Hi guys,
I see from a lot of posts on here that a lot of people are having the same problem. so i have run HJT,the results are listed below for you to look at and advise me accordingly.
Thanks for your help
Paul
Logfile of HijackThis v1.97.7
Scan saved at 15:40:53, on 18/04/04
Platform: Windows 95 a (Win9x 4.00.1111)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\PILOT MOUSE\4DMAIN.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCREDIMAIL.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk
MSITStore:C:\WINDOWS\start.chm::/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk
MSITStore:C:\WINDOWS\start.chm::/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clairesnightclub.co.uk/
O1 - Hosts: 66.250.171.136 auto.search.msn.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\PILOTM~1\4DMAIN.EXE -startup
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\TEMP\PIC1324(1)(1)(1)(1)(2)(2)(3).exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncrediMail.exe /c
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [5-1-25-55] c:\windows\5-1-25-55.exe -m
O4 - HKCU\..\Run: [5-11-1-44] c:\windows\5-11-1-44.exe -m
O4 - HKCU\..\Run: [5-11-1-20] c:\windows\5-11-1-20.exe -m
O4 - HKCU\..\Run: [5-1-26-2] c:\windows\5-1-26-2.exe -m
O4 - HKCU\..\Run: [5-1-26-82] c:\windows\5-1-26-82.exe -m
O4 - HKCU\..\Run: [5-1-26-81] c:\windows\5-1-26-81.exe -m
O4 - HKCU\..\Run: [5-1-25-110] c:\windows\5-1-25-110.exe -m
O4 - HKCU\..\Run: [5-11-1-67] c:\windows\5-11-1-67.exe -m
O4 - HKCU\..\Run: [OPQFile] C:\WINDOWS\regedit.exe /s C:\WINDOWS\SYSTEM\radBCC3C.tmp
O4 - HKCU\..\Run: [5-2-170-97] c:\program files\Webdialer\5-2-170-97.exe -m
O4 - HKCU\..\Run: [od-padr32] c:\program files\OnlineDialer\od-padr32.exe -m
O4 - HKCU\..\Run: [SPYNUKER] C:\PROGRAM FILES\TREK BLUE\SPYWARE NUKER\SPYNUKER.exe /STARTUP
O4 - HKCU\..\Run: [sws.exe] c:\program files\HaldexLtd\stnd112\24758553.EXE -remove
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058695uk.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12b5efcdec88249c1000/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = agate.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1
I see from a lot of posts on here that a lot of people are having the same problem. so i have run HJT,the results are listed below for you to look at and advise me accordingly.
Thanks for your help
Paul
Logfile of HijackThis v1.97.7
Scan saved at 15:40:53, on 18/04/04
Platform: Windows 95 a (Win9x 4.00.1111)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\PILOT MOUSE\4DMAIN.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCREDIMAIL.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clairesnightclub.co.uk/
O1 - Hosts: 66.250.171.136 auto.search.msn.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\PILOTM~1\4DMAIN.EXE -startup
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\TEMP\PIC1324(1)(1)(1)(1)(2)(2)(3).exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncrediMail.exe /c
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [5-1-25-55] c:\windows\5-1-25-55.exe -m
O4 - HKCU\..\Run: [5-11-1-44] c:\windows\5-11-1-44.exe -m
O4 - HKCU\..\Run: [5-11-1-20] c:\windows\5-11-1-20.exe -m
O4 - HKCU\..\Run: [5-1-26-2] c:\windows\5-1-26-2.exe -m
O4 - HKCU\..\Run: [5-1-26-82] c:\windows\5-1-26-82.exe -m
O4 - HKCU\..\Run: [5-1-26-81] c:\windows\5-1-26-81.exe -m
O4 - HKCU\..\Run: [5-1-25-110] c:\windows\5-1-25-110.exe -m
O4 - HKCU\..\Run: [5-11-1-67] c:\windows\5-11-1-67.exe -m
O4 - HKCU\..\Run: [OPQFile] C:\WINDOWS\regedit.exe /s C:\WINDOWS\SYSTEM\radBCC3C.tmp
O4 - HKCU\..\Run: [5-2-170-97] c:\program files\Webdialer\5-2-170-97.exe -m
O4 - HKCU\..\Run: [od-padr32] c:\program files\OnlineDialer\od-padr32.exe -m
O4 - HKCU\..\Run: [SPYNUKER] C:\PROGRAM FILES\TREK BLUE\SPYWARE NUKER\SPYNUKER.exe /STARTUP
O4 - HKCU\..\Run: [sws.exe] c:\program files\HaldexLtd\stnd112\24758553.EXE -remove
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058695uk.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12b5efcdec88249c1000/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = agate.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1