1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] HijackThis Log and Virus

Discussion in 'Virus & Other Malware Removal' started by Baldeagle, Sep 10, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Baldeagle

    Baldeagle Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    34
    Logfile of HijackThis v1.97.0
    Scan saved at 14:31:10, on 10/09/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
    C:\PROGRAM FILES\SEALEDMEDIA\SEALMON.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\HPZTSB07.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\WINLOGON.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\SONY\OPENMG JUKEBOX\OMGTRAY.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\WINDOWS\SLLIGHTS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ewebsearch.net/sp.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynwa.tv/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fastmetasearch.com/bar.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Internet Explorer 6 - PC Plus
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/search.php?qq=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
    F2 - REG:system.ini: Shell=
    O1 - Hosts: 66.197.100.83 auto.search.msn.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_50.dll
    O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\WINSHOW.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
    O4 - HKLM\..\Run: [PAV.EXE] C:\WINDOWS
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [3780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3780.cpl
    O4 - HKCU\..\Run: [588] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\588.cpl
    O4 - HKCU\..\Run: [560] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\560.cpl
    O4 - HKCU\..\Run: [584] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\584.cpl
    O4 - HKCU\..\Run: [600] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\600.cpl
    O4 - HKCU\..\Run: [572] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\572.cpl
    O4 - HKCU\..\Run: [3948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3948.cpl
    O4 - HKCU\..\Run: [676] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\676.cpl
    O4 - HKCU\..\Run: [680] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\680.cpl
    O4 - HKCU\..\Run: [660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\660.cpl
    O4 - HKCU\..\Run: [664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\664.cpl
    O4 - HKCU\..\Run: [1444] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1444.cpl
    O4 - HKCU\..\Run: [700] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\700.cpl
    O4 - HKCU\..\Run: [652] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\652.cpl
    O4 - HKCU\..\Run: [656] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\656.cpl
    O4 - HKCU\..\Run: [704] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\704.cpl
    O4 - HKCU\..\Run: [696] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\696.cpl
    O4 - HKCU\..\Run: [724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\724.cpl
    O4 - HKCU\..\Run: [716] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\716.cpl
    O4 - HKCU\..\Run: [732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\732.cpl
    O4 - HKCU\..\Run: [728] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\728.cpl
    O4 - HKCU\..\Run: [620] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\620.cpl
    O4 - HKCU\..\Run: [612] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\612.cpl
    O4 - HKCU\..\Run: [748] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\748.cpl
    O4 - HKCU\..\Run: [684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\684.cpl
    O4 - HKCU\..\Run: [688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\688.cpl
    O4 - HKCU\..\Run: [712] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\712.cpl
    O4 - HKCU\..\Run: [720] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\720.cpl
    O4 - HKCU\..\Run: [736] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\736.cpl
    O4 - HKCU\..\Run: [740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\740.cpl
    O4 - HKCU\..\Run: [692] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\692.cpl
    O4 - HKCU\..\Run: [744] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\744.cpl
    O4 - HKCU\..\Run: [752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\752.cpl
    O4 - HKCU\..\Run: [756] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\756.cpl
    O4 - HKCU\..\Run: [708] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\708.cpl
    O4 - HKCU\..\Run: [780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\780.cpl
    O4 - HKCU\..\Run: [788] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\788.cpl
    O4 - HKCU\..\Run: [784] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\784.cpl
    O4 - HKCU\..\Run: [672] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\672.cpl
    O4 - HKCU\..\Run: [768] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\768.cpl
    O4 - HKCU\..\Run: [764] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\764.cpl
    O4 - HKCU\..\Run: [808] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\808.cpl
    O4 - HKCU\..\Run: [644] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\644.cpl
    O4 - HKCU\..\Run: [648] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\648.cpl
    O4 - HKCU\..\Run: [776] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\776.cpl
    O4 - HKCU\..\Run: [772] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\772.cpl
    O4 - HKCU\..\Run: [760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\760.cpl
    O4 - HKCU\..\Run: [792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\792.cpl
    O4 - HKCU\..\Run: [800] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\800.cpl
    O4 - HKCU\..\Run: [832] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\832.cpl
    O4 - HKCU\..\Run: [824] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\824.cpl
    O4 - HKCU\..\Run: [796] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\796.cpl
    O4 - HKCU\..\Run: [804] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\804.cpl
    O4 - HKCU\..\Run: [812] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\812.cpl
