|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
|
Thread Tools | Display Modes |
|
#1
March 11th 05, 08:47 PM
|
|||
|
|||
Cannot check Email.
How come, let's say I try to see my MSN Hotmail box. So I try to see what's
in the mail but then right away it goes to another site. It goes to the site that my homepage is set to: about:blank but everytime I open Internet Explorer it goes to another site, not about:blank. This is where my MSN Hotmail box is going. 
|
|
#2
March 11th 05, 09:21 PM
|
|||
|
|||
|
"ReNeX" wrote:
How come, let's say I try to see my MSN Hotmail box. So I try to see what's in the mail but then right away it goes to another site. It goes to the site that my homepage is set to: about:blank but everytime I open Internet Explorer it goes to another site, not about:blank. This is where my MSN Hotmail box is going. It's malware. Look he http://www.securiteam.com/securityre...RP0L0UD5U.html or Google "about:blank". -- Tim Slattery MS MVP(DTS)
|
|
#3
March 12th 05, 01:17 AM
|
|||
|
|||
|
Yes. So I downloaded a malware remover called HiJackThis and I scanned and it
tells me to ask an expert on what to delete so.. can you please tell me what to delete? It scanned this: Logfile of HijackThis v1.99.1 Scan saved at 9:13:31 PM, on 11/03/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\COMPAQ\INTERNET\ISDBDC.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\COMPAQ\CPQINET\CPQINET.EXE C:\WINDOWS\ptsnoop.exe C:\CPQS\BWTOOLS\SCCENTER.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\AIM95\AIM.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\WINAMP\WINAMP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...LC=1009&c=1c00 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.primus.ca/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Primus Canada R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} - C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} - C:\WINDOWS\SYSTEM\HOPK.DLL O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe" O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe" O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.E XE" O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16c67238...p/RdxIE601.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab28578.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} - C:\WINDOWS\SYSTEM\HOPK.DLL O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} - C:\WINDOWS\SYSTEM\HOPK.DLL PS: If you do reply and tell me what to delete.. where do you go to delete and how?
|
|
#4
March 12th 05, 02:41 AM
|
|||
|
|||
|
This is not the appropriate place for logs. Try:
http://boards.cexx.org/index.php http://forums.tomcoyote.com/ http://forum.gladiator-antivirus.com/ http://forums.net-integration.net/ http://forums.subratam.org/ http://www.zerosrealm.com/forums/ http://forums.maddoktor2.com/ -- Jeff Richards MS MVP (Windows - Shell/User) "ReNeX" wrote in message ... Yes. So I downloaded a malware remover called HiJackThis and I scanned and it tells me to ask an expert on what to delete so.. can you please tell me what to delete? It scanned this:
|
|
#5
March 12th 05, 03:12 AM
|
|||
|
|||
|
**Post your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30 for expert analysis, not here.** -- ~Robear Dyer (PA Bear) MS MVP-Windows (Shell, IE/OE) & Security In memory of our dear friend, MVP Alex Nichol (1935-2005) http://www.microsoft.com/windowsxp/e...ts/nichol.mspx ReNeX wrote: Yes. So I downloaded a malware remover called HiJackThis and I scanned and it tells me to ask an expert on what to delete so.. can you please tell me what to delete? It scanned this snip
|
|
#6
March 12th 05, 05:07 AM
|
|||
|
|||
|
Copy the log files and paste them into a new post at ONE of these forums:
http://forum.aumha.org/viewforum.php?f=30 http://forums.spywareinfo.com/, http://castlecops.com/forum67.html In your post, please state your problem clearly and what you've done so far to fix it. The folks there will tell you what to remove. See the "housekeeping" you should complete before you post your log: http://aumha.org/forum/viewtopic.php?t=4075 -- Glen Ventura, MS MVP Shell/User, A+ ~ In memory of our friend, MVP Alex Nichol ~ http://aumha.org/alex.htm http://dts-l.org/goodpost.htm "ReNeX" wrote in message ... Yes. So I downloaded a malware remover called HiJackThis and I scanned and it tells me to ask an expert on what to delete so.. can you please tell me what to delete? It scanned this: Logfile of HijackThis v1.99.1 Scan saved at 9:13:31 PM, on 11/03/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\COMPAQ\INTERNET\ISDBDC.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\COMPAQ\CPQINET\CPQINET.EXE C:\WINDOWS\ptsnoop.exe C:\CPQS\BWTOOLS\SCCENTER.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\AIM95\AIM.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\WINAMP\WINAMP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...LC=1009&c=1c00 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.primus.ca/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Primus Canada R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} - C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} - C:\WINDOWS\SYSTEM\HOPK.DLL O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe" O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe" O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.E XE" O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16c67238...p/RdxIE601.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab28578.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} - C:\WINDOWS\SYSTEM\HOPK.DLL O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} - C:\WINDOWS\SYSTEM\HOPK.DLL PS: If you do reply and tell me what to delete.. where do you go to delete and how?
