Cannot check Email.

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

How come, let's say I try to see my MSN Hotmail box. So I try to see what's
in the mail but then right away it goes to another site.
It goes to the site that my homepage is set to: about:blank but everytime I
open Internet Explorer it goes to another site, not about:blank.
This is where my MSN Hotmail box is going.
15 answers Last reply
More about cannot check email
  1. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "ReNeX" <ReNeX@discussions.microsoft.com> wrote:

    >How come, let's say I try to see my MSN Hotmail box. So I try to see what's
    >in the mail but then right away it goes to another site.
    >It goes to the site that my homepage is set to: about:blank but everytime I
    >open Internet Explorer it goes to another site, not about:blank.
    >This is where my MSN Hotmail box is going.


    It's malware. Look here:
    http://www.securiteam.com/securityreviews/5RP0L0UD5U.html or Google
    "about:blank".

    --
    Tim Slattery
    MS MVP(DTS)
    Slattery_T@bls.gov
  2. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Yes. So I downloaded a malware remover called HiJackThis and I scanned and it
    tells me to ask an expert on what to delete so.. can you please tell me what
    to
    delete? It scanned this:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:13:31 PM, on 11/03/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\COMPAQ\INTERNET\ISDBDC.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\COMPAQ\CPQINET\CPQINET.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\CPQS\BWTOOLS\SCCENTER.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINAMP\WINAMP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://c:\windows\TEMP\se.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://c:\windows\TEMP\se.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    http://www.primus.ca/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer provided by Primus Canada
    R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
    C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
    O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN
    APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
    C:\WINDOWS\SYSTEM\HOPK.DLL
    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
    C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
    C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
    FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button
    Support\cpqeadm.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button
    Support\eaclean.exe
    O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
    O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee
    VirusScan\VSEcomR.EXE
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
    VirusScan\VSSTAT.EXE /SHOWWARNING
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
    VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
    O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
    O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
    Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE
    O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
    O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
    O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
    "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
    Money\System\reminder.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE"
    /background
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links -
    {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate -
    {06FE5D05-8F11-11d2-804F-00105A133818} -
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009 (file missing)
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
    {06FE5D02-8F11-11d2-804F-00105A133818} -
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
    {06FE5D03-8F11-11d2-804F-00105A133818} -
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009 (file missing)
    O9 - Extra button: AOL Instant Messenger (TM) -
    {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
    - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
    - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
    http://www.musicnotes.com/download/mnview95.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
    http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
    Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
    Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
    http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
    http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
    http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
    http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -
    http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    C:\WINDOWS\SYSTEM\HOPK.DLL
    O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    C:\WINDOWS\SYSTEM\HOPK.DLL

    PS: If you do reply and tell me what to delete.. where do you go to delete
    and how?
  3. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    **Post your log to http://forums.spywareinfo.com/,
    http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
    for expert analysis, not here.**
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (Shell, IE/OE) & Security

    In memory of our dear friend, MVP Alex Nichol (1935-2005)
    http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx

    ReNeX wrote:
    > Yes. So I downloaded a malware remover called HiJackThis and I scanned
    > and it
    > tells me to ask an expert on what to delete so.. can you please tell me
    > what
    > to
    > delete? It scanned this
    <snip>
  4. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Copy the log files and paste them into a new post at ONE of these forums:
    http://forum.aumha.org/viewforum.php?f=30
    http://forums.spywareinfo.com/,
    http://castlecops.com/forum67.html

    In your post, please state your problem clearly and what you've done so far to fix
    it.

    The folks there will tell you what to remove.

    See the "housekeeping" you should complete before you post your log:
    http://aumha.org/forum/viewtopic.php?t=4075
    --
    Glen Ventura, MS MVP Shell/User, A+
    ~ In memory of our friend, MVP Alex Nichol ~
    http://aumha.org/alex.htm
    http://dts-l.org/goodpost.htm


    "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
    > Yes. So I downloaded a malware remover called HiJackThis and I scanned and it
    > tells me to ask an expert on what to delete so.. can you please tell me what
    > to
    > delete? It scanned this:
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 9:13:31 PM, on 11/03/05
    > Platform: Windows 98 SE (Win9x 4.10.2222A)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    > Running processes:
    > C:\WINDOWS\SYSTEM\KERNEL32.DLL
    > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    > C:\WINDOWS\SYSTEM\MPREXE.EXE
    > C:\WINDOWS\SYSTEM\MSTASK.EXE
    > C:\COMPAQ\INTERNET\ISDBDC.EXE
    > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    > C:\WINDOWS\SYSTEM\mmtask.tsk
    > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    > C:\WINDOWS\EXPLORER.EXE
    > C:\WINDOWS\TASKMON.EXE
    > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    > C:\COMPAQ\CPQINET\CPQINET.EXE
    > C:\WINDOWS\ptsnoop.exe
    > C:\CPQS\BWTOOLS\SCCENTER.EXE
    > C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
    > C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    > C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    > C:\PROGRAM FILES\AIM95\AIM.EXE
    > C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    > C:\WINDOWS\SYSTEM\WMIEXE.EXE
    > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    > C:\WINDOWS\RUNDLL32.EXE
    > C:\WINDOWS\SYSTEM\DDHELP.EXE
    > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    > C:\PROGRAM FILES\WINAMP\WINAMP.EXE
    > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    > C:\WINDOWS\NOTEPAD.EXE
    > C:\WINDOWS\SYSTEM\PSTORES.EXE
    > C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    > C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    >
    http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > res://c:\windows\TEMP\se.dll/sp.html
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > res://c:\windows\TEMP\se.dll/sp.html
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > about:blank
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > about:blank
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    > http://www.primus.ca/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    > Internet Explorer provided by Primus Canada
    > R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    > (no file)
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    > c:\program files\google\googletoolbar1.dll
    > O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
    > C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
    > O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    > C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    > C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    > O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN
    > APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    > O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
    > C:\WINDOWS\SYSTEM\HOPK.DLL
    > O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
    > C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
    > O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
    > C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
    > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    > files\google\googletoolbar1.dll
    > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
    > FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > C:\WINDOWS\SYSTEM\MSDXM.OCX
    > O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    > O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    > powrprof.dll,LoadCurrentPwrScheme
    > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    > O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button
    > Support\cpqeadm.exe
    > O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button
    > Support\eaclean.exe
    > O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
    > O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    > O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee
    > VirusScan\VSEcomR.EXE
    > O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
    > VirusScan\VSSTAT.EXE /SHOWWARNING
    > O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    > O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    > O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
    > O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    > O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
    > O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
    > VIRUSSCAN\VSHWIN32.EXE
    > O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
    > O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    > Files\Real\Update_OB\realsched.exe" -osboot
    > O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
    > O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
    > O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
    > O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
    > Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    > O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE
    > O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
    > O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
    > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    > O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
    > O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    > powrprof.dll,LoadCurrentPwrScheme
    > O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    > O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
    > O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    > ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    > O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
    > O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
    > "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
    > O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
    > Money\System\reminder.exe
    > O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE"
    > /background
    > O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    > O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    > O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    > O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    > O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    > O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
    > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    > O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
    > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    > O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
    > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    > O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
    > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    > O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
    > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    > C:\WINDOWS\web\related.htm
    > O9 - Extra 'Tools' menuitem: Show &Related Links -
    > {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    > O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
    >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
    (file missing)
    > O9 - Extra 'Tools' menuitem: AV &Translate -
    > {06FE5D05-8F11-11d2-804F-00105A133818} -
    >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
    (file missing)
    > O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
    >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
    (file missing)
    > O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
    > {06FE5D02-8F11-11d2-804F-00105A133818} -
    >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
    (file missing)
    > O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
    >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009 (file missing)
    > O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
    > {06FE5D03-8F11-11d2-804F-00105A133818} -
    >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
    (file missing)
    > O9 - Extra button: AOL Instant Messenger (TM) -
    > {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\WINDOWS\SYSTEM\MSJAVA.DLL
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    > O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    > Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    > O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
    > - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    > O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
    > - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
    > O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    > http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
    > O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
    > http://www.musicnotes.com/download/mnview95.cab
    > O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
    > http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    > http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
    > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    > http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
    > O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
    > Class) -
    > http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    > O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
    > Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    > O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
    > http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
    > O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
    > http://www.nick.com/common/groove/gx/GrooveAX27.cab
    > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
    > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    > O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
    > http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    > O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
    > http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    > O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -
    >
    http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    > O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    > C:\WINDOWS\SYSTEM\HOPK.DLL
    > O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    > C:\WINDOWS\SYSTEM\HOPK.DLL
    >
    > PS: If you do reply and tell me what to delete.. where do you go to delete
    > and how?
    >
  5. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Ok I went to one of your following sites, and I registered and I have to
    click an activation link
    in my email inbox but I can't get in it because of the Malware.
    I'm asking if one of you can post my log in there.

    "glee" wrote:

    > Copy the log files and paste them into a new post at ONE of these forums:
    > http://forum.aumha.org/viewforum.php?f=30
    > http://forums.spywareinfo.com/,
    > http://castlecops.com/forum67.html
    >
    > In your post, please state your problem clearly and what you've done so far to fix
    > it.
    >
    > The folks there will tell you what to remove.
    >
    > See the "housekeeping" you should complete before you post your log:
    > http://aumha.org/forum/viewtopic.php?t=4075
    > --
    > Glen Ventura, MS MVP Shell/User, A+
    > ~ In memory of our friend, MVP Alex Nichol ~
    > http://aumha.org/alex.htm
    > http://dts-l.org/goodpost.htm
    >
    >
    > "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    > news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
    > > Yes. So I downloaded a malware remover called HiJackThis and I scanned and it
    > > tells me to ask an expert on what to delete so.. can you please tell me what
    > > to
    > > delete? It scanned this:
    > >
    > > Logfile of HijackThis v1.99.1
    > > Scan saved at 9:13:31 PM, on 11/03/05
    > > Platform: Windows 98 SE (Win9x 4.10.2222A)
    > > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    > >
    > > Running processes:
    > > C:\WINDOWS\SYSTEM\KERNEL32.DLL
    > > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    > > C:\WINDOWS\SYSTEM\MPREXE.EXE
    > > C:\WINDOWS\SYSTEM\MSTASK.EXE
    > > C:\COMPAQ\INTERNET\ISDBDC.EXE
    > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    > > C:\WINDOWS\SYSTEM\mmtask.tsk
    > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    > > C:\WINDOWS\EXPLORER.EXE
    > > C:\WINDOWS\TASKMON.EXE
    > > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    > > C:\COMPAQ\CPQINET\CPQINET.EXE
    > > C:\WINDOWS\ptsnoop.exe
    > > C:\CPQS\BWTOOLS\SCCENTER.EXE
    > > C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
    > > C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    > > C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    > > C:\PROGRAM FILES\AIM95\AIM.EXE
    > > C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    > > C:\WINDOWS\SYSTEM\WMIEXE.EXE
    > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    > > C:\WINDOWS\RUNDLL32.EXE
    > > C:\WINDOWS\SYSTEM\DDHELP.EXE
    > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    > > C:\PROGRAM FILES\WINAMP\WINAMP.EXE
    > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    > > C:\WINDOWS\NOTEPAD.EXE
    > > C:\WINDOWS\SYSTEM\PSTORES.EXE
    > > C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    > > C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
    > >
    > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > >
    > http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
    > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > > res://c:\windows\TEMP\se.dll/sp.html
    > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > > res://c:\windows\TEMP\se.dll/sp.html
    > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    > > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > > about:blank
    > > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > > about:blank
    > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    > > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    > > http://www.primus.ca/
    > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    > > Internet Explorer provided by Primus Canada
    > > R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    > > (no file)
    > > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > > C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    > > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    > > c:\program files\google\googletoolbar1.dll
    > > O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
    > > C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
    > > O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    > > C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    > > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    > > C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    > > O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN
    > > APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    > > O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
    > > C:\WINDOWS\SYSTEM\HOPK.DLL
    > > O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
    > > C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
    > > O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
    > > C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
    > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    > > files\google\googletoolbar1.dll
    > > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
    > > FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    > > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > > C:\WINDOWS\SYSTEM\MSDXM.OCX
    > > O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    > > O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    > > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    > > powrprof.dll,LoadCurrentPwrScheme
    > > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    > > O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button
    > > Support\cpqeadm.exe
    > > O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button
    > > Support\eaclean.exe
    > > O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
    > > O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    > > O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee
    > > VirusScan\VSEcomR.EXE
    > > O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
    > > VirusScan\VSSTAT.EXE /SHOWWARNING
    > > O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    > > O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    > > O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
    > > O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    > > O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
    > > O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
    > > VIRUSSCAN\VSHWIN32.EXE
    > > O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
    > > O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    > > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    > > Files\Real\Update_OB\realsched.exe" -osboot
    > > O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
    > > O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
    > > O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
    > > O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
    > > Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    > > O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE
    > > O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
    > > O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
    > > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    > > O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
    > > O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    > > powrprof.dll,LoadCurrentPwrScheme
    > > O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    > > O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
    > > O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    > > ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    > > O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
    > > O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
    > > "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
    > > O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
    > > Money\System\reminder.exe
    > > O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE"
    > > /background
    > > O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    > > O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    > > O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    > > O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    > > O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    > > O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
    > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    > > O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
    > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    > > O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
    > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    > > O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
    > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    > > O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
    > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    > > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    > > C:\WINDOWS\web\related.htm
    > > O9 - Extra 'Tools' menuitem: Show &Related Links -
    > > {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    > > O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
    > >
    > http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
    > (file missing)
    > > O9 - Extra 'Tools' menuitem: AV &Translate -
    > > {06FE5D05-8F11-11d2-804F-00105A133818} -
    > >
    > http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
    > (file missing)
    > > O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
    > >
    > http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
    > (file missing)
    > > O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
    > > {06FE5D02-8F11-11d2-804F-00105A133818} -
    > >
    > http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
    > (file missing)
    > > O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
    > >
    > http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009 (file missing)
    > > O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
    > > {06FE5D03-8F11-11d2-804F-00105A133818} -
    > >
    > http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
    > (file missing)
    > > O9 - Extra button: AOL Instant Messenger (TM) -
    > > {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
    > > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > > C:\WINDOWS\SYSTEM\MSJAVA.DLL
    > > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    > > O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    > > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    > > Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    > > O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
    > > - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    > > O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
    > > - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
    > > O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    > > http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
    > > O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
    > > http://www.musicnotes.com/download/mnview95.cab
    > > O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
    > > http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    > > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    > > http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
    > > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    > > http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
    > > O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
    > > Class) -
    > > http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    > > O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
    > > Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    > > O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
    > > http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
    > > O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
    > > http://www.nick.com/common/groove/gx/GrooveAX27.cab
    > > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
    > > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    > > O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
    > > http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    > > O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
    > > http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    > > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    > > O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -
    > >
    > http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    > > O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    > > C:\WINDOWS\SYSTEM\HOPK.DLL
    > > O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    > > C:\WINDOWS\SYSTEM\HOPK.DLL
    > >
    > > PS: If you do reply and tell me what to delete.. where do you go to delete
    > > and how?
    > >
    >
    >
  6. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    This is not the appropriate place for logs. Try:
    http://boards.cexx.org/index.php
    http://forums.tomcoyote.com/
    http://forum.gladiator-antivirus.com/
    http://forums.net-integration.net/
    http://forums.subratam.org/
    http://www.zerosrealm.com/forums/
    http://forums.maddoktor2.com/
    --
    Jeff Richards
    MS MVP (Windows - Shell/User)
    "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
    > Yes. So I downloaded a malware remover called HiJackThis and I scanned and
    > it
    > tells me to ask an expert on what to delete so.. can you please tell me
    > what
    > to
    > delete? It scanned this:
    >
  7. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Have you tried fully cleaning with Adaware SE and Spybot Search and Destroy
    in Safe Mode? Have you looked for programs that installed without your
    knowledge in Add/Remove Programs in the Control Panel when starting in Safe
    Mode? I would do this at a bare minimum before trying to go to the extreme
    of posting a HiJack This Log to a forum. Also, scan with antivirus program
    in safe mode as well and make sure that you scan all files and not just
    program files to get to the root of the problem. Then you may not even need
    to post your HIJACK This log. Let me know if these don't work so I can give
    you other suggestions.

    "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    news:9FCBAE77-8AFB-41D7-BDF2-7FFD4822C9BC@microsoft.com...
    : Ok I went to one of your following sites, and I registered and I have to
    : click an activation link
    : in my email inbox but I can't get in it because of the Malware.
    : I'm asking if one of you can post my log in there.
    :
    : "glee" wrote:
    :
    : > Copy the log files and paste them into a new post at ONE of these forums:
    : > http://forum.aumha.org/viewforum.php?f=30
    : > http://forums.spywareinfo.com/,
    : > http://castlecops.com/forum67.html
    : >
    : > In your post, please state your problem clearly and what you've done so
    far to fix
    : > it.
    : >
    : > The folks there will tell you what to remove.
    : >
    : > See the "housekeeping" you should complete before you post your log:
    : > http://aumha.org/forum/viewtopic.php?t=4075
    : > --
    : > Glen Ventura, MS MVP Shell/User, A+
    : > ~ In memory of our friend, MVP Alex Nichol ~
    : > http://aumha.org/alex.htm
    : > http://dts-l.org/goodpost.htm
    : >
    : >
    : > "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    : > news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
    : > > Yes. So I downloaded a malware remover called HiJackThis and I scanned
    and it
    : > > tells me to ask an expert on what to delete so.. can you please tell me
    what
    : > > to
    : > > delete? It scanned this:
    : > >
    : > > Logfile of HijackThis v1.99.1
    : > > Scan saved at 9:13:31 PM, on 11/03/05
    : > > Platform: Windows 98 SE (Win9x 4.10.2222A)
    : > > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    : > >
    : > > Running processes:
    : > > C:\WINDOWS\SYSTEM\KERNEL32.DLL
    : > > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    : > > C:\WINDOWS\SYSTEM\MPREXE.EXE
    : > > C:\WINDOWS\SYSTEM\MSTASK.EXE
    : > > C:\COMPAQ\INTERNET\ISDBDC.EXE
    : > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    : > > C:\WINDOWS\SYSTEM\mmtask.tsk
    : > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    : > > C:\WINDOWS\EXPLORER.EXE
    : > > C:\WINDOWS\TASKMON.EXE
    : > > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    : > > C:\COMPAQ\CPQINET\CPQINET.EXE
    : > > C:\WINDOWS\ptsnoop.exe
    : > > C:\CPQS\BWTOOLS\SCCENTER.EXE
    : > > C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
    : > > C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    : > > C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    : > > C:\PROGRAM FILES\AIM95\AIM.EXE
    : > > C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS
    SHARED\WKCALREM.EXE
    : > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    : > > C:\WINDOWS\SYSTEM\WMIEXE.EXE
    : > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    : > > C:\WINDOWS\RUNDLL32.EXE
    : > > C:\WINDOWS\SYSTEM\DDHELP.EXE
    : > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    : > > C:\PROGRAM FILES\WINAMP\WINAMP.EXE
    : > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    : > > C:\WINDOWS\NOTEPAD.EXE
    : > > C:\WINDOWS\SYSTEM\PSTORES.EXE
    : > > C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    : > > C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
    : > >
    : > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    : > >
    : >
    http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
    : > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    : > > res://c:\windows\TEMP\se.dll/sp.html
    : > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    about:blank
    : > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    : > > res://c:\windows\TEMP\se.dll/sp.html
    : > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    about:blank
    : > > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    : > > about:blank
    : > > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    : > > about:blank
    : > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
    about:blank
    : > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
    about:blank
    : > > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    : > > http://www.primus.ca/
    : > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    Microsoft
    : > > Internet Explorer provided by Primus Canada
    : > > R3 - URLSearchHook: (no name) -
    _{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    : > > (no file)
    : > > O2 - BHO: AcroIEHlprObj Class -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    : > > C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    : > > O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    : > > c:\program files\google\googletoolbar1.dll
    : > > O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
    : > > C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
    : > > O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    : > > C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    : > > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    : > > C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    : > > O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM
    FILES\MSN
    : > > APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    : > > O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
    : > > C:\WINDOWS\SYSTEM\HOPK.DLL
    : > > O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
    : > > C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
    : > > O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
    : > > C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
    : > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program
    : > > files\google\googletoolbar1.dll
    : > > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
    : > > FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    : > > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    : > > C:\WINDOWS\SYSTEM\MSDXM.OCX
    : > > O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    : > > O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    : > > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    : > > powrprof.dll,LoadCurrentPwrScheme
    : > > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    : > > O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access
    Button
    : > > Support\cpqeadm.exe
    : > > O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button
    : > > Support\eaclean.exe
    : > > O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
    : > > O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    : > > O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network
    Associates\McAfee
    : > > VirusScan\VSEcomR.EXE
    : > > O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network
    Associates\McAfee
    : > > VirusScan\VSSTAT.EXE /SHOWWARNING
    : > > O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    : > > O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    : > > O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
    : > > O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    : > > O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
    : > > O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    ASSOCIATES\MCAFEE
    : > > VIRUSSCAN\VSHWIN32.EXE
    : > > O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
    : > > O4 - HKLM\..\Run: [QuickTime Task]
    "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    : > > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    : > > Files\Real\Update_OB\realsched.exe" -osboot
    : > > O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
    : > > O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
    : > > O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
    : > > O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
    : > > Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    : > > O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE
    : > > O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
    : > > O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
    : > > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    : > > O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
    : > > O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    : > > powrprof.dll,LoadCurrentPwrScheme
    : > > O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    : > > O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
    : > > O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    : > > ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    : > > O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
    : > > O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
    : > > "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
    : > > O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
    : > > Money\System\reminder.exe
    : > > O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN
    MESSENGER\MSNMSGR.EXE"
    : > > /background
    : > > O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    : > > O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    : > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    : > > O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    : > > O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    : > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    : > > O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    : > > O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
    : > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    : > > O8 - Extra context menu item: Cached Snapshot of Page -
    res://C:\PROGRAM
    : > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    : > > O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
    : > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    : > > O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
    : > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    : > > O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
    : > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    : > > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    : > > C:\WINDOWS\web\related.htm
    : > > O9 - Extra 'Tools' menuitem: Show &Related Links -
    : > > {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    : > > O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
    : > >
    : >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
    : > (file missing)
    : > > O9 - Extra 'Tools' menuitem: AV &Translate -
    : > > {06FE5D05-8F11-11d2-804F-00105A133818} -
    : > >
    : >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
    : > (file missing)
    : > > O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
    : > >
    : >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
    : > (file missing)
    : > > O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
    : > > {06FE5D02-8F11-11d2-804F-00105A133818} -
    : > >
    : >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
    : > (file missing)
    : > > O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
    : > >
    : >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
    (file missing)
    : > > O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
    : > > {06FE5D03-8F11-11d2-804F-00105A133818} -
    : > >
    : >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
    : > (file missing)
    : > > O9 - Extra button: AOL Instant Messenger (TM) -
    : > > {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
    : > > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    : > > C:\WINDOWS\SYSTEM\MSJAVA.DLL
    : > > O9 - Extra 'Tools' menuitem: Sun Java Console -
    : > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    : > > O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    : > > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    : > > Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    : > > O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
    Class)
    : > > - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    : > > O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    Class)
    : > > - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
    : > > O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    : > > http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
    : > > O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
    : > > http://www.musicnotes.com/download/mnview95.cab
    : > > O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin
    Class) -
    : > > http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    : > > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    : > > http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
    : > > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    : > > http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
    : > > O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
    : > > Class) -
    : > >
    http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    : > > O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
    : > > Control Class) -
    http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    : > > O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
    : > > http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
    : > > O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
    : > > http://www.nick.com/common/groove/gx/GrooveAX27.cab
    : > > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
    : > > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    : > > O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
    : > > http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    : > > O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
    : > > http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    : > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage
    : > > Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    : > > O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl
    Class) -
    : > >
    : >
    http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    : > > O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    : > > C:\WINDOWS\SYSTEM\HOPK.DLL
    : > > O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    : > > C:\WINDOWS\SYSTEM\HOPK.DLL
    : > >
    : > > PS: If you do reply and tell me what to delete.. where do you go to
    delete
    : > > and how?
    : > >
    : >
    : >
  8. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    You don't have an email account through your Internet provider that uses an email
    client app instead of your web browser? You don't have access to another computer
    (a friend's, the library's) to get at your email to activate? Someone else posting
    your log won't do you much good, as you still won't be able to interact in the forum
    to get the continuing instructions you will need.

    Update your anti-virus app and then run a full-system virus scan.

    Use CWShredder, the CoolWeb removal tool, available here:
    http://www.majorgeeks.com/download3019.html
    http://aumha.org/downloads/cwshredder.zip
    Close all browser windows and open apps, start CWShredder and click the Fix button.

    Try the instructions here for removing CWS aboutblank:
    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082839

    See also:
    http://cwshredder.net/cwshredder/cwschronicles.html
    http://cwshredder.net/cwshredder/cwschronicles.html#aboutblank

    You might also want to try the trial version of Webroot SpySweeper to remove it:
    http://research.spysweeper.com/threat_library/threat_details.php?threat=cws_aboutblank

    Install Ad-Aware SE free Personal Edition, start it, click its 'Check for Updates'
    link in the app to install updates, then use it to scan your system, and remove what
    it finds. I suggest you restart in Safe Mode and run Ad-Aware from there, then
    restart into Safe Mode again and run it again.
    Ad-Aware:
    http://www.lavasoftusa.com/support/download/
    http://www.majorgeeks.com/download506.html
    --
    Glen Ventura, MS MVP Shell/User, A+
    ~ In memory of our friend, MVP Alex Nichol ~
    http://aumha.org/alex.htm
    http://dts-l.org/goodpost.htm