    O4 - HKCU\..\Run: [828] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\828.cpl
    O4 - HKCU\..\Run: [1488] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1488.cpl
    O4 - HKCU\..\Run: [1508] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1508.cpl
    O4 - HKCU\..\Run: [1512] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1512.cpl
    O4 - HKCU\..\Run: [960] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\960.cpl
    O4 - HKCU\..\Run: [908] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\908.cpl
    O4 - HKCU\..\Run: [992] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\992.cpl
    O4 - HKCU\..\Run: [1064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1064.cpl
    O4 - HKCU\..\Run: [1060] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1060.cpl
    O4 - HKCU\..\Run: [1076] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1076.cpl
    O4 - HKCU\..\Run: [820] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\820.cpl
    O4 - HKCU\..\Run: [816] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\816.cpl
    O4 - HKCU\..\Run: [668] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\668.cpl
    O4 - HKCU\..\Run: [852] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852.cpl
    O4 - HKCU\..\Run: [932] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\932.cpl
    O4 - HKCU\..\Run: [888] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\888.cpl
    O4 - HKCU\..\Run: [884] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\884.cpl
    O4 - HKCU\..\Run: [916] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\916.cpl
    O4 - HKCU\..\Run: [924] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\924.cpl
    O4 - HKCU\..\Run: [928] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\928.cpl
    O4 - HKCU\..\Run: [624] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\624.cpl
    O4 - HKCU\..\Run: [640] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\640.cpl
    O4 - HKCU\..\Run: [848] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\848.cpl
    O4 - HKCU\..\Run: [856] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\856.cpl
    O4 - HKCU\..\Run: [868] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\868.cpl
    O4 - HKCU\..\Run: [840] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\840.cpl
    O4 - HKCU\..\Run: [880] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\880.cpl
    O4 - HKCU\..\Run: [936] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\936.cpl
    O4 - HKCU\..\Run: [836] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\836.cpl
    O4 - HKCU\..\Run: [552] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\552.cpl
    O4 - HKCU\..\Run: [876] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\876.cpl
    O4 - HKCU\..\Run: [636] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\636.cpl
    O4 - HKCU\..\Run: [1012] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1012.cpl
    O4 - HKCU\..\Run: [1016] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1016.cpl
    O4 - HKCU\..\Run: [1004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1004.cpl
    O4 - HKCU\..\Run: [920] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\920.cpl
    O4 - HKCU\..\Run: [948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\948.cpl
    O4 - HKCU\..\Run: [1008] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1008.cpl
    O4 - HKCU\..\Run: [860] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\860.cpl
    O4 - HKCU\..\Run: [864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\864.cpl
    O4 - HKCU\..\Run: [892] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\892.cpl
    O4 - HKCU\..\Run: [912] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\912.cpl
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
    O4 - HKCU\..\Run: [616] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\616.cpl
    O4 - HKCU\..\Run: [628] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\628.cpl
    O4 - HKCU\..\Run: [632] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\632.cpl
    O4 - HKCU\..\Run: [1660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1660.cpl
    O4 - HKCU\..\Run: [1664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1664.cpl
    O4 - HKCU\..\Run: [1724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1724.cpl
    O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [844] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\844.cpl
    O4 - HKCU\..\Run: [896] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\896.cpl
    O4 - HKCU\..\Run: [1424] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1424.cpl
    O4 - HKCU\..\Run: [1420] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1420.cpl
    O4 - HKCU\..\Run: [1496] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1496.cpl
    O4 - HKCU\..\Run: [1320] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1320.cpl
    O4 - HKCU\..\Run: [1328] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1328.cpl
    O4 - HKCU\..\Run: [1324] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1324.cpl
    O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
    O4 - HKCU\..\Run: [3396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3396.cpl
    O4 - HKCU\..\Run: [2064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2064.cpl
    O4 - HKCU\..\Run: [3468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3468.cpl
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .sco: C:\PROGRA~1\INTERN~1\PLUGINS\NPSibelius.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcplus.co.uk
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://rosa.blanca.free.fr/AXWebMonProj1.cab
    O19 - User stylesheet: c:\windows\system.css

    Thanks for any help anyone can give
    regards George
     
  2. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Hi Baldeagle ,

    Please do the following ,

    Remove NewNet in Add/Remove Programs in the control panel

    Download and run CWShredder www.spywareinfo.com/~merijn/files/cwshredder.zip
    ( Close all browser windows before running )

    Shutdown & Reboot your computer

    Download and install Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems.

