infested w/ ads, mysterious pgms

Computing.Net > Forums > Windows 2000 > infested w/ ads, mysterious pgms

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

infested w/ ads, mysterious pgms

Name: carl
Date: October 17, 2003 at 19:01:36 Pacific
OS: W2000 5.00.2195
CPU/Ram: PIII 1 GHz 384 M

Comment:

My computer is completely overrun by ads, mysterious processes, strange programs that don't appear in add/remove, etc. One of them appears now to be crashing my cable modem (which resets itself after about 20 sec, but freezes IE and any IM as a result). I've run Adaware, Spybot, McAffe, to little avail. Help!
Here is my Hijack log:
Logfile of HijackThis v1.97.2
Scan saved at 9:44:22 PM, on 10/17/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\VerizonDSL\WinPoET\WrOS.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Support.com\bin\tgcmd.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\WINNT\System32\MDM.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\WinZip\WINZIP32.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\Carl Frank\Desktop\Download\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wrfremote.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.my.delleworks.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.wrfoutlook.com/exchange
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: GlobalWebSearch.com Bar - {54A85A38-A699-4AEC-8F88-AB542210C93B} - C:\WINNT\System32\gws.dll
O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Program Files\Common Files\OE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [od-teen81] c:\program files\OnlineDialer\od-teen81.exe -m
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O12 - Plugin for .ica: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npican.dll
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/iraqisolitaire_scecab_141.156.216.33.2008710520125786841_620129.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://64.156.188.99/iwasher/pptproactauth/internetwasherpro.cab
O16 - DPF: {4C759EC6-96BD-4551-A320-E61A1D68437F} (Inst Class) - http://209.189.52.77/toolbar/gws.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1141104c8fab3c0fcd06/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6FAB0E5B-8AE4-4A98-9C1E-C34305AC195A} (UniVoice Control) - http://www.webcamnow.com/voice/UniVoice.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37693.836875
O16 - DPF: {C0420D20-01CE-11D1-9EEF-0060979AA370} (InMedia Presentations WebPlayer Classes) - http://cyberbama3.com/analplanet/content/bonus/WebPlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} - http://www.spyblast.com/download/SBFull.cab
O16 - DPF: {F08555B1-9CC3-11D2-AA8E-000000000000} - http://www.freshgirls.com/download/freshgirls.cab
Thanks in advance.

Sponsored Link

Ads by Google

Response Number 1

Name: capt
Date: October 17, 2003 at 21:46:16 Pacific

Reply:

Carl, have you used Spybot and Adaware from http://www.wilders,org/ to try and fix your problem? If you have, and you need help, then post this log in the security and virus forum. There are some real "hijackthis" experts there, that can help you.

Response Number 2

Name: Ray
Date: October 18, 2003 at 00:25:48 Pacific

Reply:

And while your at it following the above advice, go to http://www.mvps.org/winhelp2002/cookies.htm and organise your cookies so that you don't get any spyware in the future

Response Number 3

Name: Tom41
Date: October 18, 2003 at 00:48:53 Pacific

Reply:

Carl,
Run HT again and check the following items. Doublecheck so as to be sure not to miss one.
Next, close all browser Windows, and have HT fix all checked.
You NEED to restart your computer when you're done.
R3 - Default URLSearchHook is missing
O3 - Toolbar: GlobalWebSearch.com Bar - {54A85A38-A699-4AEC-8F88-AB542210C93B} - C:\WINNT\System32\gws.dll
O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Program Files\Common Files\OE\toolbar.dll
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKCU\..\Run: [od-teen81] c:\program files\OnlineDialer\od-teen81.exe -m
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://64.156.188.99/iwasher/pptproactauth/internetwasherpro.cab
O16 - DPF: {4C759EC6-96BD-4551-A320-E61A1D68437F} (Inst Class) - http://209.189.52.77/toolbar/gws.cab
O16 - DPF: {C0420D20-01CE-11D1-9EEF-0060979AA370} (InMedia Presentations WebPlayer Classes) - http://cyberbama3.com/analplanet/content/bonus/WebPlayer.cab
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} - http://www.spyblast.com/download/SBFull.cab
O16 - DPF: {F08555B1-9CC3-11D2-AA8E-000000000000} - http://www.freshgirls.com/download/freshgirls.cab
After restarting delete:
C:\Program Files\Orbit folder
c:\program files\OnlineDialer folder

Sponsored Link

Ads by Google

comcast registration www.gw.prepa.com 7D1933CB-86F6-4A98-8628-01BE94C9A575	mobsync.exe Mystery.scr symantec fax starter edition
See More

win2k auto restart proble...

enable cookies how?

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows 2000 Forum Home

Sponsored links

Ads by Google

Results for: infested w/ ads, mysterious pgms

domain trusts in Win 2K server w/AD

Summary

www.computing.net/answers/windows-2000/domain-trusts-in-win-2k-server-wad/63673.html

DNS and AD

Summary

www.computing.net/answers/windows-2000/dns-and-ad/3977.html

Multiple profiles created on Win2K

Summary

www.computing.net/answers/windows-2000/multiple-profiles-created-on-win2k/64430.html

From the Geek Dictionary
Bork - Incapacitating a computer system by installing software or rogue virus that...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Is there a solution

Processor Comparasion

font problem with OE6

AOL on IE8

backup disc

All Awaiting Reply

Tom's News
Man Pleads Guilty Selling Fake Chips to Navy

Threatening Rap on YouTube Lands Two in Jail

New Final Fantasy XIII Trailer is 5 Minutes Long

Guy Quits Job With Error Message

Verizon Takes on Sprint's 3G Network (And Wins)

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE