Cannot check Email.

G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

How come, let's say I try to see my MSN Hotmail box. So I try to see what's
in the mail but then right away it goes to another site.
It goes to the site that my homepage is set to: about:blank but everytime I
open Internet Explorer it goes to another site, not about:blank.
This is where my MSN Hotmail box is going.
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"ReNeX" <ReNeX@discussions.microsoft.com> wrote:

>How come, let's say I try to see my MSN Hotmail box. So I try to see what's
>in the mail but then right away it goes to another site.
>It goes to the site that my homepage is set to: about:blank but everytime I
>open Internet Explorer it goes to another site, not about:blank.
>This is where my MSN Hotmail box is going.


It's malware. Look here:
http://www.securiteam.com/securityreviews/5RP0L0UD5U.html or Google
"about:blank".

--
Tim Slattery
MS MVP(DTS)
Slattery_T@bls.gov
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Yes. So I downloaded a malware remover called HiJackThis and I scanned and it
tells me to ask an expert on what to delete so.. can you please tell me what
to
delete? It scanned this:

Logfile of HijackThis v1.99.1
Scan saved at 9:13:31 PM, on 11/03/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\ptsnoop.exe
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.primus.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Primus Canada
R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
(no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN
APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
C:\WINDOWS\SYSTEM\HOPK.DLL
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button
Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button
Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee
VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
"C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
Money\System\reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE"
/background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate -
{06FE5D05-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
{06FE5D02-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
{06FE5D03-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009 (file missing)
O9 - Extra button: AOL Instant Messenger (TM) -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
C:\WINDOWS\SYSTEM\HOPK.DLL
O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
C:\WINDOWS\SYSTEM\HOPK.DLL

PS: If you do reply and tell me what to delete.. where do you go to delete
and how?
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

**Post your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

In memory of our dear friend, MVP Alex Nichol (1935-2005)
http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx

ReNeX wrote:
> Yes. So I downloaded a malware remover called HiJackThis and I scanned
> and it
> tells me to ask an expert on what to delete so.. can you please tell me
> what
> to
> delete? It scanned this
<snip>
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Copy the log files and paste them into a new post at ONE of these forums:
http://forum.aumha.org/viewforum.php?f=30
http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html

In your post, please state your problem clearly and what you've done so far to fix
it.

The folks there will tell you what to remove.

See the "housekeeping" you should complete before you post your log:
http://aumha.org/forum/viewtopic.php?t=4075
--
Glen Ventura, MS MVP Shell/User, A+
~ In memory of our friend, MVP Alex Nichol ~
http://aumha.org/alex.htm
http://dts-l.org/goodpost.htm


"ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
> Yes. So I downloaded a malware remover called HiJackThis and I scanned and it
> tells me to ask an expert on what to delete so.. can you please tell me what
> to
> delete? It scanned this:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 9:13:31 PM, on 11/03/05
> Platform: Windows 98 SE (Win9x 4.10.2222A)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\SYSTEM\KERNEL32.DLL
> C:\WINDOWS\SYSTEM\MSGSRV32.EXE
> C:\WINDOWS\SYSTEM\MPREXE.EXE
> C:\WINDOWS\SYSTEM\MSTASK.EXE
> C:\COMPAQ\INTERNET\ISDBDC.EXE
> C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
> C:\WINDOWS\SYSTEM\mmtask.tsk
> C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
> C:\WINDOWS\EXPLORER.EXE
> C:\WINDOWS\TASKMON.EXE
> C:\WINDOWS\SYSTEM\SYSTRAY.EXE
> C:\COMPAQ\CPQINET\CPQINET.EXE
> C:\WINDOWS\ptsnoop.exe
> C:\CPQS\BWTOOLS\SCCENTER.EXE
> C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
> C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
> C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
> C:\PROGRAM FILES\AIM95\AIM.EXE
> C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
> C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
> C:\WINDOWS\SYSTEM\WMIEXE.EXE
> C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
> C:\WINDOWS\RUNDLL32.EXE
> C:\WINDOWS\SYSTEM\DDHELP.EXE
> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
> C:\PROGRAM FILES\WINAMP\WINAMP.EXE
> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
> C:\WINDOWS\NOTEPAD.EXE
> C:\WINDOWS\SYSTEM\PSTORES.EXE
> C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
> C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
>
http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://c:\windows\TEMP\se.dll/sp.html
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://c:\windows\TEMP\se.dll/sp.html
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> about:blank
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
> R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
> http://www.primus.ca/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
> Internet Explorer provided by Primus Canada
> R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
> (no file)
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
> C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
> O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
> C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
> O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
> C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
> O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN
> APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
> O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
> C:\WINDOWS\SYSTEM\HOPK.DLL
> O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
> C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
> O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
> C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
> O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
> FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\SYSTEM\MSDXM.OCX
> O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
> O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
> O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
> powrprof.dll,LoadCurrentPwrScheme
> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
> O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button
> Support\cpqeadm.exe
> O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button
> Support\eaclean.exe
> O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
> O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
> O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee
> VirusScan\VSEcomR.EXE
> O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
> VirusScan\VSSTAT.EXE /SHOWWARNING
> O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
> O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
> O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
> O4 - HKLM\..\Run: [LoadQM] loadqm.exe
> O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
> O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
> VIRUSSCAN\VSHWIN32.EXE
> O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
> O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
> O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
> O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
> O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
> Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
> O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE
> O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
> O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
> O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
> O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
> O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
> powrprof.dll,LoadCurrentPwrScheme
> O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
> O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
> O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
> ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
> O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
> O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
> "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
> O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
> Money\System\reminder.exe
> O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE"
> /background
> O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
> O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
> Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
> O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
> O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
> Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
> O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
> O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
> FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
> O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
> FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
> O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
> FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
> O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
> FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
> O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
> FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
> O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
> C:\WINDOWS\web\related.htm
> O9 - Extra 'Tools' menuitem: Show &Related Links -
> {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
> O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
>
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
(file missing)
> O9 - Extra 'Tools' menuitem: AV &Translate -
> {06FE5D05-8F11-11d2-804F-00105A133818} -
>
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
(file missing)
> O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
>
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
(file missing)
> O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
> {06FE5D02-8F11-11d2-804F-00105A133818} -
>
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
(file missing)
> O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
>
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009 (file missing)
> O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
> {06FE5D03-8F11-11d2-804F-00105A133818} -
>
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
(file missing)
> O9 - Extra button: AOL Instant Messenger (TM) -
> {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\WINDOWS\SYSTEM\MSJAVA.DLL
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
> O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
> Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
> O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
> - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
> - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
> http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
> O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
> http://www.musicnotes.com/download/mnview95.cab
> O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
> http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
> http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
> O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
> http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
> O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
> Class) -
> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
> O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
> Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
> O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
> http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
> O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
> http://www.nick.com/common/groove/gx/GrooveAX27.cab
> O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
> O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
> http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
> O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
> http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
> O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -
>
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
> O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
> C:\WINDOWS\SYSTEM\HOPK.DLL
> O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
> C:\WINDOWS\SYSTEM\HOPK.DLL
>
> PS: If you do reply and tell me what to delete.. where do you go to delete
> and how?
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Ok I went to one of your following sites, and I registered and I have to
click an activation link
in my email inbox but I can't get in it because of the Malware.
I'm asking if one of you can post my log in there.

