• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
joeptc

about:blank search for...

28 posts in this topic

my homepage keeps coming up about:blank, it has links for various sites and the like. I keep trying to reset my homepage but the son of a gun keeps coming back. What do I do? I am desparate. CWShredder does nothing...

 

ps.

 

i do not know how to post the log if that is what is necessary...

Share this post


Link to post
Share on other sites

ok, i downloaded reglite and found the

 

applnit_dlls

 

 

size: 12

Value: APITRAP.DLL

 

 

what now?

Share this post


Link to post
Share on other sites

crap...i followed a previous post and messed with it...i went so far as to do the find-all and deleted the junkxxx stuff...am I screwed?

Share this post


Link to post
Share on other sites

this is the one I followed...couldn't get the whole system32/COMKNNK file though...so I skipped to the last step and did that stuff

Share this post


Link to post
Share on other sites

log

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 1:29:18 PM, on 5/28/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\APPLICATION DATA\DOTN.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE

C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\UI23K98G\HIJACKTHIS[1].EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Access provided by Simply Connect

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: (no name) - {EE96BE81-B092-11D8-B638-00C0ADA3EAB9} - C:\WINDOWS\SYSTEM\CLN.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE

O4 - HKLM\..\RunServices: [symTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [Enae] C:\WINDOWS\Application Data\dotn.exe

O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmtrans.html

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Dell Home (HKCU)

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ron/install.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://65.200.22.244/plugins/en_US/DjVuControl.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/CDTInc/bridge-c17.cab

O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab

O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab

O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

O19 - User stylesheet: (file missing)

Share this post


Link to post
Share on other sites

Hooktype: Get message

hooked by: msh_zwf.dll

application: POINT32.exe

dllpath: C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\msh_zwf.dll

app path: C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.exe

 

 

then there is another

 

 

-Hook type: CBT

-Hooked by: qdcspi.dll

-Application: CSINJECT.exe

-Dll path: C:\WINDOWS\SYSTEM\qdcspi.dll

-Application path: C:\PROGRAMFILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.exe

Share this post


Link to post
Share on other sites

StartDreck (build 2.1.5 public BETA) - 2004-05-28 @ 13:50:10

Platform: Windows 98 SE (Win 4.10.2222 A)

 

»Registry

»Run Keys

»Current User

»Run

*Enae=C:\WINDOWS\Application Data\dotn.exe

»RunOnce

»Default User

»Run

*Enae=C:\WINDOWS\Application Data\dotn.exe

»RunOnce

»Local Machine

»Run

*ScanRegistry=c:\windows\scanregw.exe /autorun

*SystemTray=SysTray.Exe

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*POINTER=C:\Program Files\Microsoft Hardware\Mouse\point32.exe

*ccApp="c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

*ccRegVfy="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

*NPROTECT=c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

*systray=C:\WINDOWS\SYSTEM\A.EXE

*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

*Installed=1

*NoChange=1

*Installed=1

*Installed=1

»RunOnce

»RunServices

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*ccEvtMgr="c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

*CSINJECT.EXE=c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE

*SymTray - Norton SystemWorks=c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

*NPROTECT=c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

*TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

»RunServicesOnce

»RunOnceEx

»RunServicesOnceEx

»Browser Helper Objects (LM)