|
|
#7
March 12th 05, 03:25 PM
|
|||
|
|||
|
Ok I went to one of your following sites, and I registered and I have to
click an activation link in my email inbox but I can't get in it because of the Malware. I'm asking if one of you can post my log in there. "glee" wrote: Copy the log files and paste them into a new post at ONE of these forums: http://forum.aumha.org/viewforum.php?f=30 http://forums.spywareinfo.com/, http://castlecops.com/forum67.html In your post, please state your problem clearly and what you've done so far to fix it. The folks there will tell you what to remove. See the "housekeeping" you should complete before you post your log: http://aumha.org/forum/viewtopic.php?t=4075 -- Glen Ventura, MS MVP Shell/User, A+ ~ In memory of our friend, MVP Alex Nichol ~ http://aumha.org/alex.htm http://dts-l.org/goodpost.htm "ReNeX" wrote in message ... Yes. So I downloaded a malware remover called HiJackThis and I scanned and it tells me to ask an expert on what to delete so.. can you please tell me what to delete? It scanned this: Logfile of HijackThis v1.99.1 Scan saved at 9:13:31 PM, on 11/03/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\COMPAQ\INTERNET\ISDBDC.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\COMPAQ\CPQINET\CPQINET.EXE C:\WINDOWS\ptsnoop.exe C:\CPQS\BWTOOLS\SCCENTER.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\AIM95\AIM.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\WINAMP\WINAMP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...LC=1009&c=1c00 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.primus.ca/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Primus Canada R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} - C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} - C:\WINDOWS\SYSTEM\HOPK.DLL O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe" O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe" O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.E XE" O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16c67238...p/RdxIE601.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab28578.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} - C:\WINDOWS\SYSTEM\HOPK.DLL O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} - C:\WINDOWS\SYSTEM\HOPK.DLL PS: If you do reply and tell me what to delete.. where do you go to delete and how?
