hyltongd
01-28-2005, 05:05 AM
Need some help here guys. . .
Pop-ups, browser re-directs, etc. are making this machine a real pain in the butt...
After looking through some previous posts, I have done the following:
Run Ad Aware and Spybot.
Used the Housecall Virus scan
Used Add/Remove Programs and took out unneeded files.
Here is my HiJackThis log as well. Any help would be much appreciated!
Logfile of HijackThis v1.99.0
Scan saved at 7:44:14 AM, on 01/28/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\PROGRAM FILES\COMMAND SOFTWARE\COMMAND ANTIVIRUS\UNTRAY.EXE
C:\PROGRAM FILES\COMMAND SOFTWARE\COMMAND ANTIVIRUS\AVINIT9X.EXE
C:\PROGRAM FILES\COMMAND SOFTWARE\COMMAND ANTIVIRUS\AVTRAY.EXE
C:\PROGRAM FILES\COMMAND SOFTWARE\COMMAND ANTIVIRUS\SCHSC9X.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\COMMAND SOFTWARE\DVPAPI9X.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: SDWin32 Class - {8249E6C0-5FDE-11D9-92DC-0000B455C498} - C:\WINDOWS\SYSTEM\DETHJ.DLL (file missing)
O2 - BHO: SDWin32 Class - {9BE38D20-5FDE-11D9-92DC-0000B455C498} - C:\WINDOWS\SYSTEM\FDLJC.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [CSV10P70] \Progra~1\CSBB\CSV10P070.EXE
O4 - HKLM\..\Run: [dethjc] C:\WINDOWS\SYSTEM\dethjc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\ADL_DH.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\COMMAN~1\COMMAN~1\UNTRAY.EXE
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\VCHK.EXE
O4 - HKLM\..\Run: [avinit] C:\PROGRA~1\COMMAN~1\COMMAN~1\AVINIT9X.EXE
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\AVTRAY.EXE
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\DVPRPT.EXE
O4 - HKLM\..\Run: [AVSchedScan] C:\PROGRA~1\COMMAN~1\COMMAN~1\SCHSC9X.EXE
O4 - HKLM\..\RunServices: [CSS_Central] C:\PROGRA~1\COMMAN~1\F-PROT95\CSS_1631.EXE
O4 - HKLM\..\RunServices: [dvpapi9x] C:\PROGRA~1\COMMAN~1\F-PROT95\DVPAPI9X.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ns1.ena.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 208.182.122.2,208.182.122.130
Pop-ups, browser re-directs, etc. are making this machine a real pain in the butt...
After looking through some previous posts, I have done the following:
Run Ad Aware and Spybot.
Used the Housecall Virus scan
Used Add/Remove Programs and took out unneeded files.
Here is my HiJackThis log as well. Any help would be much appreciated!
Logfile of HijackThis v1.99.0
Scan saved at 7:44:14 AM, on 01/28/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\PROGRAM FILES\COMMAND SOFTWARE\COMMAND ANTIVIRUS\UNTRAY.EXE
C:\PROGRAM FILES\COMMAND SOFTWARE\COMMAND ANTIVIRUS\AVINIT9X.EXE
C:\PROGRAM FILES\COMMAND SOFTWARE\COMMAND ANTIVIRUS\AVTRAY.EXE
C:\PROGRAM FILES\COMMAND SOFTWARE\COMMAND ANTIVIRUS\SCHSC9X.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\COMMAND SOFTWARE\DVPAPI9X.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: SDWin32 Class - {8249E6C0-5FDE-11D9-92DC-0000B455C498} - C:\WINDOWS\SYSTEM\DETHJ.DLL (file missing)
O2 - BHO: SDWin32 Class - {9BE38D20-5FDE-11D9-92DC-0000B455C498} - C:\WINDOWS\SYSTEM\FDLJC.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [CSV10P70] \Progra~1\CSBB\CSV10P070.EXE
O4 - HKLM\..\Run: [dethjc] C:\WINDOWS\SYSTEM\dethjc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\ADL_DH.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\COMMAN~1\COMMAN~1\UNTRAY.EXE
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\VCHK.EXE
O4 - HKLM\..\Run: [avinit] C:\PROGRA~1\COMMAN~1\COMMAN~1\AVINIT9X.EXE
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\AVTRAY.EXE
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\DVPRPT.EXE
O4 - HKLM\..\Run: [AVSchedScan] C:\PROGRA~1\COMMAN~1\COMMAN~1\SCHSC9X.EXE
O4 - HKLM\..\RunServices: [CSS_Central] C:\PROGRA~1\COMMAN~1\F-PROT95\CSS_1631.EXE
O4 - HKLM\..\RunServices: [dvpapi9x] C:\PROGRA~1\COMMAN~1\F-PROT95\DVPAPI9X.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ns1.ena.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 208.182.122.2,208.182.122.130