*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}

`InprocServer32=c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

*{53707962-6F74-2D53-2644-206D7942484F}

`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

*Bridge.brdg.1/{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}

`InprocServer32=C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL

*{83DE62E0-5805-11D8-9B25-00E04C60FAF2}

`InprocServer32=C:\WINDOWS\2_0_1browserhelper2.dll

*{000020DD-C72E-4113-AF77-DD56626C6C42}

`InprocServer32=

*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}

`InprocServer32=c:\program files\google\googletoolbar4.dll

*{EE96BE81-B092-11D8-B638-00C0ADA3EAB9}

`InprocServer32=C:\WINDOWS\SYSTEM\CLN.DLL

»Files

»System/Drivers

»Running Processes

*FFEFF195=C:\WINDOWS\SYSTEM\KERNEL32.DLL

*FFFF8605=C:\WINDOWS\SYSTEM\MSGSRV32.EXE

*FFFFB175=C:\WINDOWS\SYSTEM\MPREXE.EXE

*FFFED305=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

*FFFEF505=C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE

*FFFEE5C5=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

*FFFE9539=C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

*FFFD515D=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

*FFFD5DBD=C:\WINDOWS\SYSTEM\mmtask.tsk

*FFFE4C11=C:\WINDOWS\EXPLORER.EXE

*FFFCD03D=C:\WINDOWS\SYSTEM\SYSTRAY.EXE

*FFFC90D1=C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

*FFFCBD8D=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

*FFE301E1=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

*FFFC9AC5=C:\WINDOWS\SYSTEM\QTTASK.EXE

*FFFCD881=C:\WINDOWS\APPLICATION DATA\DOTN.EXE

*FFE240C1=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

*FFE21D9D=C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE

*FFE15C85=C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe

*FFE2B7FD=C:\WINDOWS\SYSTEM\DDHELP.EXE

*FFE37EB9=C:\WINDOWS\SYSTEM\WMIEXE.EXE

*FFE0A471=C:\WINDOWS\SYSTEM\PSTORES.EXE

*FFE003A9=C:\WINDOWS\NOTEPAD.EXE

*FFE0BF79=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE

*FFE08889=C:\UNZIPPED\STARTDRECK[1]\STARTDRECK\STARTDRECK.EXE

»Application specific

Share this post


Link to post
Share on other sites

freeatlast, and shadowwar:

 

you guys are awesome...i have 40 minutes till the old man gets home...i really cannot afford to have him see the computer screwed up...thanks...you guys are the best!

Share this post


Link to post
Share on other sites

ok start with this:

Now download Ad-Aware at http://www.lavasoftusa.com/support/download/

After installing AAW, and before running the program, FIRST update the reference file following these instructions.

 

Now do the following:

 

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."

 

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."

 

Press "Scan Now"

 

- Check option "Use Custom scanning options"

- Check option "Activate In-Depth Scan"

- Press "Select drives\folders to scan"

- Select the active partition which is usually C:

 

Now press "Next" to let Ad-aware scan your drives...

It will find a number of "bad" files and registry keys. Click 'Next' again

Right-click in that pane and choose "select all"

 

If it finds "bad" files and registry keys, press "Next" again

It will ask you whether you'd like to remove all checked items. Click OK.

 

Finally, close Ad-Aware, and reboot.

 

post a new hijackthis log when done.

Share this post


Link to post
Share on other sites

after ad-aware 6.0 use...what's next?

 

 

Logfile of HijackThis v1.97.7

Scan saved at 2:20:49 PM, on 5/28/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\APPLICATION DATA\DOTN.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE

C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\UI23K98G\HIJACKTHIS[1].EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Access provided by Simply Connect

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: (no name) - {EE96BE81-B092-11D8-B638-00C0ADA3EAB9} - C:\WINDOWS\SYSTEM\CLN.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE

O4 - HKLM\..\RunServices: [symTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [Enae] C:\WINDOWS\Application Data\dotn.exe

O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmtrans.html

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Dell Home (HKCU)

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ron/install.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://65.200.22.244/plugins/en_US/DjVuControl.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/CDTInc/bridge-c17.cab

O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab

O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab

O19 - User stylesheet: (file missing)

Share this post


Link to post
Share on other sites

Please close all windows and internet explorers. Check mark the following items only in Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O2 - BHO: (no name) - {EE96BE81-B092-11D8-B638-00C0ADA3EAB9} - C:\WINDOWS\SYSTEM\CLN.DLL

O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

O4 - HKCU\..\Run: [Enae] C:\WINDOWS\Application Data\dotn.exe

 

 

Click the fix button. Close hijackthis.

 

run the latest version of cwshredder. from the link in my signature. click fix and let it fix what it finds.

 

 

 

Reboot and show hidden files and folders per the link in my signature.

Please delete the following files or folders.

 

Files:

C:\WINDOWS\SYSTEM\A.EXE

C:\WINDOWS\Application Data\dotn.exe

Folders:

 

 

 

Run a new log and post it here

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 2:46:28 PM, on 5/28/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE

C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\29SP43IF\HIJACKTHIS[1].EXE

C:\WINDOWS\NOTEPAD.EXE

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\29SP43IF\HIJACKTHIS[1].EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Access provided by Simply Connect

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: (no name) - {764409E4-B0B1-11D8-B638-00C05209FB22} - C:\WINDOWS\SYSTEM\CLN.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE

O4 - HKLM\..\RunServices: [symTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmtrans.html

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Dell Home (HKCU)

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ron/install.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://65.200.22.244/plugins/en_US/DjVuControl.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://www2.flingstone.com/cab/98ME/CDTInc/bridge-c17.cab

O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab

O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab

O19 - User stylesheet: (file missing)

Share this post


Link to post
Share on other sites

i think we are doing well...my dad is pulling in the driveway....we must hurry! HELP!!

 

you rule shadowwar!

Share this post


Link to post
Share on other sites

Download and install APM from: http://www.diamondcs.com.au/index.php?page=apm

In the upper window select explorer.exe

In the lower window find and rightclick CLN.DLL

Select Unload DLL and click OK on the prompts that follow.