|
|
#8
March 12th 05, 09:39 PM
|
|||
|
|||
|
Have you tried fully cleaning with Adaware SE and Spybot Search and Destroy
in Safe Mode? Have you looked for programs that installed without your knowledge in Add/Remove Programs in the Control Panel when starting in Safe Mode? I would do this at a bare minimum before trying to go to the extreme of posting a HiJack This Log to a forum. Also, scan with antivirus program in safe mode as well and make sure that you scan all files and not just program files to get to the root of the problem. Then you may not even need to post your HIJACK This log. Let me know if these don't work so I can give you other suggestions. "ReNeX" wrote in message ... : Ok I went to one of your following sites, and I registered and I have to : click an activation link : in my email inbox but I can't get in it because of the Malware. : I'm asking if one of you can post my log in there. : : "glee" wrote: : : Copy the log files and paste them into a new post at ONE of these forums: : http://forum.aumha.org/viewforum.php?f=30 : http://forums.spywareinfo.com/, : http://castlecops.com/forum67.html : : In your post, please state your problem clearly and what you've done so far to fix : it. : : The folks there will tell you what to remove. : : See the "housekeeping" you should complete before you post your log: : http://aumha.org/forum/viewtopic.php?t=4075 : -- : Glen Ventura, MS MVP Shell/User, A+ : ~ In memory of our friend, MVP Alex Nichol ~ : http://aumha.org/alex.htm : http://dts-l.org/goodpost.htm : : : "ReNeX" wrote in message : ... : Yes. So I downloaded a malware remover called HiJackThis and I scanned and it : tells me to ask an expert on what to delete so.. can you please tell me what : to : delete? It scanned this: : : Logfile of HijackThis v1.99.1 : Scan saved at 9:13:31 PM, on 11/03/05 : Platform: Windows 98 SE (Win9x 4.10.2222A) : MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) : : Running processes: : C:\WINDOWS\SYSTEM\KERNEL32.DLL : C:\WINDOWS\SYSTEM\MSGSRV32.EXE : C:\WINDOWS\SYSTEM\MPREXE.EXE : C:\WINDOWS\SYSTEM\MSTASK.EXE : C:\COMPAQ\INTERNET\ISDBDC.EXE : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE : C:\WINDOWS\SYSTEM\mmtask.tsk : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE : C:\WINDOWS\EXPLORER.EXE : C:\WINDOWS\TASKMON.EXE : C:\WINDOWS\SYSTEM\SYSTRAY.EXE : C:\COMPAQ\CPQINET\CPQINET.EXE : C:\WINDOWS\ptsnoop.exe : C:\CPQS\BWTOOLS\SCCENTER.EXE : C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE : C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE : C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE : C:\PROGRAM FILES\AIM95\AIM.EXE : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE : C:\WINDOWS\SYSTEM\WMIEXE.EXE : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE : C:\WINDOWS\RUNDLL32.EXE : C:\WINDOWS\SYSTEM\DDHELP.EXE : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE : C:\PROGRAM FILES\WINAMP\WINAMP.EXE : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE : C:\WINDOWS\NOTEPAD.EXE : C:\WINDOWS\SYSTEM\PSTORES.EXE : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE : : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = : : http://desktop.presario.net/scripts/...LC=1009&c=1c00 : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = : res://c:\windows\TEMP\se.dll/sp.html : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = : res://c:\windows\TEMP\se.dll/sp.html : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank : R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = : about:blank : R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = : about:blank : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank : R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = : http://www.primus.ca/ : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft : Internet Explorer provided by Primus Canada : R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} - : (no file) : O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - : C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX : O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - : c:\program files\google\googletoolbar1.dll : O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} - : C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL : O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - : C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) : O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - : C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL : O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN : APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL : O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} - : C:\WINDOWS\SYSTEM\HOPK.DLL : O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - : C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL : O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} - : C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing) : O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program : files\google\googletoolbar1.dll : O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM : FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL : O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - : C:\WINDOWS\SYSTEM\MSDXM.OCX : O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun : O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe : O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe : powrprof.dll,LoadCurrentPwrScheme : O4 - HKLM\..\Run: [SystemTray] SysTray.Exe : O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button : Support\cpqeadm.exe : O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button : Support\eaclean.exe : O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe : O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe : O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee : VirusScan\VSEcomR.EXE : O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee : VirusScan\VSSTAT.EXE /SHOWWARNING : O4 - HKLM\..