    Shutdown & Reboot your computer

    To prevent the installation and running of Spyware active X controls download and install SpywareBlaster www.wilderssecurity.net/index.html Open SpywareBlaster , Click select all , Click Protect Against Checked Items! , Click settings , put a check in only show New/Unprotected items on the protection list after an update , Click save settings , Click check for updates , download all available updated definitions , Click select all , Click protect against checked items.

    Rescan Hijack This and post a new log for a follow-up review

    Good luck
     
  3. Baldeagle

    Baldeagle Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    34
    BlueSpruce....My Hero!!
    Scrolling is A-OK again.
    I have posted my log below, what are the run dll entries? I have been getting little warning windows up when I have gone on line saying rundll.
    Anyway, if you could check my log to make sure I am OK I will be eternally grateful.
    What a great site this is, and yes , I will be making a donation
    thanks once again,
    kindest regards George

    Logfile of HijackThis v1.97.0
    Scan saved at 11:13:00, on 11/09/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\SEALEDMEDIA\SEALMON.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\HPZTSB07.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\SONY\OPENMG JUKEBOX\OMGTRAY.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SLLIGHTS.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynwa.tv/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Internet Explorer 6 - PC Plus
    F2 - REG:system.ini: Shell=
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
    O4 - HKLM\..\Run: [PAV.EXE] C:\WINDOWS
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [3780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3780.cpl
    O4 - HKCU\..\Run: [588] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\588.cpl
    O4 - HKCU\..\Run: [560] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\560.cpl
    O4 - HKCU\..\Run: [584] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\584.cpl
    O4 - HKCU\..\Run: [600] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\600.cpl
    O4 - HKCU\..\Run: [572] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\572.cpl
    O4 - HKCU\..\Run: [3948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3948.cpl
    O4 - HKCU\..\Run: [676] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\676.cpl
    O4 - HKCU\..\Run: [680] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\680.cpl
    O4 - HKCU\..\Run: [660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\660.cpl
    O4 - HKCU\..\Run: [664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\664.cpl
    O4 - HKCU\..\Run: [1444] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1444.cpl
    O4 - HKCU\..\Run: [700] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\700.cpl
    O4 - HKCU\..\Run: [652] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\652.cpl
    O4 - HKCU\..\Run: [656] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\656.cpl
    O4 - HKCU\..\Run: [704] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\704.cpl
    O4 - HKCU\..\Run: [696] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\696.cpl
    O4 - HKCU\..\Run: [724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\724.cpl
    O4 - HKCU\..\Run: [716] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\716.cpl
    O4 - HKCU\..\Run: [732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\732.cpl
    O4 - HKCU\..\Run: [728] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\728.cpl
    O4 - HKCU\..\Run: [620] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\620.cpl
    O4 - HKCU\..\Run: [612] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\612.cpl
    O4 - HKCU\..\Run: [748] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\748.cpl
    O4 - HKCU\..\Run: [684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\684.cpl
    O4 - HKCU\..\Run: [688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\688.cpl
    O4 - HKCU\..\Run: [712] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\712.cpl
    O4 - HKCU\..\Run: [720] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\720.cpl
    O4 - HKCU\..\Run: [736] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\736.cpl
    O4 - HKCU\..\Run: [740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\740.cpl
    O4 - HKCU\..\Run: [692] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\692.cpl
    O4 - HKCU\..\Run: [744] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\744.cpl
    O4 - HKCU\..\Run: [752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\752.cpl
    O4 - HKCU\..\Run: [756] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\756.cpl
    O4 - HKCU\..\Run: [708] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\708.cpl
    O4 - HKCU\..\Run: [780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\780.cpl
    O4 - HKCU\..\Run: [788] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\788.cpl
    O4 - HKCU\..\Run: [784] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\784.cpl
    O4 - HKCU\..\Run: [672] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\672.cpl
    O4 - HKCU\..\Run: [768] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\768.cpl
    O4 - HKCU\..\Run: [764] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\764.cpl
    O4 - HKCU\..\Run: [808] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\808.cpl
    O4 - HKCU\..\Run: [644] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\644.cpl
    O4 - HKCU\..\Run: [648] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\648.cpl
    O4 - HKCU\..\Run: [776] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\776.cpl
    O4 - HKCU\..\Run: [772] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\772.cpl
    O4 - HKCU\..\Run: [760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\760.cpl
    O4 - HKCU\..\Run: [792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\792.cpl
    O4 - HKCU\..\Run: [800] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\800.cpl
    O4 - HKCU\..\Run: [832] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\832.cpl
    O4 - HKCU\..\Run: [824] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\824.cpl
    O4 - HKCU\..\Run: [796] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\796.cpl
    O4 - HKCU\..\Run: [804] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\804.cpl
    O4 - HKCU\..\Run: [812] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\812.cpl
    O4 - HKCU\..\Run: [828] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\828.cpl
    O4 - HKCU\..\Run: [1488] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1488.cpl
    O4 - HKCU\..\Run: [1508] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1508.cpl
    O4 - HKCU\..\Run: [1512] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1512.cpl
    O4 - HKCU\..\Run: [960] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\960.cpl