 

 

then tick and fix these with hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

O2 - BHO: (no name) - {764409E4-B0B1-11D8-B638-00C05209FB22} - C:\WINDOWS\SYSTEM\CLN.DLL

Share this post


Link to post
Share on other sites

ugh.. 98.. ok.. lets try this..

 

Download this zip.

 

http://tools.zerosrealm.com/pv.zip

 

unzip it to the desktop.

 

Be sure to have at least 1 internet explorer open.

 

Double click on the runme9x.bat

A dos box will open with a menu it it.

 

Select option 2 for internet explorer dll's

Notepad will open with a log in it. Please copy and paste the log into this post.

Edited by shadowwar

Share this post


Link to post
Share on other sites

ok, option 2 came up empty...i did option 1 and this is the log...i need help as soon as humanly possible with this one...i know you are with others but their situations may not ba as dire as mine... thanks for your help...

 

 

 

Module information for 'EXPLORER.EXE'

MODULE BASE SIZE PATH

RSAENH.DLL 3350000 106496 C:\WINDOWS\SYSTEM\RSAENH.DLL 5.00.1877.8 Microsoft Enhanced Cryptographic Provider (US/Canada Only, Not for Export)

SCHANNEL.DLL 77400000 135168 C:\WINDOWS\SYSTEM\SCHANNEL.DLL 5.00.1877.6 TLS / SSL Security Provider (US and Canada Use Only)

VBSCRIPT.DLL 6b600000 462848 C:\WINDOWS\SYSTEM\VBSCRIPT.DLL 5.6.0.7426 Microsoft ® VBScript

PNGFILT.DLL 70530000 45056 C:\WINDOWS\SYSTEM\PNGFILT.DLL 6.00.2800.1106 IE PNG plugin image decoder

IMGUTIL.DLL 70510000 40960 C:\WINDOWS\SYSTEM\IMGUTIL.DLL 6.00.2800.1106 IE plugin image decoder support DLL

IEPEERS.DLL 70fb0000 241664 C:\WINDOWS\SYSTEM\IEPEERS.DLL 6.00.2800.1106 Internet Explorer Peer Objects

PLUGIN.OCX 35b0000 98304 C:\WINDOWS\SYSTEM\PLUGIN.OCX 6.00.2800.1106 ActiveX Plugin OCX

MSHTMLED.DLL 70f30000 450560 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 6.00.2800.1106 Microsoft ® HTML Editing Component

INETCPLC.DLL 71950000 118784 C:\WINDOWS\SYSTEM\INETCPLC.DLL 6.00.2800.1106 Internet Control Panel

INETCPL.CPL 3120000 319488 C:\WINDOWS\SYSTEM\INETCPL.CPL 6.00.2800.1106 Internet Control Panel

ACTXPRXY.DLL 703d0000 110592 C:\WINDOWS\SYSTEM\ACTXPRXY.DLL 6.00.2800.1106 ActiveX Interface Marshaling Library

RNR20.DLL 783c0000 61440 C:\WINDOWS\SYSTEM\RNR20.DLL 4.10.2222 Windows Socket2 NameSpace DLL

JSCRIPT.DLL 6b700000 589824 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.6.0.6626 Microsoft ® JScript

SCRBLOCK.DLL 3100000 122880 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL 1, 1, 0, 126 ScriptBlocking

SCRAUTH.DLL 1d30000 110592 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL 1, 1, 0, 126 ScriptBlocking Authenticator

IMM32.DLL bfe20000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.10.1998 Win32 IMM32 core component

MSLS31.DLL 48080000 159744 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file

SHDOCLC.DLL 71840000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library

MSHTML.DLL 70c50000 2805760 C:\WINDOWS\SYSTEM\MSHTML.DLL 6.00.2800.1106 Microsoft ® HTML Viewer

CLN.DLL 1d20000 45056 C:\WINDOWS\SYSTEM\CLN.DLL

SDHELPER.DLL 29d0000 733184 C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL

OLEPRO32.DLL 5f300000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4518

MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL

NAVSHEXT.DLL 10e0000 114688 C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVSHEXT.DLL 9.05.15 Norton AntiVirusNAVShellExt Module

ATL.DLL 5f3e0000 73728 C:\WINDOWS\SYSTEM\ATL.DLL 3.00.8449 ATL Module for Windows (ANSI)

CCTRUST.DLL 28b0000 106496 C:\WINDOWS\SYSTEM\CCTRUST.DLL 1.0.10.002 Common Client ccTrust

MSVCP60.DLL 780c0000 397312 C:\WINDOWS\SYSTEM\MSVCP60.DLL 6.00.8972.0 Microsoft ® C++ Runtime Library

RSABASE.DLL 7ca00000 110592 C:\WINDOWS\SYSTEM\RSABASE.DLL 5.00.1877.7 Microsoft Base Cryptographic Provider (Export Version)

