• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Nurse Tim

Blanksearch.biz really annoying problems

6 posts in this topic

Hi, thanks for taking the time to read my post, I really hope you can help me.

 

My computer is going crazy, for want of a better way of putting it.

 

I have discovered that I have the blanksearch.biz cool web dealie on my computer and it keeps coming up as my home page no matter what I try to do to fix it. I have tried to use the cool web shredder and that says that the computer is now clean, but it hasn’t changed anything. I have tried deleting any .exe files that have been put on the computer in the last 24 hours (Google searched them first to see if they were bad, and not part of windows) and that did not work either.

 

Since this all started going wrong I haven’t been able to open up “my computer” and other document folders, the computer freezes and I have to re-set. Other document folders open up fine though. (this was happening before I deleted stuff)

 

I have done a VET anti-virus scan, and it comes up with nothing, I have also done a spy-bot search and it cam up with a few different things and I hit fix then rest and it is all still the same.

 

Also after some time on the net the computer will just randomly freeze.

 

To top it all off I was planing to start a huge assignment today that is due in a week, so I have had a very stressful few days.

 

I have tried a few things mentioned on this forum but they don’t seem to do anything.

 

Please help, I would appreciate it so much. Thank you heaps.

 

sorry all that is so long winded, any help with any of the problems would be very appreciated.

 

Logfile of HijackThis v1.97.7

Scan saved at 9:48:37 PM, on 31/05/04

Platform: Windows 98 SE (Win9x 4.10.2222B)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE

C:\MOUSE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\SYSTEM\VETMSG9X.EXE

C:\VET\VETTRAY.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE

C:\WINDOWS\MSAGENT\AGENTSVR.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blanksearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://blanksearch.biz/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://blanksearch.biz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://blanksearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Optus Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://blanksearch.biz/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://blanksearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe

O4 - HKLM\..\Run: [VetTray] c:\VET\VETTRAY.EXE

O4 - HKLM\..\Run: [Vet Start Up] C:\VET\VET32.EXE /PROGRESSIVE

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\RunOnce: [gi969304961] "c:\windows\TEMP\12147BH9\SGSETUP\Resume.exe" "C:\WINDOWS\DESKTOP\MY GROOVY MUSIC AND FUNNY STUFF !!!\SGSETUP.EXE" /resume:"c:\windows\TEMP\12147BH9" "Please insert a first setup disk or map network drive with file C:\WINDOWS\DESKTOP\MY GROOVY MUSIC AND FUNNY STUFF !!!\SGSETUP.EXE" "simGangster"

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: LimeShop Preferences - file://c:\Program Files\topMoxie\TEMP\limeshop_script.htm

O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\Natural Voice Reader Standard\read.html

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Run DAP (HKLM)

O9 - Extra button: Natural Reader (HKLM)

O9 - Extra button: GlobalFwy (HKCU)

O9 - Extra button: Yahoo! (HKCU)

O9 - Extra button: Buyway (HKCU)

O9 - Extra button: MoneySaver (HKCU)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.mplayer.com/MplayerAutoInstaller.exe

O16 - DPF: {2646205B-878C-11D1-B07C-0000C040BCDB} (NSIEMisc Class) - file://E:\telstra\HD\nskey.dll

O16 - DPF: {17490F14-B6E6-11D2-8E5C-0000F87A4946} (MSN Communities Upload Control) - http://content.communities.ninemsn.com.au/cs/msnupld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Template...nloads/outc.cab

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedCont...c/bin/cabsa.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_0.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343au.exe

O16 - DPF: {BE44DD6F-057A-4476-A0D5-EC926957D277} - http://204.177.92.198/quickdl/livevideo/msdlupd.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8137.9825578704

Share this post


Link to post
Share on other sites

Hi,

Create a StartupList log:

Run HijackThis, click the "Config" button

Click the "Misc Tools" button

Select both options "List minor ...", and "List empty ..."

Click the "Generate StartupList log" button

(generates "startuplist.txt")

 

Copy and Paste the contents to your post

Share this post


Link to post
Share on other sites

thanks heaps for taking a look.

 

 

StartupList report, 1/06/04, 1:09:05 PM

StartupList version: 1.52

Started from : C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

Detected: Windows 98 SE (Win9x 4.10.2222B)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE

C:\MOUSE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\SYSTEM\VETMSG9X.EXE

C:\VET\VETTRAY.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\WINDOWS\Start Menu\Programs\StartUp]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]

*No files*

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

ScanRegistry = c:\windows\scanregw.exe /autorun

TaskMonitor = c:\windows\taskmon.exe

SystemTray = SysTray.Exe

CPQEASYACC = C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

EM_EXEC = C:\MOUSE\SYSTEM\EM_EXEC.EXE

Vet Alert = C:\WINDOWS\System\VetMsg9x.exe

VetTray = c:\VET\VETTRAY.EXE

Vet Start Up = C:\VET\VET32.EXE /PROGRESSIVE

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

SchedulingAgent = mstask.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

*No values found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[setupcPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\windows\INF\setupc.inf

 

[AppletsPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf

 

[FontsPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf

 

[{5A8D6EE0-3E18-11D0-821E-444553540000}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

 

[PerUser_ICW_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

 

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

 

[>PerUser_MSN_Clean] *

StubPath = c:\windows\msnmgsr1.exe

 

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *

StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

 

[PerUser_Msinfo] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf

 

[PerUser_Msinfo2] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf

 

[MotownMmsysPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf

 

[MotownAvivideoPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf

 

[MotownMPlayPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\mplay98.inf

 

[PerUser_Base] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf

 

[shellPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf

 

[shell2PerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf

 

[PerUser_winbase_Links] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf

 

[PerUser_winapps_Links] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf

 

[PerUser_LinkBar_URLs] *

StubPath = c:\windows\COMMAND\sulfnbk.exe /L

 

[TapiPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf

 

[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\webfdr16.inf,PerUserStub.Install,1

 

[PerUserOldLinks] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf

 

[MmoptRegisterPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf

 

[OlsPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf

 

[OlsMsnPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 c:\windows\INF\ols.inf

 

[PerUser_Paint_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf

 

[PerUser_Calc_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf

 

[PerUser_dxxspace_Links] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf

 

[PerUser_MSBackup_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf

 

[PerUser_Enable_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf

 

[MotownRecPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf

 

[PerUser_Vol] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf

 

[PerUser_MSWordPad_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf

 

[PerUser_RNA_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 c:\windows\INF\rna.inf

 

[PerUser_DCC_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 c:\windows\INF\rna.inf

 

[PerUser_Wingames_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf

 

[PerUser_CharMap_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf

 

[PerUser_Onlinelnks_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 c:\windows\INF\appletpp.inf

 

[PerUser_Dialer_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\windows\INF\appletpp.inf

 

[PerUser_ClipBrd_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf

 

[PerUser_CDPlayer_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

 

[OlsAolPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 c:\windows\INF\ols.inf

 

[OlsAttPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 c:\windows\INF\ols.inf

 

[OlsCompuservePerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 c:\windows\INF\ols.inf

 

[OlsProdigyPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 c:\windows\INF\ols.inf

 

[shell3PerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf

 

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\wpie5x86.inf,PerUserStub

 

[>IEPerUser] *

StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

 

[Chl99] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chl99.inf,InstallUser

 

[{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\fpxpress.inf,PerUserstub

 

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *

StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=

run=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=Explorer.exe

SCRNSAVE.EXE=

drivers=mmsystem.dll power.drv

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.INI listing:

 

*File not found*

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.BAK listing:

(Created 1/6/2004, 12:25:54)

 

[rename]

NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE

 

--------------------------------------------------

 

C:\AUTOEXEC.BAT listing:

 

ECHO OFF

rem

rem *** DO NOT EDIT THIS FILE! ***

rem

rem This file was created by the System Configuration Utility as

rem a placeholder for your AUTOEXEC.BAT file. Your actual

rem AUTOEXEC.BAT file has been saved under the name AUTOEXEC.TSH.