\Run: [CountrySelection] pctptt.exe : O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe : O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe : O4 - HKLM\..\Run: [LoadQM] loadqm.exe : O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE : O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE : VIRUSSCAN\VSHWIN32.EXE : O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE : O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime : O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common : Files\Real\Update_OB\realsched.exe" -osboot : O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE : O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE : O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE : O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN : Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" : O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE : O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe" : O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe" : O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall : O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE : O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe : powrprof.dll,LoadCurrentPwrScheme : O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe : O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe : O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK : ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE : O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe : O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase : "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.E XE" : O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft : Money\System\reminder.exe : O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" : /background : O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl : O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program : Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe : O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe : O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program : Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe : O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe : O8 - Extra context menu item: &Google Search - res://C:\PROGRAM : FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html : O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM : FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html : O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM : FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html : O8 - Extra context menu item: Backward Links - res://C:\PROGRAM : FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html : O8 - Extra context menu item: Translate into English - res://C:\PROGRAM : FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html : O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - : C:\WINDOWS\web\related.htm : O9 - Extra 'Tools' menuitem: Show &Related Links - : {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm : O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra 'Tools' menuitem: AV &Translate - : {06FE5D05-8F11-11d2-804F-00105A133818} - : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - : {06FE5D02-8F11-11d2-804F-00105A133818} - : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - : : http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) : O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - : {06FE5D03-8F11-11d2-804F-00105A133818} - : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra button: AOL Instant Messenger (TM) - : {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE : O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - : C:\WINDOWS\SYSTEM\MSJAVA.DLL : O9 - Extra 'Tools' menuitem: Sun Java Console - : {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL : O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll : O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient : Class) - http://messenger.zone.msn.com/binary...tatsClient.cab : O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) : - http://messenger.zone.msn.com/binary...reShowdown.cab : O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) : - http://messenger.zone.msn.com/binary...r.cab27571.cab : O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - : http://messenger.zone.msn.com/binary...r.cab27571.cab : O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - : http://www.musicnotes.com/download/mnview95.cab : O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - : http://www.sibelius.com/download/sof...iveXPlugin.cab : O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - : http://software-dl.real.com/16c67238...p/RdxIE601.cab : O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - : http://messenger.zone.msn.com/binary...o.cab28578.cab : O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient : Class) - : http://messenger.zone.msn.com/binary...t.cab28578.cab : O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download : Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab : O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - : http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab : O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - : http://www.nick.com/common/groove/gx/GrooveAX27.cab : O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - : http://messenger.msn.com/download/Ms...Downloader.cab : O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - : http://www.ysbweb.com/ist/softwares/...sb_regular.cab : O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - : http://www.xxxtoolbar.com/ist/softwa...06_regular.cab : O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage : Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 : O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - : : http://appdirectory.messenger.msn.co...haringctrl.cab : O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} - : C:\WINDOWS\SYSTEM\HOPK.DLL : O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} - : C:\WINDOWS\SYSTEM\HOPK.DLL : : PS: If you do reply and tell me what to delete.. where do you go to delete : and how? : : :