SOFTPUB.DLL 77ac0000 69632 C:\WINDOWS\SYSTEM\SOFTPUB.DLL 5.131.1877.4 Microsoft Trust Policy Providers

GOOGLETOOLBAR4.DLL 1ec0000 753664 C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL 2, 0, 111, 0 Google IE Client Toolbar

WINMM.DLL bfdf0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.03.1998 System APIs for Multimedia

WINTRUST.DLL 714a0000 57344 C:\WINDOWS\SYSTEM\WINTRUST.DLL 5.131.1877.5 Microsoft Trust Verification APIs

URLMON.DLL 702b0000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1106 OLE32 Extensions for Win32

SETUPAPI.DLL 77ea0000 421888 C:\WINDOWS\SYSTEM\SETUPAPI.DLL 5.00.1671.1 Windows NT Setup API

CFGMGR32.DLL 7f810000 45056 C:\WINDOWS\SYSTEM\CFGMGR32.DLL 4.10.1998 Configuration Manager Win32 Interface

WINSPOOL.DRV 7fe40000 36864 C:\WINDOWS\SYSTEM\WINSPOOL.DRV 4.10.1998 Win32 WINSPOOL core component

VERSION.DLL bfe70000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.10.1998 Win32 VERSION core component

COMDLG32.DLL 7fe10000 184320 C:\WINDOWS\SYSTEM\COMDLG32.DLL 4.72.3510.2300 Common Dialogs DLL

LZ32.DLL bfe60000 24576 C:\WINDOWS\SYSTEM\LZ32.DLL 4.10.1998 Win32 LZ32 core component

NTDLL.DLL bfee0000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL 4.10.1998 Win32 NTDLL core component

SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL

RASAPI32.DLL 7f880000 217088 C:\WINDOWS\SYSTEM\RASAPI32.DLL 4.10.2222 Dial-Up Networking Dynamic Linked Library

SECUR32.DLL 7f870000 40960 C:\WINDOWS\SYSTEM\SECUR32.DLL 4.10.2222 Microsoft Win32 Security Services

MSVCRT20.DLL 7fc30000 282624 C:\WINDOWS\SYSTEM\MSVCRT20.DLL 2.11.000 Microsoft® C Runtime Library

SVRAPI.DLL 7f950000 32768 C:\WINDOWS\SYSTEM\SVRAPI.DLL 4.10.1998 32-bit common Server API library

MSNET32.DLL 7f300000 77824 C:\WINDOWS\SYSTEM\MSNET32.DLL 4.10.2224 Microsoft 32-bit Network API Library

NWNET32.DLL 7f940000 40960 C:\WINDOWS\SYSTEM\NWNET32.DLL 4.10.1998 32-bit NW API library

MSPWL32.DLL 7fb40000 40960 C:\WINDOWS\SYSTEM\MSPWL32.DLL 4.10.1998 Password list management library

TAPI32.DLL 7f960000 122880 C:\WINDOWS\SYSTEM\TAPI32.DLL 4.10.2222 Microsoft® Windows Telephony API Client DLL

NETAPI32.DLL 7f990000 20480 C:\WINDOWS\SYSTEM\NETAPI32.DLL 4.10.1998 32-bit network API DLL

NETBIOS.DLL 7f840000 32768 C:\WINDOWS\SYSTEM\NETBIOS.DLL

BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library

IPHLPAPI.DLL 7c8e0000 32768 C:\WINDOWS\SYSTEM\IPHLPAPI.DLL 5.00.1717.2 IP Helper API

MSAFD.DLL 7b410000 45056 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.10.1998 Microsoft Windows Sockets 2.0 Service Provider

IPCFGDLL.DLL 7c900000 28672 C:\WINDOWS\SYSTEM\IPCFGDLL.DLL 5.00.1717.2 Ipconfig API DLL

DHCPCSVC.DLL 7dd90000 28672 C:\WINDOWS\SYSTEM\DHCPCSVC.DLL

ICMP.DLL 7ce10000 24576 C:\WINDOWS\SYSTEM\ICMP.DLL 5.00.1454.1 ICMP DLL

WSOCK32.DLL 75fa0000 40960 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.10.1998 BSD Socket API for Windows

MSWSOCK.DLL 794d0000 86016 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.10.2222 Microsoft WinSock Extension APIs

WS2_32.DLL 76000000 73728 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.10.2222 Windows Socket 2.0 32-Bit DLL

WS2HELP.DLL 75fe0000 24576 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.10.1998 Windows Socket 2.0 Helper for Windows 98

ES.DLL 71730000 118784 C:\WINDOWS\SYSTEM\ES.DLL 1998.09.1003.0 COM+ EventSystem Library