    O4 - HKCU\..\Run: [908] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\908.cpl
    O4 - HKCU\..\Run: [992] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\992.cpl
    O4 - HKCU\..\Run: [1064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1064.cpl
    O4 - HKCU\..\Run: [1060] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1060.cpl
    O4 - HKCU\..\Run: [1076] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1076.cpl
    O4 - HKCU\..\Run: [820] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\820.cpl
    O4 - HKCU\..\Run: [816] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\816.cpl
    O4 - HKCU\..\Run: [668] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\668.cpl
    O4 - HKCU\..\Run: [852] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852.cpl
    O4 - HKCU\..\Run: [932] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\932.cpl
    O4 - HKCU\..\Run: [888] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\888.cpl
    O4 - HKCU\..\Run: [884] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\884.cpl
    O4 - HKCU\..\Run: [916] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\916.cpl
    O4 - HKCU\..\Run: [924] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\924.cpl
    O4 - HKCU\..\Run: [928] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\928.cpl
    O4 - HKCU\..\Run: [624] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\624.cpl
    O4 - HKCU\..\Run: [640] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\640.cpl
    O4 - HKCU\..\Run: [848] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\848.cpl
    O4 - HKCU\..\Run: [856] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\856.cpl
    O4 - HKCU\..\Run: [868] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\868.cpl
    O4 - HKCU\..\Run: [840] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\840.cpl
    O4 - HKCU\..\Run: [880] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\880.cpl
    O4 - HKCU\..\Run: [936] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\936.cpl
    O4 - HKCU\..\Run: [836] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\836.cpl
    O4 - HKCU\..\Run: [552] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\552.cpl
    O4 - HKCU\..\Run: [876] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\876.cpl
    O4 - HKCU\..\Run: [636] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\636.cpl
    O4 - HKCU\..\Run: [1012] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1012.cpl
    O4 - HKCU\..\Run: [1016] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1016.cpl
    O4 - HKCU\..\Run: [1004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1004.cpl
    O4 - HKCU\..\Run: [920] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\920.cpl
    O4 - HKCU\..\Run: [948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\948.cpl
    O4 - HKCU\..\Run: [1008] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1008.cpl
    O4 - HKCU\..\Run: [860] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\860.cpl
    O4 - HKCU\..\Run: [864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\864.cpl
    O4 - HKCU\..\Run: [892] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\892.cpl
    O4 - HKCU\..\Run: [912] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\912.cpl
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
    O4 - HKCU\..\Run: [616] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\616.cpl
    O4 - HKCU\..\Run: [628] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\628.cpl
    O4 - HKCU\..\Run: [632] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\632.cpl
    O4 - HKCU\..\Run: [1660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1660.cpl
    O4 - HKCU\..\Run: [1664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1664.cpl
    O4 - HKCU\..\Run: [1724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1724.cpl
    O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [844] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\844.cpl
    O4 - HKCU\..\Run: [896] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\896.cpl
    O4 - HKCU\..\Run: [1424] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1424.cpl
    O4 - HKCU\..\Run: [1420] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1420.cpl
    O4 - HKCU\..\Run: [1496] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1496.cpl
    O4 - HKCU\..\Run: [1320] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1320.cpl
    O4 - HKCU\..\Run: [1328] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1328.cpl
    O4 - HKCU\..\Run: [1324] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1324.cpl
    O4 - HKCU\..\Run: [3396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3396.cpl
    O4 - HKCU\..\Run: [2064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2064.cpl
    O4 - HKCU\..\Run: [3468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3468.cpl
    O4 - HKCU\..\Run: [1372] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1372.cpl
    O4 - HKCU\..\Run: [1376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1376.cpl
    O4 - HKCU\..\Run: [1392] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1392.cpl
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O12 - Plugin for .sco: C:\PROGRA~1\INTERN~1\PLUGINS\NPSibelius.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcplus.co.uk
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://rosa.blanca.free.fr/AXWebMonProj1.cab
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked
    O4 - HKLM\..\Run: [PAV.EXE] C:\WINDOWS
    O4 - HKCU\..\Run: [3780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3780.cpl
    O4 - HKCU\..\Run: [588] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\588.cpl
    O4 - HKCU\..\Run: [560] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\560.cpl
    O4 - HKCU\..\Run: [584] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\584.cpl
    O4 - HKCU\..\Run: [600] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\600.cpl
    O4 - HKCU\..\Run: [572] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\572.cpl
    O4 - HKCU\..\Run: [3948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3948.cpl
    O4 - HKCU\..\Run: [676] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\676.cpl
    O4 - HKCU\..\Run: [680] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\680.cpl
    O4 - HKCU\..\Run: [660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\660.cpl
    O4 - HKCU\..\Run: [664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\664.cpl
    O4 - HKCU\..\Run: [1444] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1444.cpl
    O4 - HKCU\..\Run: [700] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\700.cpl
    O4 - HKCU\..\Run: [652] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\652.cpl
    O4 - HKCU\..\Run: [656] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\656.cpl
    O4 - HKCU\..\Run: [704] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\704.cpl
    O4 - HKCU\..\Run: [696] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\696.cpl