    "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    news:9FCBAE77-8AFB-41D7-BDF2-7FFD4822C9BC@microsoft.com...
    > Ok I went to one of your following sites, and I registered and I have to
    > click an activation link
    > in my email inbox but I can't get in it because of the Malware.
    > I'm asking if one of you can post my log in there.
    >
    > "glee" wrote:
    >
    > > Copy the log files and paste them into a new post at ONE of these forums:
    > > http://forum.aumha.org/viewforum.php?f=30
    > > http://forums.spywareinfo.com/,
    > > http://castlecops.com/forum67.html
    > >
    > > In your post, please state your problem clearly and what you've done so far to
    fix
    > > it.
    > >
    > > The folks there will tell you what to remove.
    > >
    > > See the "housekeeping" you should complete before you post your log:
    > > http://aumha.org/forum/viewtopic.php?t=4075
    > > --
    > > Glen Ventura, MS MVP Shell/User, A+
    > > ~ In memory of our friend, MVP Alex Nichol ~
    > > http://aumha.org/alex.htm
    > > http://dts-l.org/goodpost.htm
    > >
    > >
    > > "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    > > news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
    > > > Yes. So I downloaded a malware remover called HiJackThis and I scanned and it
    > > > tells me to ask an expert on what to delete so.. can you please tell me what
    > > > to
    > > > delete? It scanned this:
    > > >
    > > > Logfile of HijackThis v1.99.1
    > > > Scan saved at 9:13:31 PM, on 11/03/05
    > > > Platform: Windows 98 SE (Win9x 4.10.2222A)
    > > > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    > > >
    > > > Running processes:
    > > > C:\WINDOWS\SYSTEM\KERNEL32.DLL
    > > > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    > > > C:\WINDOWS\SYSTEM\MPREXE.EXE
    > > > C:\WINDOWS\SYSTEM\MSTASK.EXE
    > > > C:\COMPAQ\INTERNET\ISDBDC.EXE
    > > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    > > > C:\WINDOWS\SYSTEM\mmtask.tsk
    > > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    > > > C:\WINDOWS\EXPLORER.EXE
    > > > C:\WINDOWS\TASKMON.EXE
    > > > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    > > > C:\COMPAQ\CPQINET\CPQINET.EXE
    > > > C:\WINDOWS\ptsnoop.exe
    > > > C:\CPQS\BWTOOLS\SCCENTER.EXE
    > > > C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
    > > > C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    > > > C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    > > > C:\PROGRAM FILES\AIM95\AIM.EXE
    > > > C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    > > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    > > > C:\WINDOWS\SYSTEM\WMIEXE.EXE
    > > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    > > > C:\WINDOWS\RUNDLL32.EXE
    > > > C:\WINDOWS\SYSTEM\DDHELP.EXE
    > > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    > > > C:\PROGRAM FILES\WINAMP\WINAMP.EXE
    > > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    > > > C:\WINDOWS\NOTEPAD.EXE
    > > > C:\WINDOWS\SYSTEM\PSTORES.EXE
    > > > C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    > > > C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
    > > >
    > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > > >
    > >
    http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
    > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > > > res://c:\windows\TEMP\se.dll/sp.html
    > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > > > res://c:\windows\TEMP\se.dll/sp.html
    > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > > > about:blank
    > > > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > > > about:blank
    > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    > > > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    > > > http://www.primus.ca/
    > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    > > > Internet Explorer provided by Primus Canada
    > > > R3 - URLSearchHook: (no name) - _{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    > > > (no file)
    > > > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > > > C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    > > > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    > > > c:\program files\google\googletoolbar1.dll
    > > > O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
    > > > C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
    > > > O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    > > > C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    > > > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    > > > C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    > > > O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN
    > > > APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    > > > O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
    > > > C:\WINDOWS\SYSTEM\HOPK.DLL
    > > > O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
    > > > C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
    > > > O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
    > > > C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
    > > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    > > > files\google\googletoolbar1.dll
    > > > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
    > > > FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    > > > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > > > C:\WINDOWS\SYSTEM\MSDXM.OCX
    > > > O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    > > > O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    > > > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    > > > powrprof.dll,LoadCurrentPwrScheme
    > > > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    > > > O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button
    > > > Support\cpqeadm.exe
    > > > O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button
    > > > Support\eaclean.exe
    > > > O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
    > > > O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    > > > O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee
    > > > VirusScan\VSEcomR.EXE
    > > > O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
    > > > VirusScan\VSSTAT.EXE /SHOWWARNING
    > > > O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    > > > O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    > > > O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
    > > > O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    > > > O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
    > > > O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
    > > > VIRUSSCAN\VSHWIN32.EXE
    > > > O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
    > > > O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    > > > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    > > > Files\Real\Update_OB\realsched.exe" -osboot
    > > > O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
    > > > O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
    > > > O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
    > > > O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
    > > > Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    > > > O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\SYSTEM\X1002142005.EXE
    > > > O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
    > > > O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
    > > > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    > > > O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
    > > > O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    > > > powrprof.dll,LoadCurrentPwrScheme
    > > > O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    > > > O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
    > > > O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    > > > ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    > > > O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
    > > > O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
    > > > "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
    > > > O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
    > > > Money\System\reminder.exe
    > > > O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE"
    > > > /background
    > > > O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    > > > O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    > > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    > > > O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    > > > O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    > > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    > > > O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    > > > O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
    > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    > > > O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
    > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    > > > O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
    > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    > > > O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
    > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    > > > O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
    > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    > > > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    > > > C:\WINDOWS\web\related.htm
    > > > O9 - Extra 'Tools' menuitem: Show &Related Links -
    > > > {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    > > > O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
    > > >
    > >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
    > > (file missing)
    > > > O9 - Extra 'Tools' menuitem: AV &Translate -
    > > > {06FE5D05-8F11-11d2-804F-00105A133818} -
    > > >
    > >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
    > > (file missing)
    > > > O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
    > > >
    > >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
    > > (file missing)
    > > > O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
    > > > {06FE5D02-8F11-11d2-804F-00105A133818} -
    > > >
    > >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
    > > (file missing)
    > > > O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
    > > >
    > >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
    (file missing)
    > > > O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
    > > > {06FE5D03-8F11-11d2-804F-00105A133818} -
    > > >
    > >
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
    > > (file missing)
    > > > O9 - Extra button: AOL Instant Messenger (TM) -
    > > > {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
    > > > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > > > C:\WINDOWS\SYSTEM\MSJAVA.DLL
    > > > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    > > > O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    > > > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    > > > Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    > > > O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
    > > > - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    > > > O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
    > > > - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
    > > > O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    > > > http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
    > > > O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
    > > > http://www.musicnotes.com/download/mnview95.cab
    > > > O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
    > > > http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    > > > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    > > > http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
    > > > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    > > > http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
    > > > O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
    > > > Class) -
    > > > http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    > > > O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
    > > > Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    > > > O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
    > > > http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
    > > > O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
    > > > http://www.nick.com/common/groove/gx/GrooveAX27.cab
    > > > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
    > > > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    > > > O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
    > > > http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    > > > O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
    > > > http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    > > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    > > > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    > > > O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -
    > > >
    > >
    http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    > > > O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    > > > C:\WINDOWS\SYSTEM\HOPK.DLL
    > > > O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    > > > C:\WINDOWS\SYSTEM\HOPK.DLL
    > > >
    > > > PS: If you do reply and tell me what to delete.. where do you go to delete
    > > > and how?
    > > >
    > >
    > >
  9. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Glen, I am going to give CWShredder another try. Thanks for your advice.
    Have a nice day. :>