SENS.DLL 60100000 69632 C:\WINDOWS\SYSTEM\SENS.DLL 5.50.4807.2300 System Event Notification Service (SENS)

ESTIER2.DLL 71790000 61440 C:\WINDOWS\SYSTEM\ESTIER2.DLL 1998.09.1003.0 COM+ EventSystem Service Library

ESSHARED.DLL 71760000 69632 C:\WINDOWS\SYSTEM\ESSHARED.DLL 1998.09.1003.0 COM+ EventSystem Shared Utilities

WEBCHECK.DLL 70340000 266240 C:\WINDOWS\SYSTEM\WEBCHECK.DLL 6.00.2800.1106 Web Site Monitor

MSH_ZWF.DLL 61220000 57344 C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\MSH_ZWF.DLL 3.10.0393 IntelliPoint Wheel Features DLL

SHFOLDER.DLL 71930000 32768 C:\WINDOWS\SYSTEM\SHFOLDER.DLL 6.00.2800.1106 Shell Folder Service

WININET.DLL 70200000 610304 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1106 Internet Extensions for Win32

OLEAUT32.DLL 65340000 634880 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4518

CRYPT32.DLL 71300000 385024 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.1877.5 Crypto API32

MSOSS.DLL 79e00000 151552 C:\WINDOWS\SYSTEM\MSOSS.DLL 5.131.1877.3 Microsoft Trust ASN APIs

MSI.DLL d70000 2015232 C:\WINDOWS\SYSTEM\MSI.DLL 2.0.2600.2 Windows Installer

RPCRT4.DLL 7fb90000 335872 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.2900 Remote Procedure Call DLL

LINKINFO.DLL 7fb80000 36864 C:\WINDOWS\SYSTEM\LINKINFO.DLL 4.10.1998 Windows Volume Tracking

MPR.DLL 7fbf0000 57344 C:\WINDOWS\SYSTEM\MPR.DLL 4.10.1998 WIN32 Network Interface DLL

MYDOCS.DLL 792f0000 69632 C:\WINDOWS\SYSTEM\MYDOCS.DLL 4.72.3510.2300 My Documents Folder UI

SHD401LC.DLL ca0000 61440 C:\WINDOWS\SYSTEM\SHD401LC.DLL 5.50.4914.1400 Shell Doc Object and Control Library - IE 4.01 compat

BROWSEUI.DLL 71160000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1106 Shell Browser UI Library

SYMTRHK.DLL 1110000 81920 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRHK.DLL 2003.6.57 Norton SystemWorks SymTray Hook Dll

QDCSPI.DLL 10000000 45056 C:\WINDOWS\SYSTEM\QDCSPI.DLL 7.0.00.15 Norton QDCSPI Library

SHDOC401.DLL 50000000 503808 C:\WINDOWS\SYSTEM\SHDOC401.DLL 5.50.4914.1400 Shell Doc Object and Control Library - IE 4.01 compat

OLE32.DLL 7ff20000 790528 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.2900 Microsoft OLE for Windows and Windows NT

SHDOCVW.DLL 71000000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1106 Shell Doc Object and Control Library

SHELL32.DLL 7fcb0000 1400832 C:\WINDOWS\SYSTEM\SHELL32.DLL 4.72.3612.1700 Windows Shell Common Dll

EXPLORER.EXE 400000 180224 C:\WINDOWS\EXPLORER.EXE 4.72.3110.1 Windows Explorer

COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library

SHLWAPI.DLL 70bd0000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1106 Shell Light-weight Utility Library

MSVCRT.DLL 78000000 278528 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.00.8797.0 Microsoft ® C Runtime Library

USER32.DLL bfc00000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.10.2227 Win32 USER32 core component

GDI32.DLL bff20000 155648 C:\WINDOWS\SYSTEM\GDI32.DLL 4.10.1998 Win32 GDI core component

ADVAPI32.DLL bfe80000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.80.1675 Win32 ADVAPI32 core component

KERNEL32.DLL bff70000 471040 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.10.2222 Win32 Kernel core component

Share this post


Link to post
Share on other sites

Please download TheKillbox from here: http://www.downloads.subratam.org/KillBox.zip

 

Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

 

C:\WINDOWS\SYSTEM\CLN.DLL

 

 

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The c:\winnt\system32\log.dll listing should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.

 

Than once back into windows check and fix the entries with hijackthis again:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CLN.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

O2 - BHO: (no name) - {764409E4-B0B1-11D8-B638-00C05209FB22} - C:\WINDOWS\SYSTEM\CLN.DLL

 

 

run a new hijackthis log and post it along with a new PV explorer log.

Share this post


Link to post
Share on other sites

kijack log...