rem

C:\ESSAUDIO.COM

 

--------------------------------------------------

 

C:\CONFIG.SYS listing:

 

DEVICE=C:\ESSAUDIO.SYS

rem

rem *** DO NOT EDIT THIS FILE! ***

rem

rem This file was created by the System Configuration Utility as

rem a placeholder for your CONFIG.SYS. Your actual CONFIG.SYS

rem file has been saved under the name CONFIG.TSH.

rem

 

--------------------------------------------------

 

C:\WINDOWS\WINSTART.BAT listing:

 

*File not found*

 

--------------------------------------------------

 

C:\WINDOWS\DOSSTART.BAT listing:

 

ECHO OFF

C:\ESSAUDIO.COM

c:\mouse\mouse.exe

LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - (no file) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE}

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Tune-up Application Start.job

Maintenance-Defragment programs.job

Maintenance-ScanDisk.job

Maintenance-Disk cleanup.job

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft XML Parser for Java]

CODEBASE = file://c:\windows\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[DirectAnimation Java Classes]

CODEBASE = file://c:\windows\SYSTEM\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

 

[internet Explorer Classes for Java]

CODEBASE = file://c:\windows\SYSTEM\iejava.cab

OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[{4248083C-9656-11D2-8B7F-00105A17847A}]

CODEBASE = http://downloads.mplayer.com/MplayerAutoInstaller.exe

 

[NSIEMisc Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NSKEY.DLL

CODEBASE = file://E:\telstra\HD\nskey.dll

 

[MSN Communities Upload Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\MSNUPLD.DLL

CODEBASE = http://content.communities.ninemsn.com.au/cs/msnupld.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[Java Plug-in 1.3.1]

InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1\bin\npjava131.dll

CODEBASE = http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab

 

[Java Plug-in 1.3.1]

InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1\bin\npjava131.dll

CODEBASE = http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab

 

[Microsoft Office Tools on the Web Control]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\OUTC.DLL

CODEBASE = http://officeupdate.microsoft.com/Template...nloads/outc.cab

 

[OPUCatalog Class]

InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL

CODEBASE = http://office.microsoft.com/ProductUpdates/content/opuc.cab

 

[symantec RuFSI Registry Information Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL

CODEBASE = http://security2.norton.com/SSC/SharedCont...c/bin/cabsa.cab

 

[QuickTime Object]

InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX

CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

 

[{41F17733-B041-4099-A042-B518BB6A408C}]

CODEBASE = http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

 

[{7D1E9C49-BD6A-11D3-87A8-009027A35D73}]

CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

 

[Yahoo! WebCam Viewer Wrapper]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\YVWRCTL.DLL

CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab

 

[ExentInf Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\EXENTCTL_0_0_0_0.OCX

CODEBASE = http://us.games2.yimg.com/download.games.y...ctl_0_0_0_0.ocx

 

[MessengerStatsClient Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MESSENGERSTATSCLIENT.DLL

CODEBASE = http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

 

[Checkers Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSGRCHKR.DLL

CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab

 

[Minesweeper Flags Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MINESWEEPER.DLL

CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab

 

[MSN Chat Control 4.5]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX

CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

 

[solitaire Showdown Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SOLITAIRESHOWDOWN.DLL

CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

[FileSharingCtrl Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\FSMSNGR-EN.DLL

CODEBASE = http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

 

[{42F2D240-B23C-11D6-8C73-70A05DC10000}]

CODEBASE = http://www.andlotsmore.com/factory/058343au.exe

 

[{33564D57-9980-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

 

[update Class]

InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8137.9825578704

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: c:\windows\SYSTEM\rnr20.dll

Protocol #1: c:\windows\SYSTEM\mswsosp.dll

Protocol #2: c:\windows\SYSTEM\msafd.dll

Protocol #3: c:\windows\SYSTEM\msafd.dll

Protocol #4: c:\windows\SYSTEM\msafd.dll

Protocol #5: c:\windows\SYSTEM\rsvpsp.dll

Protocol #6: c:\windows\SYSTEM\rsvpsp.dll

 

