[Resolved] HijackThis Log and Virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Baldeagle

Thread Starter
Joined
Sep 10, 2003
Messages
34
Logfile of HijackThis v1.97.0
Scan saved at 14:31:10, on 10/09/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\SEALEDMEDIA\SEALMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\WINLOGON.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SONY\OPENMG JUKEBOX\OMGTRAY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ewebsearch.net/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynwa.tv/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fastmetasearch.com/bar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Internet Explorer 6 - PC Plus
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
F2 - REG:system.ini: Shell=
O1 - Hosts: 66.197.100.83 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_50.dll
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\WINSHOW.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [PAV.EXE] C:\WINDOWS
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [3780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3780.cpl
O4 - HKCU\..\Run: [588] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\588.cpl
O4 - HKCU\..\Run: [560] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\560.cpl
O4 - HKCU\..\Run: [584] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\584.cpl
O4 - HKCU\..\Run: [600] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\600.cpl
O4 - HKCU\..\Run: [572] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\572.cpl
O4 - HKCU\..\Run: [3948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3948.cpl
O4 - HKCU\..\Run: [676] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\676.cpl
O4 - HKCU\..\Run: [680] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\680.cpl
O4 - HKCU\..\Run: [660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\660.cpl
O4 - HKCU\..\Run: [664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\664.cpl
O4 - HKCU\..\Run: [1444] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1444.cpl
O4 - HKCU\..\Run: [700] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\700.cpl
O4 - HKCU\..\Run: [652] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\652.cpl
O4 - HKCU\..\Run: [656] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\656.cpl
O4 - HKCU\..\Run: [704] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\704.cpl
O4 - HKCU\..\Run: [696] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\696.cpl
O4 - HKCU\..\Run: [724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\724.cpl
O4 - HKCU\..\Run: [716] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\716.cpl
O4 - HKCU\..\Run: [732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\732.cpl
O4 - HKCU\..\Run: [728] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\728.cpl
O4 - HKCU\..\Run: [620] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\620.cpl
O4 - HKCU\..\Run: [612] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\612.cpl
O4 - HKCU\..\Run: [748] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\748.cpl
O4 - HKCU\..\Run: [684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\684.cpl
O4 - HKCU\..\Run: [688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\688.cpl
O4 - HKCU\..\Run: [712] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\712.cpl
O4 - HKCU\..\Run: [720] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\720.cpl
O4 - HKCU\..\Run: [736] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\736.cpl
O4 - HKCU\..\Run: [740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\740.cpl
O4 - HKCU\..\Run: [692] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\692.cpl
O4 - HKCU\..\Run: [744] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\744.cpl
O4 - HKCU\..\Run: [752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\752.cpl
O4 - HKCU\..\Run: [756] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\756.cpl
O4 - HKCU\..\Run: [708] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\708.cpl
O4 - HKCU\..\Run: [780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\780.cpl
O4 - HKCU\..\Run: [788] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\788.cpl
O4 - HKCU\..\Run: [784] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\784.cpl
O4 - HKCU\..\Run: [672] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\672.cpl
O4 - HKCU\..\Run: [768] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\768.cpl
O4 - HKCU\..\Run: [764] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\764.cpl
O4 - HKCU\..\Run: [808] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\808.cpl
O4 - HKCU\..\Run: [644] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\644.cpl
O4 - HKCU\..\Run: [648] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\648.cpl
O4 - HKCU\..\Run: [776] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\776.cpl
O4 - HKCU\..\Run: [772] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\772.cpl
O4 - HKCU\..\Run: [760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\760.cpl
O4 - HKCU\..\Run: [792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\792.cpl
O4 - HKCU\..\Run: [800] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\800.cpl
O4 - HKCU\..\Run: [832] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\832.cpl
O4 - HKCU\..\Run: [824] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\824.cpl
O4 - HKCU\..\Run: [796] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\796.cpl
O4 - HKCU\..\Run: [804] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\804.cpl
O4 - HKCU\..\Run: [812] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\812.cpl
O4 - HKCU\..\Run: [828] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\828.cpl
