• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Womby

Can Anyone Help, Ad-Aware Isn't Working

4 posts in this topic

If anyone can help me, I'd appreciate it. I am trying to get a computer going that has been in my son's room for a while. I just took it away from him this week after finding him on sites he shouldn't. I've tried running Ad-Aware, (which has worked in the past) but it keeps stalling when it gets to temp files while scanning the hard drive.

 

I think that it may be spyware, because often when I am running the Internet Explorer browser it gives me problems (like opening yahoo or google pages in a small font, that I never set; or showing me the program properties instead of actually opening the browser when clicking on the shortcut)

 

I've read the FAQ, downloaded and run Hijack-This, what next? Here are my logs from runnin Hijack-this

 

Logfile of HijackThis v1.97.7

Scan saved at 4:25:07 PM, on 7/28/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\SVOHOST.EXE

C:\WINDOWS\SYSTEM\HPZTSB03.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stny.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://drvvv.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Digital Marketplace, Inc.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

F0 - system.ini: Shell=explorer.exe C:\WINDOWS\SYSTEM\svohost.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.yahoo.com/?myHome"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\9b88ae7t.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\9b88ae7t.slt\prefs.js)

O1 - Hosts: 65.120.116.172 mini.aimster.com

O1 - Hosts: 65.120.116.173 lite.aimster.com

O1 - Hosts: 65.120.116.174 www.aimster.com

O1 - Hosts: 216.65.115.190 auto.search.msn.com

O1 - Hosts: 216.65.115.193 members.tripod.com

O1 - Hosts: 216.65.115.193 www.geocities.com

O1 - Hosts: 216.65.115.193 angelfire.com

O1 - Hosts: 216.65.115.193 www.angelfire.com

O1 - Hosts: 216.65.115.193 www.fortunecity.com

O1 - Hosts: 216.65.115.193 smutserver.com

O1 - Hosts: 216.65.115.193 www.smutserver.com

O1 - Hosts: 216.65.115.193 www1.smutserver.com

O1 - Hosts: 216.65.115.193 www2.smutserver.com

O1 - Hosts: 216.65.115.193 www3.smutserver.com

O1 - Hosts: 216.65.115.193 www4.smutserver.com

O1 - Hosts: 216.65.115.193 www5.smutserver.com

O1 - Hosts: 216.65.115.193 www6.smutserver.com

O1 - Hosts: 216.65.115.193 www7.smutserver.com

O1 - Hosts: 216.65.115.193 www8.smutserver.com

O1 - Hosts: 216.65.115.193 www9.smutserver.com

O1 - Hosts: 216.65.115.193 www10.smutserver.com

O1 - Hosts: 216.65.115.193 www11.smutserver.com

O1 - Hosts: 216.65.115.193 www12.smutserver.com

O1 - Hosts: 216.65.115.193 www13.smutserver.com

O1 - Hosts: 216.65.115.193 www14.smutserver.com

O1 - Hosts: 216.65.115.193 www15.smutserver.com

O1 - Hosts: 216.65.115.193 www16.smutserver.com

O1 - Hosts: 216.65.115.193 www17.smutserver.com

O1 - Hosts: 216.65.115.193 www18.smutserver.com

O1 - Hosts: 216.65.115.193 www19.smutserver.com

O1 - Hosts: 216.65.115.193 www20.smutserver.com

O1 - Hosts: 216.65.115.193 tgpfriendly.com

O1 - Hosts: 216.65.115.193 www.tgpfriendly.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\NETSCAPE.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\NETSCAPE.DLL

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe

O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\swchost.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

O4 - Startup: svchost.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7882.8106018519

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1325f7986fdd4cc7ca17/...ip/RdxIE601.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.netscape.com/search/toolbar/netscape.cab

 

 

 

 

 

 

StartupList report, 7/28/04, 4:26:55 PM

StartupList version: 1.52

Started from : C:\WINDOWS\TEMP\HIJACKTHIS.EXE

Detected: Windows 98 Gold (Win9x 4.10.1998)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\SVOHOST.EXE

C:\WINDOWS\SYSTEM\HPZTSB03.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\WINDOWS\Start Menu\Programs\StartUp]

svchost.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe

QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

TV Media = C:\TV MEDIA\TVM.EXE

Mwsvm = C:\WINDOWS\mwsvm.exe

fash = C:\WINDOWS\fash.exe

HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb03.exe

load32 = C:\WINDOWS\SYSTEM\swchost.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

SchedulingAgent = mstask.exe

SymTray - Norton SystemWorks = C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.BAK listing:

(Created 27/7/2004, 12:19:18)

 

[Rename]

NUL=c:\windows\cookies\anyuser@2o7[1].txt

NUL=c:\windows\cookies\anyuser@zedo[1].txt

NUL=c:\windows\cookies\anyuser@data.coremetrics[2].txt

NUL=c:\windows\cookies\anyuser@doubleclick[1].txt

NUL=c:\windows\cookies\anyuser@overture[1].txt

NUL=c:\windows\cookies\anyuser@atdmt[2].txt

NUL=c:\windows\cookies\anyuser@bfast[1].txt

NUL=c:\windows\cookies\anyuser@qksrv[1].txt

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\WINDOWS\DOWNLO~1\NETSCAPE.DLL - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Tune-up Application Start.job