--------------------------------------------------

 

Enumerating Win9x VxD services:

 

NDIS: ndis.vxd,ndis2sup.vxd

JAVASUP: JAVASUP.VXD

CONFIGMG: *CONFIGMG

NTKern: *NTKERN

VWIN32: *VWIN32

VFBACKUP: *VFBACKUP

VCOMM: *VCOMM

IFSMGR: *IFSMGR

IOS: *IOS

MTRR: *mtrr

SPOOLER: *SPOOLER

UDF: *UDF

VFAT: *VFAT

VCACHE: *VCACHE

VCOND: *VCOND

VCDFSD: *VCDFSD

VXDLDR: *VXDLDR

VDEF: *VDEF

VPICD: *VPICD

VTD: *VTD

REBOOT: *REBOOT

VDMAD: *VDMAD

VSD: *VSD

V86MMGR: *V86MMGR

PAGESWAP: *PAGESWAP

DOSMGR: *DOSMGR

VMPOLL: *VMPOLL

SHELL: *SHELL

PARITY: *PARITY

BIOSXLAT: *BIOSXLAT

VMCPD: *VMCPD

VTDAPI: *VTDAPI

PERF: *PERF

VRTWD: c:\windows\SYSTEM\vrtwd.386

VFIXD: c:\windows\SYSTEM\vfixd.vxd

VNETBIOS: vnetbios.vxd

LMOUSE: lmouse.vxd

TURBOVBF: TURBOVBF.VXD

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

System: C:\WINDOWS\system32\system32.dll

 

--------------------------------------------------

End of report, 25,493 bytes

Report generated in 0.576 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

Hi,

Open Notepad and save the below as: "RemoveSystem32.reg"

In the "Save as type" drop-down section, select: All Files

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"System"=-

[-HKEY_CLASSES_ROOT\CLSID\{061646A1-DC57-487D-B023-A938198C174E}]

[-HKEY_CLASSES_ROOT\CLSID\{4E8A9E72-8942-40EF-88DF-A559152F6B41}]

[-HKEY_CLASSES_ROOT\CLSID\{6E94CEC3-0C84-4310-AE20-CD4090178388}]

 

1) Restart in Safe Mode (see "How To:" below)

2) Enable Hidden Files (see "How To:" below)

 

Locate "RemoveSystem32.reg"

Right-click and select: Merge and Ok the prompt.

 

Locate and delete the following:

 

C:\WINDOWS\system32\system32.dll <--this file

C:\WINDOWS\system.exe <--this file

 

While still in Safe Mode:

Close all open windows, rescan with HijackThis and "Fix checked" the following:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blanksearch.biz/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://blanksearch.biz/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://blanksearch.biz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://blanksearch.biz/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://blanksearch.biz/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://blanksearch.biz/

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - (no file)

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O8 - Extra context menu item: LimeShop Preferences - file://c:\Program Files\topMoxie\TEMP\limeshop_script.htm

O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.andlotsmore.com/factory/058343au.exe

 

Restart normally and post a fresh log ...

Share this post


Link to post
Share on other sites

wasn't able to merge that file, when i tryed it came up with..."specifyed file is not a registery script" (i saved it as a all files thing with the .reg at the end)

 

was able to find C:\windows\system32\system32.dll and deleted it,

wasn't able to find C:\windows\system.exe

 

used hijack this to delet what you listed to be deleated,

 

the computer seems to be back to normal even though i wasn't able to do everything you said. is there something i am missing? log of hijack this is included for another check to make sure. (other log dealie included to incase you need it aswell) but it does seem to be alright now. if there is any thing you think i should do to make my computer run better that would be great aswell.