    O4 - HKCU\..\Run: [724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\724.cpl
    O4 - HKCU\..\Run: [716] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\716.cpl
    O4 - HKCU\..\Run: [732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\732.cpl
    O4 - HKCU\..\Run: [728] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\728.cpl
    O4 - HKCU\..\Run: [620] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\620.cpl
    O4 - HKCU\..\Run: [612] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\612.cpl
    O4 - HKCU\..\Run: [748] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\748.cpl
    O4 - HKCU\..\Run: [684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\684.cpl
    O4 - HKCU\..\Run: [688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\688.cpl
    O4 - HKCU\..\Run: [712] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\712.cpl
    O4 - HKCU\..\Run: [720] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\720.cpl
    O4 - HKCU\..\Run: [736] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\736.cpl
    O4 - HKCU\..\Run: [740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\740.cpl
    O4 - HKCU\..\Run: [692] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\692.cpl
    O4 - HKCU\..\Run: [744] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\744.cpl
    O4 - HKCU\..\Run: [752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\752.cpl
    O4 - HKCU\..\Run: [756] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\756.cpl
    O4 - HKCU\..\Run: [708] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\708.cpl
    O4 - HKCU\..\Run: [780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\780.cpl
    O4 - HKCU\..\Run: [788] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\788.cpl
    O4 - HKCU\..\Run: [784] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\784.cpl
    O4 - HKCU\..\Run: [672] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\672.cpl
    O4 - HKCU\..\Run: [768] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\768.cpl
    O4 - HKCU\..\Run: [764] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\764.cpl
    O4 - HKCU\..\Run: [808] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\808.cpl
    O4 - HKCU\..\Run: [644] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\644.cpl
    O4 - HKCU\..\Run: [648] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\648.cpl
    O4 - HKCU\..\Run: [776] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\776.cpl
    O4 - HKCU\..\Run: [772] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\772.cpl
    O4 - HKCU\..\Run: [760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\760.cpl
    O4 - HKCU\..\Run: [792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\792.cpl
    O4 - HKCU\..\Run: [800] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\800.cpl
    O4 - HKCU\..\Run: [832] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\832.cpl
    O4 - HKCU\..\Run: [824] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\824.cpl
    O4 - HKCU\..\Run: [796] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\796.cpl
    O4 - HKCU\..\Run: [804] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\804.cpl
    O4 - HKCU\..\Run: [812] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\812.cpl
    O4 - HKCU\..\Run: [828] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\828.cpl
    O4 - HKCU\..\Run: [1488] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1488.cpl
    O4 - HKCU\..\Run: [1508] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1508.cpl
    O4 - HKCU\..\Run: [1512] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1512.cpl
    O4 - HKCU\..\Run: [960] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\960.cpl
    O4 - HKCU\..\Run: [908] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\908.cpl
    O4 - HKCU\..\Run: [992] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\992.cpl
    O4 - HKCU\..\Run: [1064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1064.cpl
    O4 - HKCU\..\Run: [1060] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1060.cpl
    O4 - HKCU\..\Run: [1076] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1076.cpl
    O4 - HKCU\..\Run: [820] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\820.cpl
    O4 - HKCU\..\Run: [816] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\816.cpl
    O4 - HKCU\..\Run: [668] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\668.cpl
    O4 - HKCU\..\Run: [852] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852.cpl
    O4 - HKCU\..\Run: [932] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\932.cpl
    O4 - HKCU\..\Run: [888] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\888.cpl
    O4 - HKCU\..\Run: [884] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\884.cpl
    O4 - HKCU\..\Run: [916] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\916.cpl
    O4 - HKCU\..\Run: [924] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\924.cpl
    O4 - HKCU\..\Run: [928] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\928.cpl
    O4 - HKCU\..\Run: [624] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\624.cpl
    O4 - HKCU\..\Run: [640] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\640.cpl
    O4 - HKCU\..\Run: [848] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\848.cpl
    O4 - HKCU\..\Run: [856] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\856.cpl
    O4 - HKCU\..\Run: [868] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\868.cpl
    O4 - HKCU\..\Run: [840] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\840.cpl
    O4 - HKCU\..\Run: [880] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\880.cpl
    O4 - HKCU\..\Run: [936] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\936.cpl
    O4 - HKCU\..\Run: [836] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\836.cpl
    O4 - HKCU\..\Run: [552] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\552.cpl
    O4 - HKCU\..\Run: [876] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\876.cpl
    O4 - HKCU\..\Run: [636] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\636.cpl
    O4 - HKCU\..\Run: [1012] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1012.cpl
    O4 - HKCU\..\Run: [1016] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1016.cpl
    O4 - HKCU\..\Run: [1004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1004.cpl
    O4 - HKCU\..\Run: [920] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\920.cpl
    O4 - HKCU\..\Run: [948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\948.cpl
    O4 - HKCU\..\Run: [1008] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1008.cpl
    O4 - HKCU\..\Run: [860] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\860.cpl
    O4 - HKCU\..\Run: [864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\864.cpl
    O4 - HKCU\..\Run: [892] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\892.cpl
    O4 - HKCU\..\Run: [912] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\912.cpl