Scan for Viruses.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[{41F17733-B041-4099-A042-B518BB6A408C}]

CODEBASE = http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe

 

[update Class]

InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7882.8106018519

 

[QDiagHUpdateObj Class]

InProcServer32 = C:\WINDOWS\SYSTEM\QDIAGH.OCX

CODEBASE = http://h30043.www3.hp.com/dj/qdiagh.cab?306

 

[RdxIE Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL

CODEBASE = http://207.188.7.150/1325f7986fdd4cc7ca17/...ip/RdxIE601.cab

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[{33564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

 

[Netscape]

InProcServer32 = C:\WINDOWS\DOWNLO~1\NETSCAPE.DLL

CODEBASE = http://downloads.netscape.com/search/toolbar/netscape.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

 

--------------------------------------------------

End of report, 5,334 bytes

Report generated in 0.639 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

 

I'd appreciate any help. Thanks.

Share this post


Link to post
Share on other sites

Hello,

 

You have a CWS infection. Please click here to download the newest version of CWShredder by Merijn Bellekom then run it in Safe Mode. Run the program, hitting 'fix' as opposed to 'scan only.' Reboot and then run the program a second time, again in Safe Mode. When finished, remain in Safe Mode...

 

Go to add/remove programs in your control panel and uninstall TV Media as well as any other "search" program and/or toolbar program that may look dubious. Reboot into normal mode when finished.

 

Your copy of HijackThis is outdated. Please create a new folder on the C: drive and name it C:\HJT or something similar. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select "New" then "Folder" and name it HJT. Next, click here to download the latest version of HijackThis, v1.98. Download it directly into the new folder. Delete your old copy of HijackThis.

 

Reboot into Safe Mode...

 

Also, enable the ”Show Hidden Files and Folders” option:

 

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Applyto confirm.

Click OK.

 

Place a check mark next to the following items then, WITH ALL OTHER WINDOWS CLOSED, select “fix checked.”

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

 

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

 

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

 

F0 - system.ini: Shell=explorer.exe C:\WINDOWS\SYSTEM\svohost.exe

 

Fix all of the 01 entries...

 

O1 - Hosts: 65.120.116.172 mini.aimster.com

O1 - Hosts: 65.120.116.173 lite.aimster.com

O1 - Hosts: 65.120.116.174 www.aimster.com

O1 - Hosts: 216.65.115.190 auto.search.msn.com

O1 - Hosts: 216.65.115.193 members.tripod.com

O1 - Hosts: 216.65.115.193 www.geocities.com

O1 - Hosts: 216.65.115.193 angelfire.com

O1 - Hosts: 216.65.115.193 www.angelfire.com

O1 - Hosts: 216.65.115.193 www.fortunecity.com

O1 - Hosts: 216.65.115.193 smutserver.com

O1 - Hosts: 216.65.115.193 www.smutserver.com

O1 - Hosts: 216.65.115.193 www1.smutserver.com

O1 - Hosts: 216.65.115.193 www2.smutserver.com

O1 - Hosts: 216.65.115.193 www3.smutserver.com

O1 - Hosts: 216.65.115.193 www4.smutserver.com

O1 - Hosts: 216.65.115.193 www5.smutserver.com

O1 - Hosts: 216.65.115.193 www6.smutserver.com

O1 - Hosts: 216.65.115.193 www7.smutserver.com

O1 - Hosts: 216.65.115.193 www8.smutserver.com

O1 - Hosts: 216.65.115.193 www9.smutserver.com

O1 - Hosts: 216.65.115.193 www10.smutserver.com

O1 - Hosts: 216.65.115.193 www11.smutserver.com

O1 - Hosts: 216.65.115.193 www12.smutserver.com

O1 - Hosts: 216.65.115.193 www13.smutserver.com

O1 - Hosts: 216.65.115.193 www14.smutserver.com

O1 - Hosts: 216.65.115.193 www15.smutserver.com

O1 - Hosts: 216.65.115.193 www16.smutserver.com

O1 - Hosts: 216.65.115.193 www17.smutserver.com

O1 - Hosts: 216.65.115.193 www18.smutserver.com

O1 - Hosts: 216.65.115.193 www19.smutserver.com

O1 - Hosts: 216.65.115.193 www20.smutserver.com

O1 - Hosts: 216.65.115.193 tgpfriendly.com

O1 - Hosts: 216.65.115.193 www.tgpfriendly.com

 

O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

 

O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

 

O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

 

O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\swchost.exe

 

O4 - Startup: svchost.exe

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1325f7986fdd4cc7ca17/...ip/RdxIE601.cab

 

Now, search for, and delete if found, (some files may not be present after previous steps) the following:

 

Folder:

 

C:\TV MEDIA\

 

Files:

 

C:\WINDOWS\SYSTEM\svohost.exe

 

C:\WINDOWS\mwsvm.exe

 

C:\WINDOWS\fash.exe

 

C:\WINDOWS\SYSTEM\swchost.exe

 

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example:

 

C:\WINDOWS\Temp\

 

C:\Temp\

 

Also delete your Temporary Internet Files, be sure to also select "delete all offline content."