|
|
#9
March 13th 05, 03:15 AM
|
|||
|
|||
|
You don't have an email account through your Internet provider that uses an email
client app instead of your web browser? You don't have access to another computer (a friend's, the library's) to get at your email to activate? Someone else posting your log won't do you much good, as you still won't be able to interact in the forum to get the continuing instructions you will need. Update your anti-virus app and then run a full-system virus scan. Use CWShredder, the CoolWeb removal tool, available he http://www.majorgeeks.com/download3019.html http://aumha.org/downloads/cwshredder.zip Close all browser windows and open apps, start CWShredder and click the Fix button. Try the instructions here for removing CWS aboutblank: http://www3.ca.com/securityadvisor/p...x?id=453082839 See also: http://cwshredder.net/cwshredder/cwschronicles.html http://cwshredder.net/cwshredder/cws...tml#aboutblank You might also want to try the trial version of Webroot SpySweeper to remove it: http://research.spysweeper.com/threa...cws_aboutblank Install Ad-Aware SE free Personal Edition, start it, click its 'Check for Updates' link in the app to install updates, then use it to scan your system, and remove what it finds. I suggest you restart in Safe Mode and run Ad-Aware from there, then restart into Safe Mode again and run it again. Ad-Awa http://www.lavasoftusa.com/support/download/ http://www.majorgeeks.com/download506.html -- Glen Ventura, MS MVP Shell/User, A+ ~ In memory of our friend, MVP Alex Nichol ~ http://aumha.org/alex.htm http://dts-l.org/goodpost.htm "ReNeX" wrote in message ... Ok I went to one of your following sites, and I registered and I have to click an activation link in my email inbox but I can't get in it because of the Malware. I'm asking if one of you can post my log in there. "glee" wrote: Copy the log files and paste them into a new post at ONE of these forums: http://forum.aumha.org/viewforum.php?f=30 http://forums.spywareinfo.com/, http://castlecops.com/forum67.html In your post, please state your problem clearly and what you've done so far to fix it. The folks there will tell you what to remove. See the "housekeeping" you should complete before you post your log: http://aumha.org/forum/viewtopic.php?t=4075 -- Glen Ventura, MS MVP Shell/User, A+ ~ In memory of our friend, MVP Alex Nichol ~ http://aumha.org/alex.htm http://dts-l.org/goodpost.htm "ReNeX" wrote in message ... Yes. So I downloaded a malware remover called HiJackThis and I scanned and it tells me to ask an expert on what to delete so.. can you please tell me what to delete? It scanned this: Logfile of HijackThis v1.99.1 Scan saved at 9:13:31 PM, on 11/03/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\COMPAQ\INTERNET\ISDBDC.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\COMPAQ\CPQINET\CPQINET.EXE C:\WINDOWS\ptsnoop.exe C:\CPQS\BWTOOLS\SCCENTER.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\AIM95\AIM.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\WINAMP\WINAMP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...LC=1009&c=1c00 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.primus.ca/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Primus Canada R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} - C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} - C:\WINDOWS\SYSTEM\HOPK.DLL O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe" O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe" O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.E XE" O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=1009 (file missing) O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16c67238...p/RdxIE601.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab28578.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} - C:\WINDOWS\SYSTEM\HOPK.DLL O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} - C:\WINDOWS\SYSTEM\HOPK.DLL PS: If you do reply and tell me what to delete.. where do you go to delete and how?
|
|
#10
March 21st 05, 05:39 PM
|
|||
|
|||
|
Glen, I am going to give CWShredder another try. Thanks for your advice.
Have a nice day. : "glee" wrote in message ... : You don't have an email account through your Internet provider that uses an : client app instead of your web browser? You don't have access to another computer : (a friend's, the library's) to get at your email to activate? Someone else posting : your log won't do you much good, as you still won't be able to interact in the forum : to get the continuing instructions you will need. : : Update your anti-virus app and then run a full-system virus scan. : : Use CWShredder, the CoolWeb removal tool, available he : http://www.majorgeeks.com/download3019.html : http://aumha.org/downloads/cwshredder.zip : Close all browser windows and open apps, start CWShredder and click the Fix button. : : Try the instructions here for removing CWS aboutblank: : http://www3.ca.com/securityadvisor/p...x?id=453082839 : : See also: : http://cwshredder.net/cwshredder/cwschronicles.html : http://cwshredder.net/cwshredder/cws...tml#aboutblank : : You might also want to try the trial version of Webroot SpySweeper to remove it: : http://research.spysweeper.com/threa...cws_aboutblank : : Install Ad-Aware SE free Personal Edition, start it, click its 'Check for Updates' : link in the app to install updates, then use it to scan your system, and remove what : it finds. I suggest you restart in Safe Mode and run Ad-Aware from there, then : restart into Safe Mode again and run it again. : Ad-Awa : http://www.lavasoftusa.com/support/download/ : http://www.majorgeeks.com/download506.html : -- : Glen Ventura, MS MVP Shell/User, A+ : ~ In memory of our friend, MVP Alex Nichol ~ : http://aumha.org/alex.htm : http://dts-l.org/goodpost.htm : : : "ReNeX" wrote in message : ... : Ok I went to one of your following sites, and I registered and I have to : click