O4 - HKCU\..\Run: [1488] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1488.cpl
O4 - HKCU\..\Run: [1508] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1508.cpl
O4 - HKCU\..\Run: [1512] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1512.cpl
O4 - HKCU\..\Run: [960] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\960.cpl
O4 - HKCU\..\Run: [908] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\908.cpl
O4 - HKCU\..\Run: [992] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\992.cpl
O4 - HKCU\..\Run: [1064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1064.cpl
O4 - HKCU\..\Run: [1060] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1060.cpl
O4 - HKCU\..\Run: [1076] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1076.cpl
O4 - HKCU\..\Run: [820] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\820.cpl
O4 - HKCU\..\Run: [816] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\816.cpl
O4 - HKCU\..\Run: [668] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\668.cpl
O4 - HKCU\..\Run: [852] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852.cpl
O4 - HKCU\..\Run: [932] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\932.cpl
O4 - HKCU\..\Run: [888] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\888.cpl
O4 - HKCU\..\Run: [884] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\884.cpl
O4 - HKCU\..\Run: [916] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\916.cpl
O4 - HKCU\..\Run: [924] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\924.cpl
O4 - HKCU\..\Run: [928] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\928.cpl
O4 - HKCU\..\Run: [624] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\624.cpl
O4 - HKCU\..\Run: [640] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\640.cpl
O4 - HKCU\..\Run: [848] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\848.cpl
O4 - HKCU\..\Run: [856] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\856.cpl
O4 - HKCU\..\Run: [868] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\868.cpl
O4 - HKCU\..\Run: [840] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\840.cpl
O4 - HKCU\..\Run: [880] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\880.cpl
O4 - HKCU\..\Run: [936] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\936.cpl
O4 - HKCU\..\Run: [836] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\836.cpl
O4 - HKCU\..\Run: [552] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\552.cpl
O4 - HKCU\..\Run: [876] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\876.cpl
O4 - HKCU\..\Run: [636] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\636.cpl
O4 - HKCU\..\Run: [1012] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1012.cpl
O4 - HKCU\..\Run: [1016] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1016.cpl
O4 - HKCU\..\Run: [1004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1004.cpl
O4 - HKCU\..\Run: [920] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\920.cpl
O4 - HKCU\..\Run: [948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\948.cpl
O4 - HKCU\..\Run: [1008] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1008.cpl
O4 - HKCU\..\Run: [860] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\860.cpl
O4 - HKCU\..\Run: [864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\864.cpl
O4 - HKCU\..\Run: [892] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\892.cpl
O4 - HKCU\..\Run: [912] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\912.cpl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [616] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\616.cpl
O4 - HKCU\..\Run: [628] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\628.cpl
O4 - HKCU\..\Run: [632] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\632.cpl
O4 - HKCU\..\Run: [1660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1660.cpl
O4 - HKCU\..\Run: [1664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1664.cpl
O4 - HKCU\..\Run: [1724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1724.cpl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [844] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\844.cpl
O4 - HKCU\..\Run: [896] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\896.cpl
O4 - HKCU\..\Run: [1424] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1424.cpl
O4 - HKCU\..\Run: [1420] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1420.cpl
O4 - HKCU\..\Run: [1496] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1496.cpl
O4 - HKCU\..\Run: [1320] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1320.cpl
O4 - HKCU\..\Run: [1328] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1328.cpl
O4 - HKCU\..\Run: [1324] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1324.cpl
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - HKCU\..\Run: [3396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3396.cpl
O4 - HKCU\..\Run: [2064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2064.cpl
O4 - HKCU\..\Run: [3468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3468.cpl
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .sco: C:\PROGRA~1\INTERN~1\PLUGINS\NPSibelius.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcplus.co.uk
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://rosa.blanca.free.fr/AXWebMonProj1.cab
O19 - User stylesheet: c:\windows\system.css

Thanks for any help anyone can give
regards George
 
Joined
Jul 24, 2003
Messages
420
Hi Baldeagle ,

Please do the following ,

Remove NewNet in Add/Remove Programs in the control panel

Download and run CWShredder www.spywareinfo.com/~merijn/files/cwshredder.zip
( Close all browser windows before running )

Shutdown & Reboot your computer

Download and install Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems.