"glee" wrote:

> Copy the log files and paste them into a new post at ONE of these forums:
> http://forum.aumha.org/viewforum.php?f=30
> http://forums.spywareinfo.com/,
> http://castlecops.com/forum67.html
>
> In your post, please state your problem clearly and what you've done so far to fix
> it.
>
> The folks there will tell you what to remove.
>
> See the "housekeeping" you should complete before you post your log:
> http://aumha.org/forum/viewtopic.php?t=4075
> --
> Glen Ventura, MS MVP Shell/User, A+
> ~ In memory of our friend, MVP Alex Nichol ~
> http://aumha.org/alex.htm
> http://dts-l.org/goodpost.htm
>
>
> "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
> news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
> > Yes. So I downloaded a malware remover called HiJackThis and I scanned and it
> > tells me to ask an expert on what to delete so.. can you please tell me what
> > to
> > delete? It scanned this:
> >
> > Logfile of HijackThis v1.99.1
> > Scan saved at 9:13:31 PM, on 11/03/05
> > Platform: Windows 98 SE (Win9x 4.10.2222A)
> > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
> >
> > Running processes:
> > C:\WINDOWS\SYSTEM\KERNEL32.DLL
> > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
> > C:\WINDOWS\SYSTEM\MPREXE.EXE
> > C:\WINDOWS\SYSTEM\MSTASK.EXE
> > C:\COMPAQ\INTERNET\ISDBDC.EXE
> > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
> > C:\WINDOWS\SYSTEM\mmtask.tsk
> > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
> > C:\WINDOWS\EXPLORER.EXE
> > C:\WINDOWS\TASKMON.EXE
> > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
> > C:\COMPAQ\CPQINET\CPQINET.EXE
> > C:\WINDOWS\ptsnoop.exe
> > C:\CPQS\BWTOOLS\SCCENTER.EXE
> > C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
> > C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
> > C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
> > C:\PROGRAM FILES\AIM95\AIM.EXE
> > C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
> > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
> > C:\WINDOWS\SYSTEM\WMIEXE.EXE
> > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
> > C:\WINDOWS\RUNDLL32.EXE
> > C:\WINDOWS\SYSTEM\DDHELP.EXE
> > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
> > C:\PROGRAM FILES\WINAMP\WINAMP.EXE
> > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
> > C:\WINDOWS\NOTEPAD.EXE
> > C:\WINDOWS\SYSTEM\PSTORES.EXE
> > C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
> > C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
> >
> > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> >
> http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
> > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> > res://c:\windows\TEMP\se.dll/sp.html
> > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> > res://c:\windows\TEMP\se.dll/sp.html
> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> > about:blank
> > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> > about:blank
> > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
> > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
> > http://www.primus.ca/
> > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
> > Internet Explorer provided by Primus Canada
> > R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
> > (no file)
> > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> > C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
> > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> > c:\program files\google\googletoolbar1.dll
> > O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
> > C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
> > O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
> > C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
> > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
> > C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
> > O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN
> > APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
> > O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
> > C:\WINDOWS\SYSTEM\HOPK.DLL
> > O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
> > C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
> > O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
> > C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
> > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> > files\google\googletoolbar1.dll
> > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
> > FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
> > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> > C:\WINDOWS\SYSTEM\MSDXM.OCX
> > O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
> > O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
> > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
> > powrprof.dll,LoadCurrentPwrScheme
> > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
> > O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button
> > Support\cpqeadm.exe
> > O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button
> > Support\eaclean.exe
> > O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
> > O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
> > O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee
> > VirusScan\VSEcomR.EXE
> > O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
> > VirusScan\VSSTAT.EXE /SHOWWARNING
> > O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
> > O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
> > O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
> > O4 - HKLM\..\Run: [LoadQM] loadqm.exe
> > O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
> > O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
> > VIRUSSCAN\VSHWIN32.EXE
> > O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
> > O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
> > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> > Files\Real\Update_OB\realsched.exe" -osboot
> > O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
> > O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
> > O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
> > O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
> > Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
> > O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE
> > O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
> > O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
> > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
> > O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
> > O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
> > powrprof.dll,LoadCurrentPwrScheme
> > O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
> > O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
> > O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
> > ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
> > O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
> > O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
> > "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
> > O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
> > Money\System\reminder.exe
> > O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE"
> > /background
> > O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
> > O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
> > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
> > O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
> > O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
> > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
> > O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
> > O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
> > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
> > O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
> > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
> > O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
> > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
> > O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
> > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
> > O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
> > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
> > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
> > C:\WINDOWS\web\related.htm
> > O9 - Extra 'Tools' menuitem: Show &Related Links -
> > {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
> > O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
> >
> http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
> (file missing)
> > O9 - Extra 'Tools' menuitem: AV &Translate -
> > {06FE5D05-8F11-11d2-804F-00105A133818} -
> >
> http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
> (file missing)
> > O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
> >
> http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
> (file missing)
> > O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
> > {06FE5D02-8F11-11d2-804F-00105A133818} -
> >
> http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
> (file missing)
> > O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
> >
> http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009 (file missing)
> > O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
> > {06FE5D03-8F11-11d2-804F-00105A133818} -
> >
> http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
> (file missing)
> > O9 - Extra button: AOL Instant Messenger (TM) -
> > {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
> > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> > C:\WINDOWS\SYSTEM\MSJAVA.DLL
> > O9 - Extra 'Tools' menuitem: Sun Java Console -
> > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
> > O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
> > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
> > Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
> > O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
> > - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
> > O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
> > - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
> > O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
> > http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
> > O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
> > http://www.musicnotes.com/download/mnview95.cab
> > O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
> > http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
> > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
> > http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
> > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
> > http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
> > O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
> > Class) -
> > http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
> > O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
> > Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
> > O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
> > http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
> > O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
> > http://www.nick.com/common/groove/gx/GrooveAX27.cab
> > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
> > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
> > O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
> > http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
> > O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
> > http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
> > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
> > O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -
> >
> http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
> > O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
> > C:\WINDOWS\SYSTEM\HOPK.DLL
> > O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
> > C:\WINDOWS\SYSTEM\HOPK.DLL
> >
> > PS: If you do reply and tell me what to delete.. where do you go to delete
> > and how?
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