an activation link : in my email inbox but I can't get in it because of the Malware. : I'm asking if one of you can post my log in there. : : "glee" wrote: : : Copy the log files and paste them into a new post at ONE of these forums: : http://forum.aumha.org/viewforum.php?f=30 : http://forums.spywareinfo.com/, : http://castlecops.com/forum67.html : : In your post, please state your problem clearly and what you've done so far to : fix : it. : : The folks there will tell you what to remove. : : See the "housekeeping" you should complete before you post your log: : http://aumha.org/forum/viewtopic.php?t=4075 : -- : Glen Ventura, MS MVP Shell/User, A+ : ~ In memory of our friend, MVP Alex Nichol ~ : http://aumha.org/alex.htm : http://dts-l.org/goodpost.htm : : : "ReNeX" wrote in message : ... : Yes. So I downloaded a malware remover called HiJackThis and I scanned and it : tells me to ask an expert on what to delete so.. can you please tell me what : to : delete? It scanned this: : : Logfile of HijackThis v1.99.1 : Scan saved at 9:13:31 PM, on 11/03/05 : Platform: Windows 98 SE (Win9x 4.10.2222A) : MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) : : Running processes: : C:\WINDOWS\SYSTEM\KERNEL32.DLL : C:\WINDOWS\SYSTEM\MSGSRV32.EXE : C:\WINDOWS\SYSTEM\MPREXE.EXE : C:\WINDOWS\SYSTEM\MSTASK.EXE : C:\COMPAQ\INTERNET\ISDBDC.EXE : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE : C:\WINDOWS\SYSTEM\mmtask.tsk : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE : C:\WINDOWS\EXPLORER.EXE : C:\WINDOWS\TASKMON.EXE : C:\WINDOWS\SYSTEM\SYSTRAY.EXE : C:\COMPAQ\CPQINET\CPQINET.EXE : C:\WINDOWS\ptsnoop.exe : C:\CPQS\BWTOOLS\SCCENTER.EXE : C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE : C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE : C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE : C:\PROGRAM FILES\AIM95\AIM.EXE : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE : C:\WINDOWS\SYSTEM\WMIEXE.EXE : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE : C:\WINDOWS\RUNDLL32.EXE : C:\WINDOWS\SYSTEM\DDHELP.EXE : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE : C:\PROGRAM FILES\WINAMP\WINAMP.EXE : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE : C:\WINDOWS\NOTEPAD.EXE : C:\WINDOWS\SYSTEM\PSTORES.EXE : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE : : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = : : : http://desktop.presario.net/scripts/...LC=1009&c=1c00 : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = : res://c:\windows\TEMP\se.dll/sp.html : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = : res://c:\windows\TEMP\se.dll/sp.html : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank : R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = : about:blank : R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = : about:blank : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank : R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = : http://www.primus.ca/ : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft : Internet Explorer provided by Primus Canada : R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} - : (no file) : O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - : C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX : O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - : c:\program files\google\googletoolbar1.dll : O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} - : C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL : O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - : C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) : O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - : C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL : O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN : APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL : O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} - : C:\WINDOWS\SYSTEM\HOPK.DLL : O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - : C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL : O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} - : C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing) : O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program : files\google\googletoolbar1.dll : O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM : FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL : O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - : C:\WINDOWS\SYSTEM\MSDXM.OCX : O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun : O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe : O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe : powrprof.dll,LoadCurrentPwrScheme : O4 - HKLM\..\Run: [SystemTray] SysTray.Exe : O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button : Support\cpqeadm.exe : O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button : Support\eaclean.exe : O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe : O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe : O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee : VirusScan\VSEcomR.EXE : O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee : VirusScan\VSSTAT.EXE /SHOWWARNING : O4 - HKLM\..\Run: [CountrySelection] pctptt.exe : O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe : O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe : O4 - HKLM\..