    O4 - HKCU\..\Run: [616] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\616.cpl
    O4 - HKCU\..\Run: [628] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\628.cpl
    O4 - HKCU\..\Run: [632] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\632.cpl
    O4 - HKCU\..\Run: [1660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1660.cpl
    O4 - HKCU\..\Run: [1664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1664.cpl
    O4 - HKCU\..\Run: [1724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1724.cpl

    O4 - HKCU\..\Run: [844] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\844.cpl
    O4 - HKCU\..\Run: [896] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\896.cpl
    O4 - HKCU\..\Run: [1424] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1424.cpl
    O4 - HKCU\..\Run: [1420] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1420.cpl
    O4 - HKCU\..\Run: [1496] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1496.cpl
    O4 - HKCU\..\Run: [1320] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1320.cpl
    O4 - HKCU\..\Run: [1328] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1328.cpl
    O4 - HKCU\..\Run: [1324] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1324.cpl
    O4 - HKCU\..\Run: [3396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3396.cpl
    O4 - HKCU\..\Run: [2064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2064.cpl
    O4 - HKCU\..\Run: [3468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3468.cpl
    O4 - HKCU\..\Run: [1372] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1372.cpl
    O4 - HKCU\..\Run: [1376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1376.cpl
    O4 - HKCU\..\Run: [1392] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1392.cpl
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    then reboot & delete ever one of those cpl files listed above from c:\windows