Shutdown & Reboot your computer

To prevent the installation and running of Spyware active X controls download and install SpywareBlaster www.wilderssecurity.net/index.html Open SpywareBlaster , Click select all , Click Protect Against Checked Items! , Click settings , put a check in only show New/Unprotected items on the protection list after an update , Click save settings , Click check for updates , download all available updated definitions , Click select all , Click protect against checked items.

Rescan Hijack This and post a new log for a follow-up review

Good luck
 

Baldeagle

Thread Starter
Joined
Sep 10, 2003
Messages
34
BlueSpruce....My Hero!!
Scrolling is A-OK again.
I have posted my log below, what are the run dll entries? I have been getting little warning windows up when I have gone on line saying rundll.
Anyway, if you could check my log to make sure I am OK I will be eternally grateful.
What a great site this is, and yes , I will be making a donation
thanks once again,
kindest regards George

Logfile of HijackThis v1.97.0
Scan saved at 11:13:00, on 11/09/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SEALEDMEDIA\SEALMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SONY\OPENMG JUKEBOX\OMGTRAY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynwa.tv/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Internet Explorer 6 - PC Plus
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [PAV.EXE] C:\WINDOWS
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [3780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3780.cpl
O4 - HKCU\..\Run: [588] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\588.cpl
O4 - HKCU\..\Run: [560] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\560.cpl
O4 - HKCU\..\Run: [584] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\584.cpl
O4 - HKCU\..\Run: [600] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\600.cpl
O4 - HKCU\..\Run: [572] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\572.cpl
O4 - HKCU\..\Run: [3948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3948.cpl
O4 - HKCU\..\Run: [676] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\676.cpl
O4 - HKCU\..\Run: [680] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\680.cpl
O4 - HKCU\..\Run: [660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\660.cpl
O4 - HKCU\..\Run: [664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\664.cpl
O4 - HKCU\..\Run: [1444] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1444.cpl
O4 - HKCU\..\Run: [700] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\700.cpl
O4 - HKCU\..\Run: [652] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\652.cpl
O4 - HKCU\..\Run: [656] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\656.cpl
O4 - HKCU\..\Run: [704] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\704.cpl
O4 - HKCU\..\Run: [696] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\696.cpl
O4 - HKCU\..\Run: [724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\724.cpl
O4 - HKCU\..\Run: [716] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\716.cpl
O4 - HKCU\..\Run: [732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\732.cpl
O4 - HKCU\..\Run: [728] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\728.cpl
O4 - HKCU\..\Run: [620] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\620.cpl
O4 - HKCU\..\Run: [612] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\612.cpl
O4 - HKCU\..\Run: [748] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\748.cpl
O4 - HKCU\..\Run: [684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\684.cpl
O4 - HKCU\..\Run: [688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\688.cpl
O4 - HKCU\..\Run: [712] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\712.cpl
O4 - HKCU\..\Run: [720] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\720.cpl
O4 - HKCU\..\Run: [736] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\736.cpl
O4 - HKCU\..\Run: [740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\740.cpl
O4 - HKCU\..\Run: [692] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\692.cpl
O4 - HKCU\..\Run: [744] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\744.cpl
O4 - HKCU\..\Run: [752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\752.cpl
O4 - HKCU\..\Run: [756] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\756.cpl
O4 - HKCU\..\Run: [708] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\708.cpl
O4 - HKCU\..\Run: [780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\780.cpl
O4 - HKCU\..\Run: [788] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\788.cpl
O4 - HKCU\..\Run: [784] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\784.cpl
O4 - HKCU\..\Run: [672] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\672.cpl
O4 - HKCU\..\Run: [768] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\768.cpl
O4 - HKCU\..\Run: [764] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\764.cpl
O4 - HKCU\..\Run: [808] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\808.cpl
O4 - HKCU\..\Run: [644] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\644.cpl
O4 - HKCU\..\Run: [648] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\648.cpl
O4 - HKCU\..\Run: [776] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\776.cpl
O4 - HKCU\..\Run: [772] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\772.cpl
O4 - HKCU\..\Run: [760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\760.cpl
O4 - HKCU\..\Run: [792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\792.cpl
O4 - HKCU\..\Run: [800] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\800.cpl
O4 - HKCU\..\Run: [832] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\832.cpl
O4 - HKCU\..\Run: [824] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\824.cpl
O4 - HKCU\..\Run: [796] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\796.cpl
O4 - HKCU\..\Run: [804] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\804.cpl
O4 - HKCU\..\Run: [812] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\812.cpl
O4 - HKCU\..\Run: [828] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\828.cpl
O4 - HKCU\..\Run: [1488] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1488.cpl
O4 - HKCU\..\Run: [1508] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1508.cpl
O4 - HKCU\..\Run: [1512] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1512.cpl
O4 - HKCU\..\Run: [960] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\960.cpl
O4 - HKCU\..\Run: [908] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\908.cpl
O4 - HKCU\..\Run: [992] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\992.cpl