 

thanks for all your help with this problem, it is great to have people out there who are willing to do this for other people. thank you heaps and heaps.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 3:44:09 PM, on 1/06/04

Platform: Windows 98 SE (Win9x 4.10.2222B)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE

C:\MOUSE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\SYSTEM\VETMSG9X.EXE

C:\VET\VETTRAY.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Optus Internet

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe

O4 - HKLM\..\Run: [VetTray] c:\VET\VETTRAY.EXE

O4 - HKLM\..\Run: [Vet Start Up] C:\VET\VET32.EXE /PROGRESSIVE

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\RunOnce: [gi969304961] "c:\windows\TEMP\12147BH9\SGSETUP\Resume.exe" "C:\WINDOWS\DESKTOP\MY GROOVY MUSIC AND FUNNY STUFF !!!\SGSETUP.EXE" /resume:"c:\windows\TEMP\12147BH9" "Please insert a first setup disk or map network drive with file C:\WINDOWS\DESKTOP\MY GROOVY MUSIC AND FUNNY STUFF !!!\SGSETUP.EXE" "simGangster"

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\Natural Voice Reader Standard\read.html

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Run DAP (HKLM)

O9 - Extra button: Natural Reader (HKLM)

O9 - Extra button: GlobalFwy (HKCU)

O9 - Extra button: Yahoo! (HKCU)

O9 - Extra button: Buyway (HKCU)

O9 - Extra button: MoneySaver (HKCU)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.mplayer.com/MplayerAutoInstaller.exe

O16 - DPF: {2646205B-878C-11D1-B07C-0000C040BCDB} (NSIEMisc Class) - file://E:\telstra\HD\nskey.dll

O16 - DPF: {17490F14-B6E6-11D2-8E5C-0000F87A4946} (MSN Communities Upload Control) - http://content.communities.ninemsn.com.au/cs/msnupld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Template...nloads/outc.cab

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedCont...c/bin/cabsa.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_0.ocx

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8137.9825578704

 

 

 

 

StartupList report, 1/06/04, 3:55:50 PM

StartupList version: 1.52

Started from : C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

Detected: Windows 98 SE (Win9x 4.10.2222B)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE

C:\MOUSE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\SYSTEM\VETMSG9X.EXE

C:\VET\VETTRAY.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\WINDOWS\Start Menu\Programs\StartUp]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]

*No files*

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

ScanRegistry = c:\windows\scanregw.exe /autorun

TaskMonitor = c:\windows\taskmon.exe

SystemTray = SysTray.Exe

CPQEASYACC = C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

EM_EXEC = C:\MOUSE\SYSTEM\EM_EXEC.EXE

Vet Alert = C:\WINDOWS\System\VetMsg9x.exe

VetTray = c:\VET\VETTRAY.EXE

Vet Start Up = C:\VET\VET32.EXE /PROGRESSIVE

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

SchedulingAgent = mstask.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

*No values found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[setupcPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\windows\INF\setupc.inf

 

[AppletsPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf

 

[FontsPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf

 

[{5A8D6EE0-3E18-11D0-821E-444553540000}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

 

[PerUser_ICW_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

 

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

 

[>PerUser_MSN_Clean] *

StubPath = c:\windows\msnmgsr1.exe

 

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *

StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

 

[PerUser_Msinfo] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf

 

[PerUser_Msinfo2] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf

 

[MotownMmsysPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf

 

[MotownAvivideoPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf

 

[MotownMPlayPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\mplay98.inf

 

[PerUser_Base] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf

 

[shellPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf

 

[shell2PerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf

 

[PerUser_winbase_Links] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf

 

[PerUser_winapps_Links] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf

 

[PerUser_LinkBar_URLs] *

StubPath = c:\windows\COMMAND\sulfnbk.exe /L

 

[TapiPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf

 

[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\webfdr16.inf,PerUserStub.Install,1

 

[PerUserOldLinks] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf

 

[MmoptRegisterPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf

 

[OlsPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf

 

[OlsMsnPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 c:\windows\INF\ols.inf

 

[PerUser_Paint_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf

 

[PerUser_Calc_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf

 

[PerUser_dxxspace_Links] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf

 