    "glee" <glee29@spamindspring.com> wrote in message
    news:%23Z97Yr3JFHA.3420@tk2msftngp13.phx.gbl...
    : You don't have an email account through your Internet provider that uses an
    email
    : client app instead of your web browser? You don't have access to another
    computer
    : (a friend's, the library's) to get at your email to activate? Someone else
    posting
    : your log won't do you much good, as you still won't be able to interact in
    the forum
    : to get the continuing instructions you will need.
    :
    : Update your anti-virus app and then run a full-system virus scan.
    :
    : Use CWShredder, the CoolWeb removal tool, available here:
    : http://www.majorgeeks.com/download3019.html
    : http://aumha.org/downloads/cwshredder.zip
    : Close all browser windows and open apps, start CWShredder and click the Fix
    button.
    :
    : Try the instructions here for removing CWS aboutblank:
    : http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082839
    :
    : See also:
    : http://cwshredder.net/cwshredder/cwschronicles.html
    : http://cwshredder.net/cwshredder/cwschronicles.html#aboutblank
    :
    : You might also want to try the trial version of Webroot SpySweeper to
    remove it:
    :
    http://research.spysweeper.com/threat_library/threat_details.php?threat=cws_aboutblank
    :
    : Install Ad-Aware SE free Personal Edition, start it, click its 'Check for
    Updates'
    : link in the app to install updates, then use it to scan your system, and
    remove what
    : it finds. I suggest you restart in Safe Mode and run Ad-Aware from there,
    then
    : restart into Safe Mode again and run it again.
    : Ad-Aware:
    : http://www.lavasoftusa.com/support/download/
    : http://www.majorgeeks.com/download506.html
    : --
    : Glen Ventura, MS MVP Shell/User, A+
    : ~ In memory of our friend, MVP Alex Nichol ~
    : http://aumha.org/alex.htm
    : http://dts-l.org/goodpost.htm
    :
    :
    : "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    : news:9FCBAE77-8AFB-41D7-BDF2-7FFD4822C9BC@microsoft.com...
    : > Ok I went to one of your following sites, and I registered and I have to
    : > click an activation link
    : > in my email inbox but I can't get in it because of the Malware.
    : > I'm asking if one of you can post my log in there.
    : >
    : > "glee" wrote:
    : >
    : > > Copy the log files and paste them into a new post at ONE of these
    forums:
    : > > http://forum.aumha.org/viewforum.php?f=30
    : > > http://forums.spywareinfo.com/,
    : > > http://castlecops.com/forum67.html
    : > >
    : > > In your post, please state your problem clearly and what you've done so
    far to
    : fix
    : > > it.
    : > >
    : > > The folks there will tell you what to remove.
    : > >
    : > > See the "housekeeping" you should complete before you post your log:
    : > > http://aumha.org/forum/viewtopic.php?t=4075
    : > > --
    : > > Glen Ventura, MS MVP Shell/User, A+
    : > > ~ In memory of our friend, MVP Alex Nichol ~
    : > > http://aumha.org/alex.htm
    : > > http://dts-l.org/goodpost.htm
    : > >
    : > >
    : > > "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    : > > news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
    : > > > Yes. So I downloaded a malware remover called HiJackThis and I
    scanned and it
    : > > > tells me to ask an expert on what to delete so.. can you please tell
    me what
    : > > > to
    : > > > delete? It scanned this:
    : > > >
    : > > > Logfile of HijackThis v1.99.1
    : > > > Scan saved at 9:13:31 PM, on 11/03/05
    : > > > Platform: Windows 98 SE (Win9x 4.10.2222A)
    : > > > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    : > > >
    : > > > Running processes:
    : > > > C:\WINDOWS\SYSTEM\KERNEL32.DLL
    : > > > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    : > > > C:\WINDOWS\SYSTEM\MPREXE.EXE
    : > > > C:\WINDOWS\SYSTEM\MSTASK.EXE
    : > > > C:\COMPAQ\INTERNET\ISDBDC.EXE
    : > > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    : > > > C:\WINDOWS\SYSTEM\mmtask.tsk
    : > > > C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    : > > > C:\WINDOWS\EXPLORER.EXE
    : > > > C:\WINDOWS\TASKMON.EXE
    : > > > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    : > > > C:\COMPAQ\CPQINET\CPQINET.EXE
    : > > > C:\WINDOWS\ptsnoop.exe
    : > > > C:\CPQS\BWTOOLS\SCCENTER.EXE
    : > > > C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
    : > > > C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    : > > > C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    : > > > C:\PROGRAM FILES\AIM95\AIM.EXE
    : > > > C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS
    SHARED\WKCALREM.EXE
    : > > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    : > > > C:\WINDOWS\SYSTEM\WMIEXE.EXE
    : > > > C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    : > > > C:\WINDOWS\RUNDLL32.EXE
    : > > > C:\WINDOWS\SYSTEM\DDHELP.EXE
    : > > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    : > > > C:\PROGRAM FILES\WINAMP\WINAMP.EXE
    : > > > C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    : > > > C:\WINDOWS\NOTEPAD.EXE
    : > > > C:\WINDOWS\SYSTEM\PSTORES.EXE
    : > > > C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    : > > > C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
    : > > >
    : > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
    =
    : > > >
    : > >
    :
    http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=1009&c=1c00
    : > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    : > > > res://c:\windows\TEMP\se.dll/sp.html
    : > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    about:blank
    : > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    : > > > res://c:\windows\TEMP\se.dll/sp.html
    : > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    about:blank
    : > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
    =
    : > > > about:blank
    : > > > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
    =
    : > > > about:blank
    : > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
    about:blank
    : > > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
    about:blank
    : > > > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    : > > > http://www.primus.ca/
    : > > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    Microsoft
    : > > > Internet Explorer provided by Primus Canada
    : > > > R3 - URLSearchHook: (no name) -
    _{0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    : > > > (no file)
    : > > > O2 - BHO: AcroIEHlprObj Class -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    : > > > C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    : > > > O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    : > > > c:\program files\google\googletoolbar1.dll
    : > > > O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} -
    : > > > C:\WINDOWS\PROFILES\ALL USERS\APPLICATION DATA\X2FF\X2FF.DLL
    : > > > O2 - BHO: NavErrRedir Class -
    {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
    : > > > C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    : > > > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    : > > > C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    : > > > O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM
    FILES\MSN
    : > > > APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    : > > > O2 - BHO: (no name) - {AB6BD721-8F4F-11D9-A1F8-005098F1333F} -
    : > > > C:\WINDOWS\SYSTEM\HOPK.DLL
    : > > > O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
    : > > > C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
    : > > > O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D0EE-E86FA787AD2D} -
    : > > > C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSCWPB.DLL (file missing)
    : > > > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program
    : > > > files\google\googletoolbar1.dll
    : > > > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\PROGRAM
    : > > > FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    : > > > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    : > > > C:\WINDOWS\SYSTEM\MSDXM.OCX
    : > > > O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    : > > > O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    : > > > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    : > > > powrprof.dll,LoadCurrentPwrScheme
    : > > > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    : > > > O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access
    Button
    : > > > Support\cpqeadm.exe
    : > > > O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access
    Button