This is not the appropriate place for logs. Try:
http://boards.cexx.org/index.php
http://forums.tomcoyote.com/
http://forum.gladiator-antivirus.com/
http://forums.net-integration.net/
http://forums.subratam.org/
http://www.zerosrealm.com/forums/
http://forums.maddoktor2.com/
--
Jeff Richards
MS MVP (Windows - Shell/User)
"ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
> Yes. So I downloaded a malware remover called HiJackThis and I scanned and
> it
> tells me to ask an expert on what to delete so.. can you please tell me
> what
> to
> delete? It scanned this:
>
 

Dan

Distinguished
Dec 31, 2007
2,208
0
19,780
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Have you tried fully cleaning with Adaware SE and Spybot Search and Destroy
in Safe Mode? Have you looked for programs that installed without your
knowledge in Add/Remove Programs in the Control Panel when starting in Safe
Mode? I would do this at a bare minimum before trying to go to the extreme
of posting a HiJack This Log to a forum. Also, scan with antivirus program
in safe mode as well and make sure that you scan all files and not just
program files to get to the root of the problem. Then you may not even need
to post your HIJACK This log. Let me know if these don't work so I can give
you other suggestions.

"ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
news:9FCBAE77-8AFB-41D7-BDF2-7FFD4822C9BC@microsoft.com...
: Ok I went to one of your following sites, and I registered and I have to
: click an activation link
: in my email inbox but I can't get in it because of the Malware.
: I'm asking if one of you can post my log in there.
:
: "glee" wrote:
:
: > Copy the log files and paste them into a new post at ONE of these forums:
: > http://forum.aumha.org/viewforum.php?f=30
: > http://forums.spywareinfo.com/,
: > http://castlecops.com/forum67.html
: >
: > In your post, please state your problem clearly and what you've done so
far to fix
: > it.
: >
: > The folks there will tell you what to remove.
: >
: > See the "housekeeping" you should complete before you post your log:
: > http://aumha.org/forum/viewtopic.php?t=4075
: > --
: > Glen Ventura, MS MVP Shell/User, A+
: > ~ In memory of our friend, MVP Alex Nichol ~
: > http://aumha.org/alex.htm
: > http://dts-l.org/goodpost.htm
: >
: >
: > "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
: > news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
: > > Yes. So I downloaded a malware remover called HiJackThis and I scanned
and it
: > > tells me to ask an expert on what to delete so.. can you please tell me
what
: > > to
: > > delete? It scanned this:
: > >
: > > Logfile of HijackThis v1.99.1
: > > Scan saved at 9:13:31 PM, on 11/03/05
: > > Platform: Windows 98 SE (Win9x 4.10.2222A)
: > > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
: > >
: > > Running processes:
: > > C:\WINDOWS\SYSTEM\KERNEL32.DLL
: > > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
: > > C:\WINDOWS\SYSTEM\MPREXE.EXE
: > > C:\WINDOWS\SYSTEM\MSTASK.EXE
: > > C:\COMPAQ\INTERNET\ISDBDC.EXE
: > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
: > > C:\WINDOWS\SYSTEM\mmtask.tsk
: > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
: > > C:\WINDOWS\EXPLORER.EXE
: > > C:\WINDOWS\TASKMON.EXE
: > > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
: > > C:\COMPAQ\CPQINET\CPQINET.EXE
: > > C:\WINDOWS\ptsnoop.exe
: > > C:\CPQS\BWTOOLS\SCCENTER.EXE
: > > C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
: > > C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
: > > C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
: > > C:\PROGRAM FILES\AIM95\AIM.EXE
: > > C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS
SHARED\WKCALREM.EXE
: > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
: > > C:\WINDOWS\SYSTEM\WMIEXE.EXE
: > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
: > > C:\WINDOWS\RUNDLL32.EXE
: > > C:\WINDOWS\SYSTEM\DDHELP.EXE
: > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
: > > C:\PROGRAM FILES\WINAMP\WINAMP.EXE
: > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
: > > C:\WINDOWS\NOTEPAD.EXE
: > > C:\WINDOWS\SYSTEM\PSTORES.EXE
: > > C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
: > > C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
: > >
: > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
: > >
: >
http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
: > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
: > > res://c:\windows\TEMP\se.dll/sp.html
: > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
: > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
: > > res://c:\windows\TEMP\se.dll/sp.html
: > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
: > > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
: > > about:blank
: > > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
: > > about:blank
: > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
: > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
: > > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
: > > http://www.primus.ca/
: > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft
: > > Internet Explorer provided by Primus Canada
: > > R3 - URLSearchHook: (no name) -
_{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
: > > (no file)
: > > O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
: > > C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
: > > O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
: > > c:\program files\google\googletoolbar1.dll
: > > O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
: > > C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
: > > O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
: > > C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
: > > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
: > > C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
: > > O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM
FILES\MSN
: > > APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
: > > O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
: > > C:\WINDOWS\SYSTEM\HOPK.DLL
: > > O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
: > > C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
: > > O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
: > > C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
: > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program
: > > files\google\googletoolbar1.dll
: > > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
: > > FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
: > > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
: > > C:\WINDOWS\SYSTEM\MSDXM.OCX
: > > O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
: > > O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
: > > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
: > > powrprof.dll,LoadCurrentPwrScheme
: > > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
: > > O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access
Button
: > > Support\cpqeadm.exe
: > > O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button
: > > Support\eaclean.exe
: > > O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
: > > O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
: > > O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network
Associates\McAfee
: > > VirusScan\VSEcomR.EXE
: > > O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network
Associates\McAfee
: > > VirusScan\VSSTAT.EXE /SHOWWARNING
: > > O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
: > > O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
: > > O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
: > > O4 - HKLM\..\Run: [LoadQM] loadqm.exe
: > > O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
: > > O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
ASSOCIATES\MCAFEE
: > > VIRUSSCAN\VSHWIN32.EXE
: > > O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
: > > O4 - HKLM\..\Run: [QuickTime Task]
"C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
: > > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
