• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ajbbear

I am so confused!

4 posts in this topic

It appears as though there is spyware on my computer, I don't know how it happened. I ran ad-aware but nothing really happened. I am getting millions ofd popups...The following icons appeared on my desktop:silent, infamous_downloader, o install2, second thought, mypcsearch, lycos sidesearch, and a couple more. There are also a bunch of programs running on my computer at startup under ctrl-alt-delete that will close except for sysai and bargains, which don't stop running. I don't know what to do....please help!! the hijack log:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:01:30 PM, on 6/23/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\AIM95\AIM.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE

C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\SYSAI\SYSAI.EXE

C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\WINRAR\WINRAR.EXE

C:\WINDOWS\TEMP\RAR$EX00.772\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

R3 - URLSearchHook: (no name) - _{965A592F-8EFA-4250-8630-7960230792F1} - (no file)

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM218.DLL

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM218.DLL

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\APUC.DLL

O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1400.DLL

O2 - BHO: (no name) - {D2B67BE0-C4BC-11D8-B451-00045A49AA51} - C:\WINDOWS\SYSTEM\OLES2CONV.DLL

O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

O4 - HKLM\..\Run: [Jcgi] C:\WINDOWS\TEMP\JCGI.EXE

O4 - HKLM\..\Run: [fsssoyohgfdii] C:\WINDOWS\SYSTEM\ibcrtf.exe

O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe

O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe

O4 - HKLM\..\Run: [bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe

O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\SYSTEM\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE

O4 - HKLM\..\Run: [WhenUSearch] C:\Program Files\WhenUSearch\Search.exe

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\UPTODATE.EXE

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [3BTW6X7282RZRD] C:\WINDOWS\SYSTEM\Pdo77j0.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe

O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKLM\..\Run: [r86k36R] DPL32.EXE

O4 - HKLM\..\Run: [msbb] c:\windows\temp\msbb.exe

O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H

O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [hmbuvsz] C:\WINDOWS\hmbuvsz.exe

O4 - HKLM\..\Run: [bEMW] C:\WINDOWS\SYSTEM\BEMW.exe

O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon

O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

O4 - HKCU\..\Run: [azpqRWd7j] DSW16.EXE

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\WINDOWS\TEMP\djtopr1150.exe"

O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Sidesearch (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

Share this post


Link to post
Share on other sites

Hello ajbbear,

 

You have a few infections there.

First download the PeperFix.exe, a tool made by Option^Explicit, from here:

 

http://downloads.subratam.org/PeperFix.exe

 

Click on the PeperFix.exe to launch it.

Click the Find and Fix button.

You will be prompted to reboot.

Reboot and it will delete the files.

 

_______

 

Please download Spybot: Search and Destroy from http://www.safer-networking.org/index.php

Check for Updates first, download ALL Updates and Do a Scan.

When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.

 

I'd Also Recommend you Download AdAware, Another good Antispyware Program From http://www.lavasoftusa.com/support/download/.

Install The Program and Run it. Make Sure You Click the "Check for Updates" Button before starting a scan.

Do a scan on AdAware and Remove Everything it suggests.

_______

 

 

Now see if these are in your Add/Remove Programs.

Click Start>Settings>Control Panel. Then double click on 'Add/Remove Programs' icon.

Then highlight these and Uninstall them:

(if they are there)

 

'Twain-Tech'

'BrowserAid'

'CashToolbar'

'Web Toolbar'

'BrowserPal'

'SideSearch'

'Active Alert'

'Internet Optimizer'

'AM Server'

'POP'

'KeenValue'

'PowerSearch toolbar for IE'

 

______

 

 

Then, you don't have HJT in a Permanent folder.

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

This will allow backups to be made and saved By hijackthis in case something goes wrong

Follow this link http://www.netstar.me.uk/hjt/hjt.html if you need help.