 

Logfile of HijackThis v1.97.7

Scan saved at 3:43:05 PM, on 5/28/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE

C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\TEC4N86H\HIJACKTHIS[1].EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Access provided by Simply Connect

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.google.com/

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE

O4 - HKLM\..\RunServices: [symTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL/cmtrans.html

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Dell Home (HKCU)

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ron/install.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://65.200.22.244/plugins/en_US/DjVuControl.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://www2.flingstone.com/cab/98ME/CDTInc/bridge-c17.cab

O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab

O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab

O19 - User stylesheet: (file missing)

 

explorer log

 

Module information for 'EXPLORER.EXE'

MODULE BASE SIZE PATH

PLUGIN.OCX 3a80000 98304 C:\WINDOWS\SYSTEM\PLUGIN.OCX 6.00.2800.1106 ActiveX Plugin OCX

ACTXPRXY.DLL 703d0000 110592 C:\WINDOWS\SYSTEM\ACTXPRXY.DLL 6.00.2800.1106 ActiveX Interface Marshaling Library

MSHTMLED.DLL 70f30000 450560 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 6.00.2800.1106 Microsoft ® HTML Editing Component

JSCRIPT.DLL 6b700000 589824 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.6.0.6626 Microsoft ® JScript

SCRBLOCK.DLL 3850000 122880 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL 1, 1, 0, 126 ScriptBlocking

SCRAUTH.DLL 3620000 110592 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL 1, 1, 0, 126 ScriptBlocking Authenticator

RNR20.DLL 783c0000 61440 C:\WINDOWS\SYSTEM\RNR20.DLL 4.10.2222 Windows Socket2 NameSpace DLL

IMM32.DLL bfe20000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.10.1998 Win32 IMM32 core component

MSLS31.DLL 48080000 159744 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file

MLANG.DLL 70440000 585728 C:\WINDOWS\SYSTEM\MLANG.DLL 6.00.2800.1106 Multi Language Support DLL

SHDOCLC.DLL 71840000 540672 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 6.00.2800.1106 Shell Doc Object and Control Library

MSHTML.DLL 70c50000 2805760 C:\WINDOWS\SYSTEM\MSHTML.DLL 6.00.2800.1106 Microsoft ® HTML Viewer

SDHELPER.DLL 29d0000 733184 C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL

OLEPRO32.DLL 5f300000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4518

NAVSHEXT.DLL 2890000 114688 C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVSHEXT.DLL 9.05.15 Norton AntiVirusNAVShellExt Module

ATL.DLL 5f3e0000 73728 C:\WINDOWS\SYSTEM\ATL.DLL 3.00.8449 ATL Module for Windows (ANSI)

CCTRUST.DLL 28b0000 106496 C:\WINDOWS\SYSTEM\CCTRUST.DLL 1.0.10.002 Common Client ccTrust

MSVCP60.DLL 780c0000 397312 C:\WINDOWS\SYSTEM\MSVCP60.DLL 6.00.8972.0 Microsoft ® C++ Runtime Library

RSABASE.DLL 7ca00000 110592 C:\WINDOWS\SYSTEM\RSABASE.DLL 5.00.1877.7 Microsoft Base Cryptographic Provider (Export Version)

SOFTPUB.DLL 77ac0000 69632 C:\WINDOWS\SYSTEM\SOFTPUB.DLL 5.131.1877.4 Microsoft Trust Policy Providers

GOOGLETOOLBAR4.DLL 1ea0000 753664 C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR4.DLL 2, 0, 111, 0 Google IE Client Toolbar

WINMM.DLL bfdf0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.03.1998 System APIs for Multimedia

WINTRUST.DLL 714a0000 57344 C:\WINDOWS\SYSTEM\WINTRUST.DLL 5.131.1877.5 Microsoft Trust Verification APIs

URLMON.DLL 702b0000 499712 C:\WINDOWS\SYSTEM\URLMON.DLL 6.00.2800.1106 OLE32 Extensions for Win32

SETUPAPI.DLL 77ea0000 421888 C:\WINDOWS\SYSTEM\SETUPAPI.DLL 5.00.1671.1 Windows NT Setup API

CFGMGR32.DLL 7f810000 45056 C:\WINDOWS\SYSTEM\CFGMGR32.DLL 4.10.1998 Configuration Manager Win32 Interface

WINSPOOL.DRV 7fe40000 36864 C:\WINDOWS\SYSTEM\WINSPOOL.DRV 4.10.1998 Win32 WINSPOOL core component

COMDLG32.DLL 7fe10000 184320 C:\WINDOWS\SYSTEM\COMDLG32.DLL 4.72.3510.2300 Common Dialogs DLL

LZ32.DLL bfe60000 24576 C:\WINDOWS\SYSTEM\LZ32.DLL 4.10.1998 Win32 LZ32 core component