: > > Files\Real\Update_OB\realsched.exe" -osboot
: > > O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
: > > O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
: > > O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
: > > O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
: > > Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
: > > O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE
: > > O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
: > > O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
: > > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
: > > O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
: > > O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
: > > powrprof.dll,LoadCurrentPwrScheme
: > > O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
: > > O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
: > > O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
: > > ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
: > > O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
: > > O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
: > > "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
: > > O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
: > > Money\System\reminder.exe
: > > O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN
MESSENGER\MSNMSGR.EXE"
: > > /background
: > > O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
: > > O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
: > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
: > > O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
: > > O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
: > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
: > > O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
: > > O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
: > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
: > > O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\PROGRAM
: > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
: > > O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
: > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
: > > O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
: > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
: > > O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
: > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
: > > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
: > > C:\WINDOWS\web\related.htm
: > > O9 - Extra 'Tools' menuitem: Show &Related Links -
: > > {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
: > > O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
: > >
: >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
: > (file missing)
: > > O9 - Extra 'Tools' menuitem: AV &Translate -
: > > {06FE5D05-8F11-11d2-804F-00105A133818} -
: > >
: >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
: > (file missing)
: > > O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
: > >
: >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
: > (file missing)
: > > O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
: > > {06FE5D02-8F11-11d2-804F-00105A133818} -
: > >
: >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
: > (file missing)
: > > O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
: > >
: >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
(file missing)
: > > O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
: > > {06FE5D03-8F11-11d2-804F-00105A133818} -
: > >
: >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
: > (file missing)
: > > O9 - Extra button: AOL Instant Messenger (TM) -
: > > {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
: > > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
: > > C:\WINDOWS\SYSTEM\MSJAVA.DLL
: > > O9 - Extra 'Tools' menuitem: Sun Java Console -
: > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
: > > O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
: > > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
: > > Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
: > > O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class)
: > > - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
: > > O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class)
: > > - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
: > > O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
: > > http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
: > > O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
: > > http://www.musicnotes.com/download/mnview95.cab
: > > O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin
Class) -
: > > http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
: > > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
: > > http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
: > > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
: > > http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
: > > O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
: > > Class) -
: > >
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
: > > O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
: > > Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
: > > O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
: > > http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
: > > O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
: > > http://www.nick.com/common/groove/gx/GrooveAX27.cab
: > > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
: > > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
: > > O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
: > > http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
: > > O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
: > > http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
: > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage
: > > Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
: > > O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl
Class) -
: > >
: >
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
: > > O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
: > > C:\WINDOWS\SYSTEM\HOPK.DLL
: > > O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
: > > C:\WINDOWS\SYSTEM\HOPK.DLL
: > >
: > > PS: If you do reply and tell me what to delete.. where do you go to
delete
: > > and how?
: > >
: >
: >
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

You don't have an email account through your Internet provider that uses an email
client app instead of your web browser? You don't have access to another computer
(a friend's, the library's) to get at your email to activate? Someone else posting
your log won't do you much good, as you still won't be able to interact in the forum
to get the continuing instructions you will need.

Update your anti-virus app and then run a full-system virus scan.

Use CWShredder, the CoolWeb removal tool, available here:
http://www.majorgeeks.com/download3019.html
http://aumha.org/downloads/cwshredder.zip
Close all browser windows and open apps, start CWShredder and click the Fix button.

Try the instructions here for removing CWS aboutblank:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082839

See also:
http://cwshredder.net/cwshredder/cwschronicles.html
http://cwshredder.net/cwshredder/cwschronicles.html#aboutblank

You might also want to try the trial version of Webroot SpySweeper to remove it:
http://research.spysweeper.com/threat_library/threat_details.php?threat=cws_aboutblank

Install Ad-Aware SE free Personal Edition, start it, click its 'Check for Updates'
link in the app to install updates, then use it to scan your system, and remove what
it finds. I suggest you restart in Safe Mode and run Ad-Aware from there, then
restart into Safe Mode again and run it again.
Ad-Aware:
http://www.lavasoftusa.com/support/download/
http://www.majorgeeks.com/download506.html
--
Glen Ventura, MS MVP Shell/User, A+
~ In memory of our friend, MVP Alex Nichol ~
http://aumha.org/alex.htm
http://dts-l.org/goodpost.htm


"ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
news:9FCBAE77-8AFB-41D7-BDF2-7FFD4822C9BC@microsoft.com...
> Ok I went to one of your following sites, and I registered and I have to
> click an activation link
> in my email inbox but I can't get in it because of the Malware.
> I'm asking if one of you can post my log in there.
>
> "glee" wrote:
>
> > Copy the log files and paste them into a new post at ONE of these forums:
> > http://forum.aumha.org/viewforum.php?f=30
> > http://forums.spywareinfo.com/,
> > http://castlecops.com/forum67.html
> >
> > In your post, please state your problem clearly and what you've done so far to
fix
> > it.
> >
> > The folks there will tell you what to remove.
> >
> > See the "housekeeping" you should complete before you post your log:
> > http://aumha.org/forum/viewtopic.php?t=4075
> > --
> > Glen Ventura, MS MVP Shell/User, A+
> > ~ In memory of our friend, MVP Alex Nichol ~
> > http://aumha.org/alex.htm
> > http://dts-l.org/goodpost.htm
> >
> >
> > "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
> > news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
> > > Yes. So I downloaded a malware remover called HiJackThis and I scanned and it
> > > tells me to ask an expert on what to delete so.. can you please tell me what
> > > to
> > > delete? It scanned this:
> > >
> > > Logfile of HijackThis v1.99.1
> > > Scan saved at 9:13:31 PM, on 11/03/05
> > > Platform: Windows 98 SE (Win9x 4.10.2222A)
> > > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
> > >
> > > Running processes:
> > > C:\WINDOWS\SYSTEM\KERNEL32.DLL
> > > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
> > > C:\WINDOWS\SYSTEM\MPREXE.EXE
> > > C:\WINDOWS\SYSTEM\MSTASK.EXE
> > > C:\COMPAQ\INTERNET\ISDBDC.EXE
> > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
> > > C:\WINDOWS\SYSTEM\mmtask.tsk
> > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
> > > C:\WINDOWS\EXPLORER.EXE
> > > C:\WINDOWS\TASKMON.EXE
> > > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
> > > C:\COMPAQ\CPQINET\CPQINET.EXE
> > > C:\WINDOWS\ptsnoop.exe
> > > C:\CPQS\BWTOOLS\SCCENTER.EXE
> > > C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
> > > C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
> > > C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
> > > C:\PROGRAM FILES\AIM95\AIM.EXE
> > > C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
> > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
> > > C:\WINDOWS\SYSTEM\WMIEXE.EXE
> > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
> > > C:\WINDOWS\RUNDLL32.EXE
> > > C:\WINDOWS\SYSTEM\DDHELP.EXE
> > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
> > > C:\PROGRAM FILES\WINAMP\WINAMP.EXE
> > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
> > > C:\WINDOWS\NOTEPAD.EXE
> > > C:\WINDOWS\SYSTEM\PSTORES.EXE
> > > C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
> > > C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
> > >
> > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> > >
> >
http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
> > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> > > res://c:\windows\TEMP\se.dll/sp.html
> > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> > > res://c:\windows\TEMP\se.dll/sp.html
> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> > > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> > > about:blank
> > > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> > > about:blank
> > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
> > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
> > > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
> > > http://www.primus.ca/
> > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
> > > Internet Explorer provided by Primus Canada
> > > R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
> > > (no file)
> > > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> > > C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
> > > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> > > c:\program files\google\googletoolbar1.dll
> > > O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
> > > C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
> > > O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
> > > C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
> > > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
> > > C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
> > > O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN
> > > APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
> > > O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
> > > C:\WINDOWS\SYSTEM\HOPK.DLL
> > > O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
> > > C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
> > > O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
> > > C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
> > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> > > files\google\googletoolbar1.dll
> > > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
> > > FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
> > > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> > > C:\WINDOWS\SYSTEM\MSDXM.OCX
> > > O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
> > > O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
> > > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
> > > powrprof.dll,LoadCurrentPwrScheme
> > > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
> > > O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button
> > > Support\cpqeadm.exe
> > > O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button
> > > Support\eaclean.exe
> > > O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
> > > O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
> > > O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee
> > > VirusScan\VSEcomR.EXE
> > > O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
> > > VirusScan\VSSTAT.EXE /SHOWWARNING
> > > O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
> > > O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
> > > O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
> > > O4 - HKLM\..\Run: [LoadQM] loadqm.exe
> > > O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
> > > O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
> > > VIRUSSCAN\VSHWIN32.EXE
> > > O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
> > > O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
> > > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> > > Files\Real\Update_OB\realsched.exe" -osboot
> > > O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
> > > O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
> > > O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
> > > O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
> > > Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
> > > O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE
> > > O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
> > > O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
> > > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
> > > O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
> > > O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
> > > powrprof.dll,LoadCurrentPwrScheme
> > > O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
> > > O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
> > > O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
> > > ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
> > > O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
> > > O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
> > > "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
> > > O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
> > > Money\System\reminder.exe
> > > O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE"
> > > /background
> > > O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
> > > O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
> > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
> > > O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
> > > O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
> > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
> > > O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
> > > O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
> > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
> > > O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
> > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
> > > O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
> > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
> > > O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
> > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
> > > O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
> > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
> > > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
> > > C:\WINDOWS\web\related.htm
> > > O9 - Extra 'Tools' menuitem: Show &Related Links -
> > > {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
> > > O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
> > >
> >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
> > (file missing)
> > > O9 - Extra 'Tools' menuitem: AV &Translate -
> > > {06FE5D05-8F11-11d2-804F-00105A133818} -
> > >
> >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
> > (file missing)
> > > O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
> > >
> >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
> > (file missing)
> > > O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
> > > {06FE5D02-8F11-11d2-804F-00105A133818} -
> > >
> >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
> > (file missing)
> > > O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
> > >
> >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
(file missing)
> > > O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
> > > {06FE5D03-8F11-11d2-804F-00105A133818} -
> > >
> >
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
> > (file missing)
> > > O9 - Extra button: AOL Instant Messenger (TM) -
> > > {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
> > > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> > > C:\WINDOWS\SYSTEM\MSJAVA.DLL
> > > O9 - Extra 'Tools' menuitem: Sun Java Console -
> > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
> > > O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
> > > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
> > > Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
> > > O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
> > > - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
> > > O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
> > > - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
> > > O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
> > > http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
> > > O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
> > > http://www.musicnotes.com/download/mnview95.cab
> > > O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
> > > http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
> > > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
> > > http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
> > > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
> > > http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
> > > O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
> > > Class) -
> > > http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
> > > O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
> > > Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
> > > O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
> > > http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
> > > O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
> > > http://www.nick.com/common/groove/gx/GrooveAX27.cab
> > > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
> > > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
> > > O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
> > > http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
> > > O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
> > > http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
> > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> > > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
> > > O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -
> > >
> >
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
> > > O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
> > > C:\WINDOWS\SYSTEM\HOPK.DLL
> > > O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
> > > C:\WINDOWS\SYSTEM\HOPK.DLL
> > >
> > > PS: If you do reply and tell me what to delete.. where do you go to delete
> > > and how?
> > >
> >
> >
 

Dan

Distinguished
Dec 31, 2007
2,208
0
19,780
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Glen, I am going to give CWShredder another try. Thanks for your advice.
Have a nice day. :>

"glee" <glee29@spamindspring.com> wrote in message
news:%23Z97Yr3JFHA.3420@tk2msftngp13.phx.gbl...
: You don't have an email account through your Internet provider that uses an
email
: client app instead of your web browser? You don't have access to another
computer
: (a friend's, the library's) to get at your email to activate? Someone else
posting
: your log won't do you much good, as you still won't be able to interact in
the forum
: to get the continuing instructions you will need.
:
: Update your anti-virus app and then run a full-system virus scan.
:
: Use CWShredder, the CoolWeb removal tool, available here:
: http://www.majorgeeks.com/download3019.html
: http://aumha.org/downloads/cwshredder.zip
: Close all browser windows and open apps, start CWShredder and click the Fix
button.
:
: Try the instructions here for removing CWS aboutblank:
: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082839
:
: See also:
: http://cwshredder.net/cwshredder/cwschronicles.html
: http://cwshredder.net/cwshredder/cwschronicles.html#aboutblank
:
: You might also want to try the trial version of Webroot SpySweeper to
remove it:
:
http://research.spysweeper.com/threat_library/threat_details.php?threat=cws_aboutblank
:
: Install Ad-Aware SE free Personal Edition, start it, click its 'Check for
Updates'
: link in the app to install updates, then use it to scan your system, and
remove what
: it finds. I suggest you restart in Safe Mode and run Ad-Aware from there,
then
: restart into Safe Mode again and run it again.
: Ad-Aware:
: http://www.lavasoftusa.com/support/download/
: http://www.majorgeeks.com/download506.html
: --
: Glen Ventura, MS MVP Shell/User, A+
: ~ In memory of our friend, MVP Alex Nichol ~
: http://aumha.org/alex.htm
: http://dts-l.org/goodpost.htm
:
:
: "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
: news:9FCBAE77-8AFB-41D7-BDF2-7FFD4822C9BC@microsoft.com...
: > Ok I went to one of your following sites, and I registered and I have to
: > click an activation link
: > in my email inbox but I can't get in it because of the Malware.
: > I'm asking if one of you can post my log in there.
: >
: > "glee" wrote:
: >
: > > Copy the log files and paste them into a new post at ONE of these
forums:
: > > http://forum.aumha.org/viewforum.php?f=30
: > > http://forums.spywareinfo.com/,
: > > http://castlecops.com/forum67.html
: > >
: > > In your post, please state your problem clearly and what you've done so
far to
: fix
: > > it.
: > >
: > > The folks there will tell you what to remove.
: > >
: > > See the "housekeeping" you should complete before you post your log:
: > > http://aumha.org/forum/viewtopic.php?t=4075
: > > --
: > > Glen Ventura, MS MVP Shell/User, A+
: > > ~ In memory of our friend, MVP Alex Nichol ~
: > > http://aumha.org/alex.htm
: > > http://dts-l.org/goodpost.htm
: > >
: > >
: > > "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
: > > news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
: > > > Yes. So I downloaded a malware remover called HiJackThis and I
scanned and it
: > > > tells me to ask an expert on what to delete so.. can you please tell
me what
: > > > to
: > > > delete? It scanned this:
: > > >
: > > > Logfile of HijackThis v1.99.1
: > > > Scan saved at 9:13:31 PM, on 11/03/05
: > > > Platform: Windows 98 SE (Win9x 4.10.2222A)
: > > > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
: > > >
: > > > Running processes:
: > > > C:\WINDOWS\SYSTEM\KERNEL32.DLL
: > > > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
: > > > C:\WINDOWS\SYSTEM\MPREXE.EXE
: > > > C:\WINDOWS\SYSTEM\MSTASK.EXE
: > > > C:\COMPAQ\INTERNET\ISDBDC.EXE
: > > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
: > > > C:\WINDOWS\SYSTEM\mmtask.tsk
: > > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
: > > > C:\WINDOWS\EXPLORER.EXE
: > > > C:\WINDOWS\TASKMON.EXE
: > > > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
: > > > C:\COMPAQ\CPQINET\CPQINET.EXE
: > > > C:\WINDOWS\ptsnoop.exe
: > > > C:\CPQS\BWTOOLS\SCCENTER.EXE
: > > > C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
: > > > C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
: > > > C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
: > > > C:\PROGRAM FILES\AIM95\AIM.EXE
: > > > C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS
SHARED\WKCALREM.EXE
: > > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
: > > > C:\WINDOWS\SYSTEM\WMIEXE.EXE
: > > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
: > > > C:\WINDOWS\RUNDLL32.EXE
: > > > C:\WINDOWS\SYSTEM\DDHELP.EXE
: > > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
: > > > C:\PROGRAM FILES\WINAMP\WINAMP.EXE
: > > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
: > > > C:\WINDOWS\NOTEPAD.EXE
: > > > C:\WINDOWS\SYSTEM\PSTORES.EXE
: > > > C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
: > > > C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
: > > >
: > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
=
: > > >
: > >
:
http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
: > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
: > > > res://c:\windows\TEMP\se.dll/sp.html
: > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
: > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
: > > > res://c:\windows\TEMP\se.dll/sp.html
: > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
: > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
=
: > > > about:blank
: > > > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
=
: > > > about:blank
: > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
: > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
: > > > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
: > > > http://www.primus.ca/
: > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft
: > > > Internet Explorer provided by Primus Canada
: > > > R3 - URLSearchHook: (no name) -
_{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
: > > > (no file)
: > > > O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
: > > > C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
: > > > O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
: > > > c:\program files\google\googletoolbar1.dll
: > > > O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
: > > > C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
: > > > O2 - BHO: NavErrRedir Class -
{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
: > > > C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
: > > > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
: > > > C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
: > > > O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM
FILES\MSN
: > > > APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
: > > > O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
: > > > C:\WINDOWS\SYSTEM\HOPK.DLL
: > > > O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
: > > > C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
: > > > O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
: > > > C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
: > > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program
: > > > files\google\googletoolbar1.dll
: > > > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\PROGRAM
: > > > FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
: > > > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
: > > > C:\WINDOWS\SYSTEM\MSDXM.OCX
: > > > O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
: > > > O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
: > > > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
: > > > powrprof.dll,LoadCurrentPwrScheme
: > > > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
: > > > O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access
Button
: > > > Support\cpqeadm.exe
: > > > O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access
Button
: > > > Support\eaclean.exe
: > > > O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
: > > > O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
: > > > O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network
Associates\McAfee
: > > > VirusScan\VSEcomR.EXE
: > > > O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network
Associates\McAfee
: > > > VirusScan\VSSTAT.EXE /SHOWWARNING
: > > > O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
: > > > O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
: > > > O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
: > > > O4 - HKLM\..\Run: [LoadQM] loadqm.exe
: > > > O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
: > > > O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
ASSOCIATES\MCAFEE
: > > > VIRUSSCAN\VSHWIN32.EXE
: > > > O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
: > > > O4 - HKLM\..\Run: [QuickTime Task]
"C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
: > > > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
: > > > Files\Real\Update_OB\realsched.exe" -osboot
: > > > O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
: > > > O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
: > > > O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
: > > > O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
: > > > Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
: > > > O4 - HKLM\..\Run: [Visual Element Fx]
C:\WINDOWS\SYSTEM\X1002142005.EXE
: > > > O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
: > > > O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
: > > > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
: > > > O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
: > > > O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
: > > > powrprof.dll,LoadCurrentPwrScheme
: > > > O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
: > > > O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
: > > > O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
: > > > ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
: > > > O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
: > > > O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
: > > > "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
: > > > O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
: > > > Money\System\reminder.exe
: > > > O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN
MESSENGER\MSNMSGR.EXE"
: > > > /background
: > > > O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
: > > > O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
: > > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
: > > > O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
: > > > O4 - User Startup: Microsoft Works Calendar Reminders.lnk =
C:\Program
: > > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
: > > > O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
: > > > O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
: > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
: > > > O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\PROGRAM
: > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
: > > > O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
: > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
: > > > O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
: > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
: > > > O8 - Extra context menu item: Translate into English -
res://C:\PROGRAM
: > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
: > > > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
: > > > C:\WINDOWS\web\related.htm
: > > > O9 - Extra 'Tools' menuitem: Show &Related Links -
: > > > {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
: > > > O9 - Extra button: Translate -
{06FE5D05-8F11-11d2-804F-00105A133818} -
: > > >
: > >
:
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
: > > (file missing)
: > > > O9 - Extra 'Tools' menuitem: AV &Translate -
: > > > {06FE5D05-8F11-11d2-804F-00105A133818} -
: > > >
: > >
:
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
: > > (file missing)
: > > > O9 - Extra button: (no name) -
{06FE5D02-8F11-11d2-804F-00105A133818} -
: > > >
: > >
:
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
: > > (file missing)
: > > > O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
: > > > {06FE5D02-8F11-11d2-804F-00105A133818} -
: > > >
: > >
:
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
: > > (file missing)
: > > > O9 - Extra button: (no name) -
{06FE5D03-8F11-11d2-804F-00105A133818} -
: > > >
: > >
:
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
: (file missing)
: > > > O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
: > > > {06FE5D03-8F11-11d2-804F-00105A133818} -
: > > >
: > >
:
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
: > > (file missing)
: > > > O9 - Extra button: AOL Instant Messenger (TM) -
: > > > {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM
FILES\AIM95\AIM.EXE
: > > > O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
: > > > C:\WINDOWS\SYSTEM\MSJAVA.DLL
: > > > O9 - Extra 'Tools' menuitem: Sun Java Console -
: > > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
: > > > O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
: > > > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient
: > > > Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
: > > > O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class)
: > > > - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
: > > > O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class)
: > > > - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
: > > > O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
: > > > http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
: > > > O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes
Viewer) -
: > > > http://www.musicnotes.com/download/mnview95.cab
: > > > O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin
Class) -
: > > > http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
: > > > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
: > > > http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
: > > > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
: > > > http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
: > > > O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient
: > > > Class) -
: > > >
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
: > > > O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet
Download
: > > > Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
: > > > O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
: > > > http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
: > > > O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
: > > > http://www.nick.com/common/groove/gx/GrooveAX27.cab
: > > > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
: > > > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
: > > > O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
: > > > http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
: > > > O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
: > > > http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
: > > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage
: > > > Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
: > > > O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl
Class) -
: > > >
: > >
:
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
: > > > O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
: > > > C:\WINDOWS\SYSTEM\HOPK.DLL
: > > > O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
: > > > C:\WINDOWS\SYSTEM\HOPK.DLL
: > > >
: > > > PS: If you do reply and tell me what to delete.. where do you go to
delete
: > > > and how?
: > > >
: > >
: > >
:
 