 

_______

 

Then, open HijackThis, click Scan, then out a check next to the following entries:

(some of these won't be here after doing the above)

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=

 

R3 - URLSearchHook: (no name) - _{965A592F-8EFA-4250-8630-7960230792F1} - (no file)

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

 

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM218.DLL

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM218.DLL

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\APUC.DLL

O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1400.DLL

O2 - BHO: (no name) - {D2B67BE0-C4BC-11D8-B451-00045A49AA51} - C:\WINDOWS\SYSTEM\OLES2CONV.DLL

O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

 

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

 

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

O4 - HKLM\..\Run: [Jcgi] C:\WINDOWS\TEMP\JCGI.EXE

O4 - HKLM\..\Run: [fsssoyohgfdii] C:\WINDOWS\SYSTEM\ibcrtf.exe

O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe

O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe

O4 - HKLM\..\Run: [bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe

O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\SYSTEM\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE

O4 - HKLM\..\Run: [WhenUSearch] C:\Program Files\WhenUSearch\Search.exe

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\UPTODATE.EXE

O4 - HKLM\..\Run: [3BTW6X7282RZRD] C:\WINDOWS\SYSTEM\Pdo77j0.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe

O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKLM\..\Run: [r86k36R] DPL32.EXE

O4 - HKLM\..\Run: [msbb] c:\windows\temp\msbb.exe

O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H

O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

O4 - HKCU\..\Run: [azpqRWd7j] DSW16.EXE

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\WINDOWS\TEMP\djtopr1150.exe"

O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

 

O9 - Extra button: Sidesearch (HKLM)

 

 

Now Close all open Windows and Browsers (have only HJT open) and click "Fix Checked".

 

_______

 

 

Reboot to Safe Mode (As the computer restarts, press and hold down the F8 key until the Windows 98 startup menu appears.

Choose Safe mode from the startup menu, and then press Enter. Windows starts in Safe mode.)

And Delete these:

 

Folders:

 

C:\TV MEDIA\

C:\PROGRAM FILES\SEP\

C:\PROGRAM FILES\SYSAI\

C:\PROGRAM FILES\BARGAIN BUDDY\

C:\PROGRAM FILES\LYCOS\SIDESEARCH\

C:\PROGRA~1\INCRED~1\

C:\Program Files\Viewpoint\

C:\Program Files\ClearSearch\

C:\Program Files\Bargain Buddy\

C:\Program Files\Save\

C:\Program Files\WhenUSearch\

C:\Program Files\Web_Rebates\

C:\Program Files\DownloadWare\

C:\Program Files\AutoUpdate\

C:\PROGRAM FILES\COMMON FILES\DPI\

C:\Program Files\Common files\updmgr\

C:\PROGRA~1\CLOCKS~1\

C:\PROGRA~1\ezula\

 

And these Files:

 

C:\WINDOWS\TWAINTEC.DLL

C:\WINDOWS\2_0_1browserhelper2.dllC:\WINDOWS\NEM218.DLL

C:\WINDOWS\BXXS5.DLL

C:\WINDOWS\ALCHEM.exe

C:\WINDOWS\UPTODATE.EXE

C:\WINDOWS\mwsvm.exe

C:\WINDOWS\BXXS5.DLL,DllRun

C:\WINDOWS\SYSTEM\SearchBar.htm

C:\WINDOWS\SYSTEM\BRIDGE.DLL

C:\WINDOWS\SYSTEM\STLBDIST.DLL

C:\WINDOWS\SYSTEM\OLES2CONV.DLL

C:\WINDOWS\SYSTEM\STLBDIST.DLL

C:\WINDOWS\SYSTEM\A.EXE

C:\WINDOWS\SYSTEM\ibcrtf.exe

C:\WINDOWS\SYSTEM\stcloader.exe

C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain

C:\WINDOWS\SYSTEM\IEHost.exe

C:\WINDOWS\SYSTEM\DP-HIM.EXE

C:\WINDOWS\SYSTEM\Pdo77j0.exe

 

 

You may have to show Hidden Files:

 

Open My Computer.

Select the View menu and click Folder Options.

Select the View Tab.

In the Hidden files section select Show all files.

Click OK.

 

Then follow this link to clean your temp folder http://www.mvps.org/winhelp2002/delcache.htm

 

After that, Reboot normally, and please post a new HJT log, and let us know if you still have any concerns.

Share this post


Link to post
Share on other sites

THANK YOU SO MUCH!

Everything appears to be back to normal...no more strange processes slowing me down or annoying pop-ups bugging me...thank you!

my hijack log (hope it looks good!):

 

Logfile of HijackThis v1.97.7

Scan saved at 10:07:14 PM, on 6/23/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\PROGRAM FILES\AIM95\AIM.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\WINRAR\WINRAR.EXE

C:\WINDOWS\TEMP\RAR$EX00.830\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe

O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon

O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

Share this post


Link to post
Share on other sites

Your welcome ajbbear,

 

You did a fine job! :thumbsup:

 

Here is some free protection you should consider:

Download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies.

 

IESPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

 

Check for updates occaisionally.

 

 

And also see

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0