[PerUser_MSBackup_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf

 

[PerUser_Enable_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf

 

[MotownRecPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf

 

[PerUser_Vol] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf

 

[PerUser_MSWordPad_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf

 

[PerUser_RNA_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 c:\windows\INF\rna.inf

 

[PerUser_DCC_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 c:\windows\INF\rna.inf

 

[PerUser_Wingames_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf

 

[PerUser_CharMap_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf

 

[PerUser_Onlinelnks_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 c:\windows\INF\appletpp.inf

 

[PerUser_Dialer_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\windows\INF\appletpp.inf

 

[PerUser_ClipBrd_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf

 

[PerUser_CDPlayer_Inis] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

 

[OlsAolPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 c:\windows\INF\ols.inf

 

[OlsAttPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 c:\windows\INF\ols.inf

 

[OlsCompuservePerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 c:\windows\INF\ols.inf

 

[OlsProdigyPerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 c:\windows\INF\ols.inf

 

[shell3PerUser] *

StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf

 

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\wpie5x86.inf,PerUserStub

 

[>IEPerUser] *

StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

 

[Chl99] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chl99.inf,InstallUser

 

[{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\fpxpress.inf,PerUserstub

 

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *

StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=

run=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=Explorer.exe

SCRNSAVE.EXE=

drivers=mmsystem.dll power.drv

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.INI listing:

 

*File not found*

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.BAK listing:

(Created 1/6/2004, 12:25:54)

 

[rename]

NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE

 

--------------------------------------------------

 

C:\AUTOEXEC.BAT listing:

 

ECHO OFF

rem

rem *** DO NOT EDIT THIS FILE! ***

rem

rem This file was created by the System Configuration Utility as

rem a placeholder for your AUTOEXEC.BAT file. Your actual

rem AUTOEXEC.BAT file has been saved under the name AUTOEXEC.TSH.

rem

C:\ESSAUDIO.COM

 

--------------------------------------------------

 

C:\CONFIG.SYS listing:

 

DEVICE=C:\ESSAUDIO.SYS

rem

rem *** DO NOT EDIT THIS FILE! ***

rem

rem This file was created by the System Configuration Utility as

rem a placeholder for your CONFIG.SYS. Your actual CONFIG.SYS

rem file has been saved under the name CONFIG.TSH.

rem

 

--------------------------------------------------

 

C:\WINDOWS\WINSTART.BAT listing:

 

*File not found*

 

--------------------------------------------------

 

C:\WINDOWS\DOSSTART.BAT listing:

 

ECHO OFF

C:\ESSAUDIO.COM

c:\mouse\mouse.exe

LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Tune-up Application Start.job

Maintenance-Defragment programs.job

Maintenance-ScanDisk.job

Maintenance-Disk cleanup.job

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft XML Parser for Java]

CODEBASE = file://c:\windows\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[DirectAnimation Java Classes]

CODEBASE = file://c:\windows\SYSTEM\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

 

[internet Explorer Classes for Java]

CODEBASE = file://c:\windows\SYSTEM\iejava.cab

OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[{4248083C-9656-11D2-8B7F-00105A17847A}]

CODEBASE = http://downloads.mplayer.com/MplayerAutoInstaller.exe

 

[NSIEMisc Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\NSKEY.DLL

CODEBASE = file://E:\telstra\HD\nskey.dll

 

[MSN Communities Upload Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\MSNUPLD.DLL

CODEBASE = http://content.communities.ninemsn.com.au/cs/msnupld.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[Java Plug-in 1.3.1]

InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1\bin\npjava131.dll

CODEBASE = http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab

 

[Java Plug-in 1.3.1]

InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1\bin\npjava131.dll

CODEBASE = http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab

 

[Microsoft Office Tools on the Web Control]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\OUTC.DLL

CODEBASE = http://officeupdate.microsoft.com/Template...nloads/outc.cab

 

[OPUCatalog Class]

InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL

CODEBASE = http://office.microsoft.com/ProductUpdates/content/opuc.cab

 