    then run a virus scan at one of theses sites. the cpl files are the result of a virus, but I can't remember which one
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/

    then download AdAware 6 181
    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".


    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it.

    then
    Download Spybot - Search & Destroy from http://security.kolla.de

    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.


    then post a new hijackthis log to check what is left
     
  5. Baldeagle

    Baldeagle Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    34
    Hello Derek
    Thanks, I am on with it at the moment. Where do I find the cpl files in c/windows ?
    kindest regards George
     
  6. Baldeagle

    Baldeagle Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    34
    Hello its me again, I have the polyboot-B virus....any ideas guys ?
    regards george
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
  8. Baldeagle

    Baldeagle Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    34
    Arrghhh! It gets worse .......I've got worms , or worm at least.....Dandi.A.
    looks like I am in for a big donation here......heelllllllp.
    regards George
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Baldeagle

    I can't see a running antivirus program

    safest thing to do is download one I use AVG free edition from www.grisoft.com

    download it, run it, let it remove any viruses or trojans etc it finds, then post a new hijackthis log so we can check what is going on.

    I will ask a moderator to cut thiis part of the thread into it's own thread so we don't get too confused.
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,205
    Split the thread, and popped you into Security

    eddie
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  12. Baldeagle

    Baldeagle Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    34
    Hello Guys , I have been away for a couple of days....
    here is my log. I seem to have sorted the worm..??? I hope.
    The boot sector virus is the problem.
    I don't really undersatnd about rebooting with the boot disc. I have a Windows start up diac I made a while ago when my windows was first used, and I have made recovery discs as instructed bt the AVG anti-virus software. I put my windows disc in and reboot but it just ends up with the A\: prompt...am I correct up until there ?
    regards George
     
  13. Baldeagle

    Baldeagle Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    34
    oops forgot to paste log
    Logfile of HijackThis v1.97.0
    Scan saved at 14:14:40, on 12/09/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\SEALEDMEDIA\SEALMON.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\HPZTSB07.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\SONY\OPENMG JUKEBOX\OMGTRAY.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynwa.tv/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Internet Explorer 6 - PC Plus
    F2 - REG:system.ini: Shell=
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
    O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O12 - Plugin for .sco: C:\PROGRA~1\INTERN~1\PLUGINS\NPSibelius.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcplus.co.uk
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://rosa.blanca.free.fr/AXWebMonProj1.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    the log looks clear now, only 1 minor thing that is wildtangent, some call it spyware but many games will not work without it, so it's your choice.

    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/...nike/wtinst.cab

    as to the boot sector virus, I'm afraid it's been many years since I've had to deal with one of those so I will put out a call for help to one of the "experts" who will hopefully know what to do.
     
  15. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Which antivirus program did you run that identified the polyboot-B virus?

    And has a complete, updated scan been run now which finds no other infection?

    In most cases running the fdisk /mbr command as instructed here, will resolve the problem. You will need a Win 98 SE startup disk.

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=POLYBOOT-B

    Do not run the sys c: command unless you are sure you have a proper Win98 SE startup disk; in fact it might be best not to run it at all unless the problem is not resolved by doing an fdisk /mbr

    By the way, you should use a floppy disk which is not likely to have been used when this system was infected. Write protect the disk before booting with it. (use the slider tab at the corner, bottom, left, rear)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164065

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice