4 - Startup: T0UY3ZF9.lnk = C:\WINDOWS\t0uy3zf9.exe
O4 - Startup: ODHFNIIA.lnk = C:\WINDOWS\odhfniia.exe
O4 - Startup: WHZW0CJN.lnk = C:\WINDOWS\whzw0cjn.exe
O4 - Startup: 8BEN0JXE.lnk = C:\WINDOWS\8ben0jxe.exe
O4 - Startup: C9CBJYUB.lnk = C:\WINDOWS\c9cbjyub.exe
O4 - Startup: 7PLHWPAC.lnk = C:\WINDOWS\7plhwpac.exe
O4 - Startup: 52E0HLXL.lnk = C:\WINDOWS\52e0hlxl.exe
O4 - Startup: V5XTLGE6.lnk = C:\WINDOWS\v5xtlge6.exe
O4 - Startup: L0DUFJU5.lnk = C:\WINDOWS\l0dufju5.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: MHTD0QQC.lnk = C:\WINDOWS\mhtd0qqc.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: DU0UNQAH.lnk = C:\WINDOWS\du0unqah.exe
O4 - Global Startup: FZ4XA4G4.lnk = C:\WINDOWS\fz4xa4g4.exe
O4 - Global Startup: NOVYKVCP.lnk = C:\WINDOWS\novykvcp.exe
O4 - Global Startup: MK4N7ORB.lnk = C:\WINDOWS\mk4n7orb.exe
O4 - Global Startup: KJ0NN008.lnk = C:\WINDOWS\kj0nn008.exe
O4 - Global Startup: W9AD4X1P.lnk = C:\WINDOWS\w9ad4x1p.exe
O4 - Global Startup: BE8K663J.lnk = C:\WINDOWS\be8k663j.exe
O4 - Global Startup: GJ0QDO1E.lnk = C:\WINDOWS\gj0qdo1e.exe
O4 - Global Startup: RCCGY1AM.lnk = C:\WINDOWS\rccgy1am.exe
O4 - Global Startup: 24N9C9AJ.lnk = C:\WINDOWS\24n9c9aj.exe
O4 - Global Startup: L8R79XUC.lnk = C:\WINDOWS\l8r79xuc.exe
O4 - Global Startup: PZBXTENM.lnk = C:\WINDOWS\pzbxtenm.exe
O4 - Global Startup: VLT9ZNK2.lnk = C:\WINDOWS\vlt9znk2.exe
O4 - Global Startup: 0PYJHQBR.lnk = C:\WINDOWS\0pyjhqbr.exe
O4 - Global Startup: BA9Q0UF3.lnk = C:\WINDOWS\ba9q0uf3.exe
O4 - Global Startup: UFZIY351.lnk = C:\WINDOWS\ufziy351.exe
O4 - Global Startup: D3EUHQJX.lnk = C:\WINDOWS\d3euhqjx.exe
O4 - Global Startup: FDUWFG08.lnk = C:\WINDOWS\fduwfg08.exe
O4 - Global Startup: T0UY3ZF9.lnk = C:\WINDOWS\t0uy3zf9.exe
O4 - Global Startup: ODHFNIIA.lnk = C:\WINDOWS\odhfniia.exe
O4 - Global Startup: WHZW0CJN.lnk = C:\WINDOWS\whzw0cjn.exe
O4 - Global Startup: 8BEN0JXE.lnk = C:\WINDOWS\8ben0jxe.exe
O4 - Global Startup: C9CBJYUB.lnk = C:\WINDOWS\c9cbjyub.exe
O4 - Global Startup: 7PLHWPAC.lnk = C:\WINDOWS\7plhwpac.exe
O4 - Global Startup: 52E0HLXL.lnk = C:\WINDOWS\52e0hlxl.exe
O4 - Global Startup: V5XTLGE6.lnk = C:\WINDOWS\v5xtlge6.exe
O4 - Global Startup: L0DUFJU5.lnk = C:\WINDOWS\l0dufju5.exe
Are viruses. It looks like Bagle.Q to me, right off the bat, but maybe its a Klez strain. Try downloading this program: http://vil.nai.com/vil/stinger/ and scanning your computer for viruses. I know you may have a virus scanner on your computer, but you may have a very recent virus on there as well. Give that a shot, because those Global Startups with random names in your Windows folder are viruses.
Ascoredhat (Dave)
I have this exact same virus which appeared on my computer on the 23rd of March and is creating the same havoc. Did you ever find a solution as of yet because I have not.
Thanks,
Don
I have this exact same virus which appeared on my computer on the 23rd of March and is creating the same havoc. Did you ever find a solution as of yet because I have not.
Thanks,
Don
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Jim, thank you for this idea; looks logical and I will try. I can manage the other steps but I am not familiar with the HiJack This software.
Thanks,
Don
Thanks,
Don
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for everyone's help. The biggest help was the tip for the lockergnome site where Die Hard was extremely helpful in reading the HiJack Log. The Avast and Adaware software also helped find bits and pieces of nasty stuff, so thanks there, too.
Thank you for all your kind assistance in this. Why does it seem that viruses and hijacking sites are on the rise and are getting ever more nasty? It seems everytime i turn around and go to a site, it's trying to get me to download stuff and won't let me click the page off without another one popping up trying to get me to "accept" a download or plug-in, and I'm not even talking porn sites. These are just game/card sites here, which for the most part, I'm trying to stay away from. Does anybody know of any good online article that helps shed light on how to avoid being hijacked?
Again, thanks to you all!
Dave
Thank you for all your kind assistance in this. Why does it seem that viruses and hijacking sites are on the rise and are getting ever more nasty? It seems everytime i turn around and go to a site, it's trying to get me to download stuff and won't let me click the page off without another one popping up trying to get me to "accept" a download or plug-in, and I'm not even talking porn sites. These are just game/card sites here, which for the most part, I'm trying to stay away from. Does anybody know of any good online article that helps shed light on how to avoid being hijacked?
Again, thanks to you all!
Dave
Check this site out for a fairly complete explanation of what and why all the problems with spyware,adware, browser hijacking, etc..
http://www.spywareinfo.com/
Also, while you're there, you should look into SpywareGuard and SpywareBlaster, these help to prevent spyware, adware,
hijackers from infecting your computer.
Glad someone could help!!
Good luck!
http://www.spywareinfo.com/
Also, while you're there, you should look into SpywareGuard and SpywareBlaster, these help to prevent spyware, adware,
hijackers from infecting your computer.
Glad someone could help!!
Good luck!
Keep you AV software up to date, get a popup blocker and Just Say No!
If you do a lot of recreational surfing, a software firewall isn't a bad idea either.
If you do a lot of recreational surfing, a software firewall isn't a bad idea either.
ASKER
Any help on what I can put check marks next to on the above list in Hijack This would be greatly appreciated.
Thanks!
Dave