NTDLL.DLL bfee0000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL 4.10.1998 Win32 NTDLL core component

SENSAPI.DLL 60000000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4807.2300 SENS Connectivity API DLL

RASAPI32.DLL 7f880000 217088 C:\WINDOWS\SYSTEM\RASAPI32.DLL 4.10.2222 Dial-Up Networking Dynamic Linked Library

SECUR32.DLL 7f870000 40960 C:\WINDOWS\SYSTEM\SECUR32.DLL 4.10.2222 Microsoft Win32 Security Services

MSVCRT20.DLL 7fc30000 282624 C:\WINDOWS\SYSTEM\MSVCRT20.DLL 2.11.000 Microsoft® C Runtime Library

SVRAPI.DLL 7f950000 32768 C:\WINDOWS\SYSTEM\SVRAPI.DLL 4.10.1998 32-bit common Server API library

MSNET32.DLL 7f300000 77824 C:\WINDOWS\SYSTEM\MSNET32.DLL 4.10.2224 Microsoft 32-bit Network API Library

NWNET32.DLL 7f940000 40960 C:\WINDOWS\SYSTEM\NWNET32.DLL 4.10.1998 32-bit NW API library

MSPWL32.DLL 7fb40000 40960 C:\WINDOWS\SYSTEM\MSPWL32.DLL 4.10.1998 Password list management library

TAPI32.DLL 7f960000 122880 C:\WINDOWS\SYSTEM\TAPI32.DLL 4.10.2222 Microsoft® Windows Telephony API Client DLL

NETAPI32.DLL 7f990000 20480 C:\WINDOWS\SYSTEM\NETAPI32.DLL 4.10.1998 32-bit network API DLL

NETBIOS.DLL 7f840000 32768 C:\WINDOWS\SYSTEM\NETBIOS.DLL

BROWSELC.DLL 718e0000 73728 C:\WINDOWS\SYSTEM\BROWSELC.DLL 6.00.2800.1106 Shell Browser UI Library

VERSION.DLL bfe70000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.10.1998 Win32 VERSION core component

IPHLPAPI.DLL 7c8e0000 32768 C:\WINDOWS\SYSTEM\IPHLPAPI.DLL 5.00.1717.2 IP Helper API

MSAFD.DLL 7b410000 45056 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.10.1998 Microsoft Windows Sockets 2.0 Service Provider

IPCFGDLL.DLL 7c900000 28672 C:\WINDOWS\SYSTEM\IPCFGDLL.DLL 5.00.1717.2 Ipconfig API DLL

DHCPCSVC.DLL 7dd90000 28672 C:\WINDOWS\SYSTEM\DHCPCSVC.DLL

ICMP.DLL 7ce10000 24576 C:\WINDOWS\SYSTEM\ICMP.DLL 5.00.1454.1 ICMP DLL

WSOCK32.DLL 75fa0000 40960 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.10.1998 BSD Socket API for Windows

MSWSOCK.DLL 794d0000 86016 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.10.2222 Microsoft WinSock Extension APIs

WS2_32.DLL 76000000 73728 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.10.2222 Windows Socket 2.0 32-Bit DLL

WS2HELP.DLL 75fe0000 24576 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.10.1998 Windows Socket 2.0 Helper for Windows 98

ES.DLL 71730000 118784 C:\WINDOWS\SYSTEM\ES.DLL 1998.09.1003.0 COM+ EventSystem Library

SENS.DLL 60100000 69632 C:\WINDOWS\SYSTEM\SENS.DLL 5.50.4807.2300 System Event Notification Service (SENS)

ESTIER2.DLL 71790000 61440 C:\WINDOWS\SYSTEM\ESTIER2.DLL 1998.09.1003.0 COM+ EventSystem Service Library

ESSHARED.DLL 71760000 69632 C:\WINDOWS\SYSTEM\ESSHARED.DLL 1998.09.1003.0 COM+ EventSystem Shared Utilities

WEBCHECK.DLL 70340000 266240 C:\WINDOWS\SYSTEM\WEBCHECK.DLL 6.00.2800.1106 Web Site Monitor

SHFOLDER.DLL 71930000 32768 C:\WINDOWS\SYSTEM\SHFOLDER.DLL 6.00.2800.1106 Shell Folder Service

WININET.DLL 70200000 610304 C:\WINDOWS\SYSTEM\WININET.DLL 6.00.2800.1106 Internet Extensions for Win32

OLEAUT32.DLL 65340000 634880 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4518

CRYPT32.DLL 71300000 385024 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.1877.5 Crypto API32

MSOSS.DLL 79e00000 151552 C:\WINDOWS\SYSTEM\MSOSS.DLL 5.131.1877.3 Microsoft Trust ASN APIs