 

Empty your Recycle Bin.

 

Reboot into normal mode.

 

Proceed to the Windows Update site (see link below) download and install ALL critical updates.

 

Reboot when finished.

 

If you are not running version 1.3 of Spybot S & D, click here to download Spybot Search & Destroy v1.3 - install, update, reboot into Safe Mode, scan and fix all RED items it finds. Reboot into normal mode when done.

 

Perform a customized Ad-aware scan in Safe Mode........

 

If you do not have the latest version of Ad-aware, version 6, Build 6.181, click here to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then boot into Safe Mode, start the program, and click the gear wheel at the top and check these options to configure Ad-aware for a customized scan:

 

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

 

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

 

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

 

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

 

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot into normal mode when finished.

 

Next, perform online virus scans at both Trend Micro and Panda Software, and Trojan scans as well, using the links in my signature below. Allow the programs to delete all that they may find. Reboot after each scan.

 

Scan with HijackThis and post a fresh log into this same thread.

Share this post


Link to post
Share on other sites

I've followed all the instructions.

 

Here are the new logs:

 

Logfile of HijackThis v1.98.1

Scan saved at 9:53:50 PM, on 8/2/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\HPZTSB03.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\HJT\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stny.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Digital Marketplace, Inc.

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.yahoo.com/?myHome"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\9b88ae7t.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\9b88ae7t.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\NETSCAPE.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\NETSCAPE.DLL

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306

O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.netscape.com/search/toolbar/netscape.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

StartupList report, 8/2/04, 9:54:12 PM

StartupList version: 1.52.2

Started from : C:\HJT\HIJACKTHIS.EXE

Detected: Windows 98 Gold (Win9x 4.10.1998)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\HPZTSB03.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\HJT\HIJACKTHIS.EXE

C:\WINDOWS\NOTEPAD.EXE

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\WINDOWS\Start Menu\Programs\StartUp]

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe

QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb03.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

SchedulingAgent = mstask.exe

SymTray - Norton SystemWorks = C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.BAK listing:

(Created 2/8/2004, 15:36:36)

 

[Rename]

NUL=C:\WINDOWS\SYSTEM\WININET.DLL

C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\SET41C3.TMP

NUL=C:\WINDOWS\SYSTEM\SHDOCVW.DLL

C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SET41E2.TMP

NUL=C:\WINDOWS\SYSTEM\SHLWAPI.DLL

C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\SET41F5.TMP

NUL=C:\WINDOWS\SYSTEM\BROWSEUI.DLL

C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\SET4205.TMP

NUL=C:\WINDOWS\SYSTEM\URLMON.DLL

C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SET4220.TMP

NUL=C:\WINDOWS\SYSTEM\MSHTML.DLL

C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SET4230.TMP

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\WINDOWS\DOWNLO~1\NETSCAPE.DLL - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Tune-up Application Start.job

Scan for Viruses.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[{41F17733-B041-4099-A042-B518BB6A408C}]

CODEBASE = http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe

 

[update Class]

InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7882.8106018519

 

[QDiagHUpdateObj Class]

InProcServer32 = C:\WINDOWS\SYSTEM\QDIAGH.OCX

CODEBASE = http://h30043.www3.hp.com/dj/qdiagh.cab?306

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[{33564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

 

[Netscape]

InProcServer32 = C:\WINDOWS\DOWNLO~1\NETSCAPE.DLL

CODEBASE = http://downloads.netscape.com/search/toolbar/netscape.cab

 

[HouseCall Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX

CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

 

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL

CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

 

--------------------------------------------------

End of report, 5,646 bytes

Report generated in 0.537 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

 

Let me know how things look now. Thanks for the help so far.

Share this post


Link to post
Share on other sites

Hello,

 

You're very welcome. I'm glad we could help.

 

Your log is clean now, and here are a few tips to help you keep it that way......

 

Download IE-SPYAD here: https://netfiles.uiuc.edu/ehowes/www/resource.htm

 

It will place over 5000 sites in your restricted zone so that you don't accidentally visit innocent appearing sites that aren't really innocent.

 

Keep an updated and active antivirus and firewall on the system at all times. If you have need of either of these programs, there are links to excellent free ones in my signature below.

 

Scan often with Spybot Search and Destroy and Ad-aware to remove malware before it gains a foothold on your computer. (Links below). Install SpywareBlaster and SpywareGuard to keep baddies from invading your system. (Links below).

 

Make sure you keep your system updated by frequent visits to the Windows Update site (see link below). Always install ALL critical updates.

 

Please take a minute or two to read the short article, "How did I get infected in the first place?" (See link in my signature below). You will find good information on keeping your system clean in the future, as well as links for excellent free anti-spyware tools.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0