Dan

Distinguished
Dec 31, 2007
2,208
0
19,780
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Which forum do you like best, Jeff? Thanks in advance! :eek:

"Jeff Richards" <JRichards@msn.com.au> wrote in message
news:O7b$tzqJFHA.2648@TK2MSFTNGP14.phx.gbl...
: This is not the appropriate place for logs. Try:
: http://boards.cexx.org/index.php
: http://forums.tomcoyote.com/
: http://forum.gladiator-antivirus.com/
: http://forums.net-integration.net/
: http://forums.subratam.org/
: http://www.zerosrealm.com/forums/
: http://forums.maddoktor2.com/
: --
: Jeff Richards
: MS MVP (Windows - Shell/User)
: "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
: news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
: > Yes. So I downloaded a malware remover called HiJackThis and I scanned
and
: > it
: > tells me to ask an expert on what to delete so.. can you please tell me
: > what
: > to
: > delete? It scanned this:
: >
:
:
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I assign to you the task of clicking them to see, Dan. Report back in 18
days!

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Dan" <spamyou@user.nec> wrote in message
news:e3uu6zjLFHA.2648@TK2MSFTNGP14.phx.gbl...
| Which forum do you like best, Jeff? Thanks in advance! :eek:
|
| "Jeff Richards" <JRichards@msn.com.au> wrote in message
| news:O7b$tzqJFHA.2648@TK2MSFTNGP14.phx.gbl...
| : This is not the appropriate place for logs. Try:
| : http://boards.cexx.org/index.php
| : http://forums.tomcoyote.com/
| : http://forum.gladiator-antivirus.com/
| : http://forums.net-integration.net/
| : http://forums.subratam.org/
| : http://www.zerosrealm.com/forums/
| : http://forums.maddoktor2.com/
| : --
| : Jeff Richards
| : MS MVP (Windows - Shell/User)
| : "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
| : news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
| : > Yes. So I downloaded a malware remover called HiJackThis and I
scanned
| and
| : > it
| : > tells me to ask an expert on what to delete so.. can you please
tell me
| : > what
| : > to
| : > delete? It scanned this:
| : >
| :
| :
|
|
 

Dan

Distinguished
Dec 31, 2007
2,208
0
19,780
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Now, now PCR you are the expert on clicking web-links so get working --
please report back in 21 days -- :eek:

"PCR" <pcrrcp@netzero.net> wrote in message
news:%23$ijXPpLFHA.2772@TK2MSFTNGP12.phx.gbl...
: I assign to you the task of clicking them to see, Dan. Report back in 18
: days!
:
: --
: Thanks or Good Luck,
: There may be humor in this post, and,
: Naturally, you will not sue,
: should things get worse after this,
: PCR
: pcrrcp@netzero.net
: "Dan" <spamyou@user.nec> wrote in message
: news:e3uu6zjLFHA.2648@TK2MSFTNGP14.phx.gbl...
: | Which forum do you like best, Jeff? Thanks in advance! :eek:
: |
: | "Jeff Richards" <JRichards@msn.com.au> wrote in message
: | news:O7b$tzqJFHA.2648@TK2MSFTNGP14.phx.gbl...
: | : This is not the appropriate place for logs. Try:
: | : http://boards.cexx.org/index.php
: | : http://forums.tomcoyote.com/
: | : http://forum.gladiator-antivirus.com/
: | : http://forums.net-integration.net/
: | : http://forums.subratam.org/
: | : http://www.zerosrealm.com/forums/
: | : http://forums.maddoktor2.com/
: | : --
: | : Jeff Richards
: | : MS MVP (Windows - Shell/User)
: | : "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
: | : news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
: | : > Yes. So I downloaded a malware remover called HiJackThis and I
: scanned
: | and
: | : > it
: | : > tells me to ask an expert on what to delete so.. can you please
: tell me
: | : > what
: | : > to
: | : > delete? It scanned this:
: | : >
: | :
: | :
: |
: |
:
:
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I've never used any of them. Try a few a see which ones are suitable for
you.
--
Jeff Richards
MS MVP (Windows - Shell/User)
"Dan" <spamyou@user.nec> wrote in message
news:e3uu6zjLFHA.2648@TK2MSFTNGP14.phx.gbl...
> Which forum do you like best, Jeff? Thanks in advance! :eek:
 

Dan

Distinguished
Dec 31, 2007
2,208
0
19,780
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Thanks Jeff.

"Jeff Richards" <JRichards@msn.com.au> wrote in message
news:uPsB5YoLFHA.3832@TK2MSFTNGP12.phx.gbl...
: I've never used any of them. Try a few a see which ones are suitable for
: you.
: --
: Jeff Richards
: MS MVP (Windows - Shell/User)
: "Dan" <spamyou@user.nec> wrote in message
: news:e3uu6zjLFHA.2648@TK2MSFTNGP14.phx.gbl...
: > Which forum do you like best, Jeff? Thanks in advance! :eek:
:
:
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I don't remember which URL's we're talking about. So, you do it, &
report back in 32 days.


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Dan" <spamyou@user.nec> wrote in message
news:uRH7iqrLFHA.1308@TK2MSFTNGP15.phx.gbl...
| Now, now PCR you are the expert on clicking web-links so get
working --
| please report back in 21 days -- :eek:
|
| "PCR" <pcrrcp@netzero.net> wrote in message
| news:%23$ijXPpLFHA.2772@TK2MSFTNGP12.phx.gbl...
| : I assign to you the task of clicking them to see, Dan. Report back
in 18
| : days!
| :
| : --
| : Thanks or Good Luck,
| : There may be humor in this post, and,
| : Naturally, you will not sue,
| : should things get worse after this,
| : PCR
| : pcrrcp@netzero.net
| : "Dan" <spamyou@user.nec> wrote in message
| : news:e3uu6zjLFHA.2648@TK2MSFTNGP14.phx.gbl...
| : | Which forum do you like best, Jeff? Thanks in advance! :eek:
| : |
| : | "Jeff Richards" <JRichards@msn.com.au> wrote in message
| : | news:O7b$tzqJFHA.2648@TK2MSFTNGP14.phx.gbl...
| : | : This is not the appropriate place for logs. Try:
| : | : http://boards.cexx.org/index.php
| : | : http://forums.tomcoyote.com/
| : | : http://forum.gladiator-antivirus.com/
| : | : http://forums.net-integration.net/
| : | : http://forums.subratam.org/
| : | : http://www.zerosrealm.com/forums/
| : | : http://forums.maddoktor2.com/
| : | : --
| : | : Jeff Richards
| : | : MS MVP (Windows - Shell/User)
| : | : "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
| : | : news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
| : | : > Yes. So I downloaded a malware remover called HiJackThis and I
| : scanned
| : | and
| : | : > it
| : | : > tells me to ask an expert on what to delete so.. can you
please
| : tell me
| : | : > what
| : | : > to
| : | : > delete? It scanned this:
| : | : >
| : | :
| : | :
| : |
| : |
| :
| :
|
|