MSH_ZWF.DLL 61220000 57344 C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\MSH_ZWF.DLL 3.10.0393 IntelliPoint Wheel Features DLL

MSI.DLL d70000 2015232 C:\WINDOWS\SYSTEM\MSI.DLL 2.0.2600.2 Windows Installer

RPCRT4.DLL 7fb90000 335872 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.2900 Remote Procedure Call DLL

LINKINFO.DLL 7fb80000 36864 C:\WINDOWS\SYSTEM\LINKINFO.DLL 4.10.1998 Windows Volume Tracking

MPR.DLL 7fbf0000 57344 C:\WINDOWS\SYSTEM\MPR.DLL 4.10.1998 WIN32 Network Interface DLL

MYDOCS.DLL 792f0000 69632 C:\WINDOWS\SYSTEM\MYDOCS.DLL 4.72.3510.2300 My Documents Folder UI

SHD401LC.DLL ca0000 61440 C:\WINDOWS\SYSTEM\SHD401LC.DLL 5.50.4914.1400 Shell Doc Object and Control Library - IE 4.01 compat

BROWSEUI.DLL 71160000 1036288 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 6.00.2800.1106 Shell Browser UI Library

SYMTRHK.DLL 11f0000 81920 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRHK.DLL 2003.6.57 Norton SystemWorks SymTray Hook Dll

QDCSPI.DLL 10000000 45056 C:\WINDOWS\SYSTEM\QDCSPI.DLL 7.0.00.15 Norton QDCSPI Library

SHDOC401.DLL 50000000 503808 C:\WINDOWS\SYSTEM\SHDOC401.DLL 5.50.4914.1400 Shell Doc Object and Control Library - IE 4.01 compat

OLE32.DLL 7ff20000 790528 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.2900 Microsoft OLE for Windows and Windows NT

SHDOCVW.DLL 71000000 1347584 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 6.00.2800.1106 Shell Doc Object and Control Library

SHELL32.DLL 7fcb0000 1400832 C:\WINDOWS\SYSTEM\SHELL32.DLL 4.72.3612.1700 Windows Shell Common Dll

EXPLORER.EXE 400000 180224 C:\WINDOWS\EXPLORER.EXE 4.72.3110.1 Windows Explorer

COMCTL32.DLL bfb70000 557056 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library

SHLWAPI.DLL 70bd0000 413696 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 6.00.2800.1106 Shell Light-weight Utility Library

MSVCRT.DLL 78000000 278528 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.00.8797.0 Microsoft ® C Runtime Library

USER32.DLL bfc00000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.10.2227 Win32 USER32 core component

GDI32.DLL bff20000 155648 C:\WINDOWS\SYSTEM\GDI32.DLL 4.10.1998 Win32 GDI core component

ADVAPI32.DLL bfe80000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.80.1675 Win32 ADVAPI32 core component

KERNEL32.DLL bff70000 471040 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.10.2222 Win32 Kernel core component

Share this post


Link to post
Share on other sites

any luck yet shadowwar? I really appreciate what you have done so far. I just re booted the computer again and I went into explorer and my normal homepage came up (google.com). I am not sure that I am out of the woods yet and any help you can still moster would be more than appreciated. You are wonderful!

Share this post


Link to post
Share on other sites

anuone have any idea if the about:blank crap comes back? As you read through this post (because you, like I, have nothing better to do 8)) you will see that nothing was concretely resolved and the about:blank thing just left after screwing around with it for awhile. Does it have a timer on it or anything? Will it be back tomorrow? Or is it gone forever?

 

any words of wisdom would be appreciated.

 

 

shadowwar is teh ruler!!!

Share this post


Link to post
Share on other sites

you should be ok. Feel free to post back to let me know.

Could you search the registry for the filename? Curious as to were it was loading from.

start/run/regedit

go to edit/find

type the cln.dll and hit search

 

any key you find right click and export them to the desktop.

after done open with notepad and paste them here.

Share this post


Link to post
Share on other sites

............Except the fact that there is no

RightClick/export function in any of Win98~ME~2K registries.

 

You need to hilite and use the top menu >export registry file.

 

Instead, Download this registry search tool:

http://freeatlast.100free.com/Regsrch.zip

 

Unzip, run the RegSrch.vbs file and enter:

cln.dll

As the string to search.

It will run for a while and generate report. copy and post it here.

 

Incidentally, I've had ~3 Win98 users (out of ~12) with same bho but

not the other file.

It was loaded once and died on it's own.

only bho was left.

 

Shadoww's help most likely cured your problem

You can try running my Win98Fix. Unzip,

DoubleClick on the 'RunFix.reg' file, answer 'yes' to

the prompt.

Restart computer and run the included 'who.bat' file.

Text file 'badfile.txt' should be created. It is likely, in your

case as well as those few others to be empty...

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0