\Run: [LoadQM] loadqm.exe : O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE : O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE : VIRUSSCAN\VSHWIN32.EXE : O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE : O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime : O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common : Files\Real\Update_OB\realsched.exe" -osboot : O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE : O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE : O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE : O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN : Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" : O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE : O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe" : O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe" : O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall : O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE : O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe : powrprof.dll,LoadCurrentPwrScheme : O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe : O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe : O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK : ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE : O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe : O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase : "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.E XE" : O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft : Money\System\reminder.exe : O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" : /background : O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl : O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program : Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe : O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe : O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program : Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe : O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe : O8 - Extra context menu item: &Google Search - res://C:\PROGRAM : FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html : O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM : FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html : O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM : FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html : O8 - Extra context menu item: Backward Links - res://C:\PROGRAM : FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html : O8 - Extra context menu item: Translate into English - res://C:\PROGRAM : FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html : O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - : C:\WINDOWS\web\related.htm : O9 - Extra 'Tools' menuitem: Show &Related Links - : {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm : O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - : : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra 'Tools' menuitem: AV &Translate - : {06FE5D05-8F11-11d2-804F-00105A133818} - : : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - : : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - : {06FE5D02-8F11-11d2-804F-00105A133818} - : : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - : : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - : {06FE5D03-8F11-11d2-804F-00105A133818} - : : : http://search.presario.net/scripts/r...c=1c00&lc=1009 : (file missing) : O9 - Extra button: AOL Instant Messenger (TM) - : {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE : O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - : C:\WINDOWS\SYSTEM\MSJAVA.DLL : O9 - Extra 'Tools' menuitem: Sun Java Console - : {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL : O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll : O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient : Class) - http://messenger.zone.msn.com/binary...tatsClient.cab : O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) : - http://messenger.zone.msn.com/binary...reShowdown.cab : O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) : - http://messenger.zone.msn.com/binary...r.cab27571.cab : O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - : http://messenger.zone.msn.com/binary...r.cab27571.cab : O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - : http://www.musicnotes.com/download/mnview95.cab : O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - : http://www.sibelius.com/download/sof...iveXPlugin.cab : O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - : http://software-dl.real.com/16c67238...p/RdxIE601.cab : O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - : http://messenger.zone.msn.com/binary...o.cab28578.cab : O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient : Class) - : http://messenger.zone.msn.com/binary...t.cab28578.cab : O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download : Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab : O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - : http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab : O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - : http://www.nick.com/common/groove/gx/GrooveAX27.cab : O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - : http://messenger.msn.com/download/Ms...Downloader.cab : O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - : http://www.ysbweb.com/ist/softwares/...sb_regular.cab : O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - : http://www.xxxtoolbar.com/ist/softwa...06_regular.cab : O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage : Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 : O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - : : : http://appdirectory.messenger.msn.co...haringctrl.cab : O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} - : C:\WINDOWS\SYSTEM\HOPK.DLL : O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} - : C:\WINDOWS\SYSTEM\HOPK.DLL : : PS: If you do reply and tell me what to delete.. where do you go to delete : and how? : : : :
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Internet Sharing & email problems | Brenda Rose | Networking | 8 | January 29th 05 07:03 PM |
| BUSINESS DIRECTORIES FOR TARGET MARKETING | R.KRISHNAN | General | 0 | December 9th 04 06:44 AM |
| Unauthorized senderless email crreated by or logged under AVG 7.0 FREE | FACE | Improving Performance | 6 | November 29th 04 02:44 AM |
| "Pretend Microsoft" email = virus | Echuca | General | 7 | October 19th 04 12:52 PM |
| Links within email open a problematic browser window | BArun | General | 1 | September 10th 04 07:22 PM |
Linear Mode