    : > > > Support\eaclean.exe
    : > > > O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
    : > > > O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    : > > > O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network
    Associates\McAfee
    : > > > VirusScan\VSEcomR.EXE
    : > > > O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network
    Associates\McAfee
    : > > > VirusScan\VSSTAT.EXE /SHOWWARNING
    : > > > O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    : > > > O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    : > > > O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
    : > > > O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    : > > > O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
    : > > > O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    ASSOCIATES\MCAFEE
    : > > > VIRUSSCAN\VSHWIN32.EXE
    : > > > O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\WTHRTRAY.EXE
    : > > > O4 - HKLM\..\Run: [QuickTime Task]
    "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    : > > > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    : > > > Files\Real\Update_OB\realsched.exe" -osboot
    : > > > O4 - HKLM\..\Run: [B4pqrXB] C:\VWVIB.EXE
    : > > > O4 - HKLM\..\Run: [Uiubq] C:\PROGRAM FILES\VWFINX\KEKO.EXE
    : > > > O4 - HKLM\..\Run: [Xozrrc] C:\PROGRAM FILES\DPIOITP\IQIS.EXE
    : > > > O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
    : > > > Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    : > > > O4 - HKLM\..\Run: [Visual Element Fx]
    C:\WINDOWS\SYSTEM\X1002142005.EXE
    : > > > O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
    : > > > O4 - HKLM\..\Run: [DI2] "C:\windows\TEMP\27.exe\27.exe"
    : > > > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    : > > > O4 - HKLM\..\Run: [BPCV2] C:\PROGRAM FILES\BPC_SEARCH\BPCV2.EXE
    : > > > O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    : > > > powrprof.dll,LoadCurrentPwrScheme
    : > > > O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    : > > > O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
    : > > > O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    : > > > ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    : > > > O4 - HKLM\..\RunServices: [csrs] C:\WINDOWS\SYSTEM\csrs.exe
    : > > > O4 - HKLM\..\RunOnce: [erxy0ff] %comspec% /c erase
    : > > > "C:\WINDOWS\PROFILES\ALLUSE~1\APPLIC~1\XY0FF.EXE"
    : > > > O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft
    : > > > Money\System\reminder.exe
    : > > > O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN
    MESSENGER\MSNMSGR.EXE"
    : > > > /background
    : > > > O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    : > > > O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program
    : > > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    : > > > O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    : > > > O4 - User Startup: Microsoft Works Calendar Reminders.lnk =
    C:\Program
    : > > > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    : > > > O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    : > > > O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
    : > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    : > > > O8 - Extra context menu item: Cached Snapshot of Page -
    res://C:\PROGRAM
    : > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    : > > > O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
    : > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    : > > > O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
    : > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    : > > > O8 - Extra context menu item: Translate into English -
    res://C:\PROGRAM
    : > > > FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    : > > > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    : > > > C:\WINDOWS\web\related.htm
    : > > > O9 - Extra 'Tools' menuitem: Show &Related Links -
    : > > > {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    : > > > O9 - Extra button: Translate -
    {06FE5D05-8F11-11d2-804F-00105A133818} -
    : > > >
    : > >
    :
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
    : > > (file missing)
    : > > > O9 - Extra 'Tools' menuitem: AV &Translate -
    : > > > {06FE5D05-8F11-11d2-804F-00105A133818} -
    : > > >
    : > >
    :
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=1009
    : > > (file missing)
    : > > > O9 - Extra button: (no name) -
    {06FE5D02-8F11-11d2-804F-00105A133818} -
    : > > >
    : > >
    :
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
    : > > (file missing)
    : > > > O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
    : > > > {06FE5D02-8F11-11d2-804F-00105A133818} -
    : > > >
    : > >
    :
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=1009
    : > > (file missing)
    : > > > O9 - Extra button: (no name) -
    {06FE5D03-8F11-11d2-804F-00105A133818} -
    : > > >
    : > >
    :
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
    : (file missing)
    : > > > O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
    : > > > {06FE5D03-8F11-11d2-804F-00105A133818} -
    : > > >
    : > >
    :
    http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=1009
    : > > (file missing)
    : > > > O9 - Extra button: AOL Instant Messenger (TM) -
    : > > > {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM
    FILES\AIM95\AIM.EXE
    : > > > O9 - Extra button: (no name) -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    : > > > C:\WINDOWS\SYSTEM\MSJAVA.DLL
    : > > > O9 - Extra 'Tools' menuitem: Sun Java Console -
    : > > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    : > > > O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    : > > > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
    (MessengerStatsClient
    : > > > Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    : > > > O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
    Class)
    : > > > - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    : > > > O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    Class)
    : > > > - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
    : > > > O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    : > > > http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
    : > > > O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes
    Viewer) -
    : > > > http://www.musicnotes.com/download/mnview95.cab
    : > > > O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin
    Class) -
    : > > > http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    : > > > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    : > > > http://software-dl.real.com/16c672389af1d2165720/netzip/RdxIE601.cab
    : > > > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    : > > > http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
    : > > > O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
    (MessengerStatsClient
    : > > > Class) -
    : > > >
    http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    : > > > O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet
    Download
    : > > > Control Class) -
    http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    : > > > O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
    : > > > http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
    : > > > O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
    : > > > http://www.nick.com/common/groove/gx/GrooveAX27.cab
    : > > > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
    : > > > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    : > > > O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
    : > > > http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    : > > > O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
    : > > > http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    : > > > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage
    : > > > Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    : > > > O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl
    Class) -
    : > > >
    : > >
    :
    http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    : > > > O18 - Filter: text/html - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    : > > > C:\WINDOWS\SYSTEM\HOPK.DLL
    : > > > O18 - Filter: text/plain - {1AC4354C-90CA-11D9-A1F8-00500364967B} -
    : > > > C:\WINDOWS\SYSTEM\HOPK.DLL
    : > > >
    : > > > PS: If you do reply and tell me what to delete.. where do you go to
    delete
    : > > > and how?
    : > > >
    : > >
    : > >
    :
  10. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Which forum do you like best, Jeff? Thanks in advance! :o