O4 - HKCU\..\Run: [1064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1064.cpl
O4 - HKCU\..\Run: [1060] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1060.cpl
O4 - HKCU\..\Run: [1076] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1076.cpl
O4 - HKCU\..\Run: [820] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\820.cpl
O4 - HKCU\..\Run: [816] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\816.cpl
O4 - HKCU\..\Run: [668] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\668.cpl
O4 - HKCU\..\Run: [852] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852.cpl
O4 - HKCU\..\Run: [932] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\932.cpl
O4 - HKCU\..\Run: [888] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\888.cpl
O4 - HKCU\..\Run: [884] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\884.cpl
O4 - HKCU\..\Run: [916] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\916.cpl
O4 - HKCU\..\Run: [924] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\924.cpl
O4 - HKCU\..\Run: [928] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\928.cpl
O4 - HKCU\..\Run: [624] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\624.cpl
O4 - HKCU\..\Run: [640] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\640.cpl
O4 - HKCU\..\Run: [848] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\848.cpl
O4 - HKCU\..\Run: [856] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\856.cpl
O4 - HKCU\..\Run: [868] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\868.cpl
O4 - HKCU\..\Run: [840] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\840.cpl
O4 - HKCU\..\Run: [880] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\880.cpl
O4 - HKCU\..\Run: [936] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\936.cpl
O4 - HKCU\..\Run: [836] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\836.cpl
O4 - HKCU\..\Run: [552] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\552.cpl
O4 - HKCU\..\Run: [876] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\876.cpl
O4 - HKCU\..\Run: [636] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\636.cpl
O4 - HKCU\..\Run: [1012] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1012.cpl
O4 - HKCU\..\Run: [1016] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1016.cpl
O4 - HKCU\..\Run: [1004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1004.cpl
O4 - HKCU\..\Run: [920] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\920.cpl
O4 - HKCU\..\Run: [948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\948.cpl
O4 - HKCU\..\Run: [1008] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1008.cpl
O4 - HKCU\..\Run: [860] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\860.cpl
O4 - HKCU\..\Run: [864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\864.cpl
O4 - HKCU\..\Run: [892] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\892.cpl
O4 - HKCU\..\Run: [912] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\912.cpl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [616] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\616.cpl
O4 - HKCU\..\Run: [628] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\628.cpl
O4 - HKCU\..\Run: [632] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\632.cpl
O4 - HKCU\..\Run: [1660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1660.cpl
O4 - HKCU\..\Run: [1664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1664.cpl
O4 - HKCU\..\Run: [1724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1724.cpl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [844] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\844.cpl
O4 - HKCU\..\Run: [896] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\896.cpl
O4 - HKCU\..\Run: [1424] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1424.cpl
O4 - HKCU\..\Run: [1420] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1420.cpl
O4 - HKCU\..\Run: [1496] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1496.cpl
O4 - HKCU\..\Run: [1320] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1320.cpl
O4 - HKCU\..\Run: [1328] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1328.cpl
O4 - HKCU\..\Run: [1324] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1324.cpl
O4 - HKCU\..\Run: [3396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3396.cpl
O4 - HKCU\..\Run: [2064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2064.cpl
O4 - HKCU\..\Run: [3468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3468.cpl
O4 - HKCU\..\Run: [1372] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1372.cpl
O4 - HKCU\..\Run: [1376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1376.cpl
O4 - HKCU\..\Run: [1392] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1392.cpl
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O12 - Plugin for .sco: C:\PROGRA~1\INTERN~1\PLUGINS\NPSibelius.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcplus.co.uk
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://rosa.blanca.free.fr/AXWebMonProj1.cab
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked
O4 - HKLM\..\Run: [PAV.EXE] C:\WINDOWS
O4 - HKCU\..\Run: [3780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3780.cpl
O4 - HKCU\..\Run: [588] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\588.cpl
O4 - HKCU\..\Run: [560] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\560.cpl
O4 - HKCU\..\Run: [584] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\584.cpl
O4 - HKCU\..\Run: [600] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\600.cpl
O4 - HKCU\..\Run: [572] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\572.cpl
O4 - HKCU\..\Run: [3948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3948.cpl
O4 - HKCU\..\Run: [676] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\676.cpl
O4 - HKCU\..\Run: [680] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\680.cpl
O4 - HKCU\..\Run: [660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\660.cpl
O4 - HKCU\..\Run: [664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\664.cpl
O4 - HKCU\..\Run: [1444] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1444.cpl
O4 - HKCU\..\Run: [700] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\700.cpl
O4 - HKCU\..\Run: [652] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\652.cpl
O4 - HKCU\..\Run: [656] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\656.cpl
O4 - HKCU\..\Run: [704] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\704.cpl
O4 - HKCU\..\Run: [696] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\696.cpl
O4 - HKCU\..\Run: [724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\724.cpl