[symantec RuFSI Registry Information Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL

CODEBASE = http://security2.norton.com/SSC/SharedCont...c/bin/cabsa.cab

 

[QuickTime Object]

InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX

CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

 

[{41F17733-B041-4099-A042-B518BB6A408C}]

CODEBASE = http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

 

[{7D1E9C49-BD6A-11D3-87A8-009027A35D73}]

CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

 

[Yahoo! WebCam Viewer Wrapper]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\YVWRCTL.DLL

CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab

 

[ExentInf Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\EXENTCTL_0_0_0_0.OCX

CODEBASE = http://us.games2.yimg.com/download.games.y...ctl_0_0_0_0.ocx

 

[MessengerStatsClient Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MESSENGERSTATSCLIENT.DLL

CODEBASE = http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

 

[Checkers Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSGRCHKR.DLL

CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab

 

[Minesweeper Flags Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MINESWEEPER.DLL

CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab

 

[MSN Chat Control 4.5]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX

CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

 

[solitaire Showdown Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SOLITAIRESHOWDOWN.DLL

CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

[FileSharingCtrl Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\FSMSNGR-EN.DLL

CODEBASE = http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

 

[{33564D57-9980-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

 

[update Class]

InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8137.9825578704

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: c:\windows\SYSTEM\rnr20.dll

Protocol #1: c:\windows\SYSTEM\mswsosp.dll

Protocol #2: c:\windows\SYSTEM\msafd.dll

Protocol #3: c:\windows\SYSTEM\msafd.dll

Protocol #4: c:\windows\SYSTEM\msafd.dll

Protocol #5: c:\windows\SYSTEM\rsvpsp.dll

Protocol #6: c:\windows\SYSTEM\rsvpsp.dll

 

--------------------------------------------------

 

Enumerating Win9x VxD services:

 

NDIS: ndis.vxd,ndis2sup.vxd

JAVASUP: JAVASUP.VXD

CONFIGMG: *CONFIGMG

NTKern: *NTKERN

VWIN32: *VWIN32

VFBACKUP: *VFBACKUP

VCOMM: *VCOMM

IFSMGR: *IFSMGR

IOS: *IOS

MTRR: *mtrr

SPOOLER: *SPOOLER

UDF: *UDF

VFAT: *VFAT

VCACHE: *VCACHE

VCOND: *VCOND

VCDFSD: *VCDFSD

VXDLDR: *VXDLDR

VDEF: *VDEF

VPICD: *VPICD

VTD: *VTD

REBOOT: *REBOOT

VDMAD: *VDMAD

VSD: *VSD

V86MMGR: *V86MMGR

PAGESWAP: *PAGESWAP

DOSMGR: *DOSMGR

VMPOLL: *VMPOLL

SHELL: *SHELL

PARITY: *PARITY

BIOSXLAT: *BIOSXLAT

VMCPD: *VMCPD

VTDAPI: *VTDAPI

PERF: *PERF

VRTWD: c:\windows\SYSTEM\vrtwd.386

VFIXD: c:\windows\SYSTEM\vfixd.vxd

VNETBIOS: vnetbios.vxd

LMOUSE: lmouse.vxd

TURBOVBF: TURBOVBF.VXD

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

System: C:\WINDOWS\system32\system32.dll

 

--------------------------------------------------

End of report, 25,325 bytes

Report generated in 0.479 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

Hi,

wasn't able to merge that file,

Hmm ... that's odd, but we'll just do it manually.

 

Start | Run (type) regedit

 

Navigate to the following location:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

 

Highlight the "ShellServiceObjectDelayLoad" key (left pane)

In the right pane, highlight the "System" entry.

Right-click and select: Delete, Ok the prompt, and close Regedit.

 

Locate and delete the following:

 

C:\WINDOWS\system32\system32.dll <--this file (if exists)

 

Reboot and then ...

 

I would suggest adding some "Defense" to your system ...

See section: How To: Prevent this from happening again?

http://www.mvps.org/winhelp2002/unwanted.htm

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0