O4 - HKCU\..\Run: [716] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\716.cpl
O4 - HKCU\..\Run: [732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\732.cpl
O4 - HKCU\..\Run: [728] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\728.cpl
O4 - HKCU\..\Run: [620] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\620.cpl
O4 - HKCU\..\Run: [612] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\612.cpl
O4 - HKCU\..\Run: [748] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\748.cpl
O4 - HKCU\..\Run: [684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\684.cpl
O4 - HKCU\..\Run: [688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\688.cpl
O4 - HKCU\..\Run: [712] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\712.cpl
O4 - HKCU\..\Run: [720] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\720.cpl
O4 - HKCU\..\Run: [736] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\736.cpl
O4 - HKCU\..\Run: [740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\740.cpl
O4 - HKCU\..\Run: [692] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\692.cpl
O4 - HKCU\..\Run: [744] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\744.cpl
O4 - HKCU\..\Run: [752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\752.cpl
O4 - HKCU\..\Run: [756] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\756.cpl
O4 - HKCU\..\Run: [708] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\708.cpl
O4 - HKCU\..\Run: [780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\780.cpl
O4 - HKCU\..\Run: [788] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\788.cpl
O4 - HKCU\..\Run: [784] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\784.cpl
O4 - HKCU\..\Run: [672] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\672.cpl
O4 - HKCU\..\Run: [768] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\768.cpl
O4 - HKCU\..\Run: [764] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\764.cpl
O4 - HKCU\..\Run: [808] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\808.cpl
O4 - HKCU\..\Run: [644] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\644.cpl
O4 - HKCU\..\Run: [648] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\648.cpl
O4 - HKCU\..\Run: [776] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\776.cpl
O4 - HKCU\..\Run: [772] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\772.cpl
O4 - HKCU\..\Run: [760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\760.cpl
O4 - HKCU\..\Run: [792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\792.cpl
O4 - HKCU\..\Run: [800] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\800.cpl
O4 - HKCU\..\Run: [832] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\832.cpl
O4 - HKCU\..\Run: [824] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\824.cpl
O4 - HKCU\..\Run: [796] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\796.cpl
O4 - HKCU\..\Run: [804] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\804.cpl
O4 - HKCU\..\Run: [812] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\812.cpl
O4 - HKCU\..\Run: [828] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\828.cpl
O4 - HKCU\..\Run: [1488] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1488.cpl
O4 - HKCU\..\Run: [1508] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1508.cpl
O4 - HKCU\..\Run: [1512] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1512.cpl
O4 - HKCU\..\Run: [960] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\960.cpl
O4 - HKCU\..\Run: [908] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\908.cpl
O4 - HKCU\..\Run: [992] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\992.cpl
O4 - HKCU\..\Run: [1064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1064.cpl
O4 - HKCU\..\Run: [1060] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1060.cpl
O4 - HKCU\..\Run: [1076] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1076.cpl
O4 - HKCU\..\Run: [820] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\820.cpl
O4 - HKCU\..\Run: [816] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\816.cpl
O4 - HKCU\..\Run: [668] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\668.cpl
O4 - HKCU\..\Run: [852] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\852.cpl
O4 - HKCU\..\Run: [932] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\932.cpl
O4 - HKCU\..\Run: [888] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\888.cpl
O4 - HKCU\..\Run: [884] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\884.cpl
O4 - HKCU\..\Run: [916] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\916.cpl
O4 - HKCU\..\Run: [924] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\924.cpl
O4 - HKCU\..\Run: [928] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\928.cpl
O4 - HKCU\..\Run: [624] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\624.cpl
O4 - HKCU\..\Run: [640] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\640.cpl
O4 - HKCU\..\Run: [848] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\848.cpl
O4 - HKCU\..\Run: [856] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\856.cpl
O4 - HKCU\..\Run: [868] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\868.cpl
O4 - HKCU\..\Run: [840] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\840.cpl
O4 - HKCU\..\Run: [880] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\880.cpl
O4 - HKCU\..\Run: [936] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\936.cpl
O4 - HKCU\..\Run: [836] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\836.cpl
O4 - HKCU\..\Run: [552] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\552.cpl
O4 - HKCU\..\Run: [876] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\876.cpl
O4 - HKCU\..\Run: [636] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\636.cpl
O4 - HKCU\..\Run: [1012] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1012.cpl
O4 - HKCU\..\Run: [1016] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1016.cpl
O4 - HKCU\..\Run: [1004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1004.cpl
O4 - HKCU\..\Run: [920] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\920.cpl
O4 - HKCU\..\Run: [948] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\948.cpl
O4 - HKCU\..\Run: [1008] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1008.cpl
O4 - HKCU\..\Run: [860] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\860.cpl
O4 - HKCU\..\Run: [864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\864.cpl
O4 - HKCU\..\Run: [892] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\892.cpl
O4 - HKCU\..\Run: [912] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\912.cpl

O4 - HKCU\..\Run: [616] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\616.cpl
O4 - HKCU\..\Run: [628] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\628.cpl
O4 - HKCU\..\Run: [632] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\632.cpl
O4 - HKCU\..\Run: [1660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1660.cpl
O4 - HKCU\..\Run: [1664] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1664.cpl
O4 - HKCU\..\Run: [1724] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1724.cpl

O4 - HKCU\..\Run: [844] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\844.cpl
O4 - HKCU\..\Run: [896] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\896.cpl
O4 - HKCU\..\Run: [1424] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1424.cpl
O4 - HKCU\..\Run: [1420] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1420.cpl
O4 - HKCU\..\Run: [1496] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1496.cpl
O4 - HKCU\..\Run: [1320] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1320.cpl
O4 - HKCU\..\Run: [1328] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1328.cpl
O4 - HKCU\..\Run: [1324] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1324.cpl
O4 - HKCU\..\Run: [3396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3396.cpl
O4 - HKCU\..\Run: [2064] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2064.cpl
O4 - HKCU\..\Run: [3468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\3468.cpl
O4 - HKCU\..\Run: [1372] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1372.cpl
O4 - HKCU\..\Run: [1376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1376.cpl
O4 - HKCU\..\Run: [1392] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\1392.cpl
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
then reboot & delete ever one of those cpl files listed above from c:\windows

then run a virus scan at one of theses sites. the cpl files are the result of a virus, but I can't remember which one
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/

then download AdAware 6 181
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".


Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it.

then
Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.


then post a new hijackthis log to check what is left
 

Baldeagle

Thread Starter
Joined
Sep 10, 2003
Messages
34
Hello Derek
Thanks, I am on with it at the moment. Where do I find the cpl files in c/windows ?
kindest regards George
 

Baldeagle

Thread Starter
Joined
Sep 10, 2003
Messages
34
Hello its me again, I have the polyboot-B virus....any ideas guys ?
regards george
 

Baldeagle

Thread Starter
Joined
Sep 10, 2003
Messages
34
Arrghhh! It gets worse .......I've got worms , or worm at least.....Dandi.A.
looks like I am in for a big donation here......heelllllllp.
regards George
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Baldeagle

I can't see a running antivirus program

safest thing to do is download one I use AVG free edition from www.grisoft.com

download it, run it, let it remove any viruses or trojans etc it finds, then post a new hijackthis log so we can check what is going on.

I will ask a moderator to cut thiis part of the thread into it's own thread so we don't get too confused.
 

Baldeagle

Thread Starter
Joined
Sep 10, 2003
Messages
34
Hello Guys , I have been away for a couple of days....
here is my log. I seem to have sorted the worm..??? I hope.
The boot sector virus is the problem.
I don't really undersatnd about rebooting with the boot disc. I have a Windows start up diac I made a while ago when my windows was first used, and I have made recovery discs as instructed bt the AVG anti-virus software. I put my windows disc in and reboot but it just ends up with the A\: prompt...am I correct up until there ?
regards George
 

Baldeagle

Thread Starter
Joined
Sep 10, 2003
Messages
34
oops forgot to paste log
Logfile of HijackThis v1.97.0
Scan saved at 14:14:40, on 12/09/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SEALEDMEDIA\SEALMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SONY\OPENMG JUKEBOX\OMGTRAY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynwa.tv/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Internet Explorer 6 - PC Plus
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O12 - Plugin for .sco: C:\PROGRA~1\INTERN~1\PLUGINS\NPSibelius.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcplus.co.uk
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://rosa.blanca.free.fr/AXWebMonProj1.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
the log looks clear now, only 1 minor thing that is wildtangent, some call it spyware but many games will not work without it, so it's your choice.

O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/...nike/wtinst.cab

as to the boot sector virus, I'm afraid it's been many years since I've had to deal with one of those so I will put out a call for help to one of the "experts" who will hopefully know what to do.
 
Joined
Dec 9, 2000
Messages
45,855
Which antivirus program did you run that identified the polyboot-B virus?

And has a complete, updated scan been run now which finds no other infection?

In most cases running the fdisk /mbr command as instructed here, will resolve the problem. You will need a Win 98 SE startup disk.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=POLYBOOT-B

Do not run the sys c: command unless you are sure you have a proper Win98 SE startup disk; in fact it might be best not to run it at all unless the problem is not resolved by doing an fdisk /mbr

By the way, you should use a floppy disk which is not likely to have been used when this system was infected. Write protect the disk before booting with it. (use the slider tab at the corner, bottom, left, rear)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top