    "Jeff Richards" <JRichards@msn.com.au> wrote in message
    news:O7b$tzqJFHA.2648@TK2MSFTNGP14.phx.gbl...
    : This is not the appropriate place for logs. Try:
    : http://boards.cexx.org/index.php
    : http://forums.tomcoyote.com/
    : http://forum.gladiator-antivirus.com/
    : http://forums.net-integration.net/
    : http://forums.subratam.org/
    : http://www.zerosrealm.com/forums/
    : http://forums.maddoktor2.com/
    : --
    : Jeff Richards
    : MS MVP (Windows - Shell/User)
    : "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    : news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
    : > Yes. So I downloaded a malware remover called HiJackThis and I scanned
    and
    : > it
    : > tells me to ask an expert on what to delete so.. can you please tell me
    : > what
    : > to
    : > delete? It scanned this:
    : >
    :
    :
  11. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    I assign to you the task of clicking them to see, Dan. Report back in 18
    days!

    --
    Thanks or Good Luck,
    There may be humor in this post, and,
    Naturally, you will not sue,
    should things get worse after this,
    PCR
    pcrrcp@netzero.net
    "Dan" <spamyou@user.nec> wrote in message
    news:e3uu6zjLFHA.2648@TK2MSFTNGP14.phx.gbl...
    | Which forum do you like best, Jeff? Thanks in advance! :o
    |
    | "Jeff Richards" <JRichards@msn.com.au> wrote in message
    | news:O7b$tzqJFHA.2648@TK2MSFTNGP14.phx.gbl...
    | : This is not the appropriate place for logs. Try:
    | : http://boards.cexx.org/index.php
    | : http://forums.tomcoyote.com/
    | : http://forum.gladiator-antivirus.com/
    | : http://forums.net-integration.net/
    | : http://forums.subratam.org/
    | : http://www.zerosrealm.com/forums/
    | : http://forums.maddoktor2.com/
    | : --
    | : Jeff Richards
    | : MS MVP (Windows - Shell/User)
    | : "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    | : news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
    | : > Yes. So I downloaded a malware remover called HiJackThis and I
    scanned
    | and
    | : > it
    | : > tells me to ask an expert on what to delete so.. can you please
    tell me
    | : > what
    | : > to
    | : > delete? It scanned this:
    | : >
    | :
    | :
    |
    |
  12. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Now, now PCR you are the expert on clicking web-links so get working --
    please report back in 21 days -- :o

    "PCR" <pcrrcp@netzero.net> wrote in message
    news:%23$ijXPpLFHA.2772@TK2MSFTNGP12.phx.gbl...
    : I assign to you the task of clicking them to see, Dan. Report back in 18
    : days!
    :
    : --
    : Thanks or Good Luck,
    : There may be humor in this post, and,
    : Naturally, you will not sue,
    : should things get worse after this,
    : PCR
    : pcrrcp@netzero.net
    : "Dan" <spamyou@user.nec> wrote in message
    : news:e3uu6zjLFHA.2648@TK2MSFTNGP14.phx.gbl...
    : | Which forum do you like best, Jeff? Thanks in advance! :o
    : |
    : | "Jeff Richards" <JRichards@msn.com.au> wrote in message
    : | news:O7b$tzqJFHA.2648@TK2MSFTNGP14.phx.gbl...
    : | : This is not the appropriate place for logs. Try:
    : | : http://boards.cexx.org/index.php
    : | : http://forums.tomcoyote.com/
    : | : http://forum.gladiator-antivirus.com/
    : | : http://forums.net-integration.net/
    : | : http://forums.subratam.org/
    : | : http://www.zerosrealm.com/forums/
    : | : http://forums.maddoktor2.com/
    : | : --
    : | : Jeff Richards
    : | : MS MVP (Windows - Shell/User)
    : | : "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    : | : news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
    : | : > Yes. So I downloaded a malware remover called HiJackThis and I
    : scanned
    : | and
    : | : > it
    : | : > tells me to ask an expert on what to delete so.. can you please
    : tell me
    : | : > what
    : | : > to
    : | : > delete? It scanned this:
    : | : >
    : | :
    : | :
    : |
    : |
    :
    :
  13. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    I've never used any of them. Try a few a see which ones are suitable for
    you.
    --
    Jeff Richards
    MS MVP (Windows - Shell/User)
    "Dan" <spamyou@user.nec> wrote in message
    news:e3uu6zjLFHA.2648@TK2MSFTNGP14.phx.gbl...
    > Which forum do you like best, Jeff? Thanks in advance! :o
  14. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Thanks Jeff.

    "Jeff Richards" <JRichards@msn.com.au> wrote in message
    news:uPsB5YoLFHA.3832@TK2MSFTNGP12.phx.gbl...
    : I've never used any of them. Try a few a see which ones are suitable for
    : you.
    : --
    : Jeff Richards
    : MS MVP (Windows - Shell/User)
    : "Dan" <spamyou@user.nec> wrote in message
    : news:e3uu6zjLFHA.2648@TK2MSFTNGP14.phx.gbl...
    : > Which forum do you like best, Jeff? Thanks in advance! :o
    :
    :
  15. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    I don't remember which URL's we're talking about. So, you do it, &
    report back in 32 days.


    --
    Thanks or Good Luck,
    There may be humor in this post, and,
    Naturally, you will not sue,
    should things get worse after this,
    PCR
    pcrrcp@netzero.net
    "Dan" <spamyou@user.nec> wrote in message
    news:uRH7iqrLFHA.1308@TK2MSFTNGP15.phx.gbl...
    | Now, now PCR you are the expert on clicking web-links so get
    working --
    | please report back in 21 days -- :o
    |
    | "PCR" <pcrrcp@netzero.net> wrote in message
    | news:%23$ijXPpLFHA.2772@TK2MSFTNGP12.phx.gbl...
    | : I assign to you the task of clicking them to see, Dan. Report back
    in 18
    | : days!
    | :
    | : --
    | : Thanks or Good Luck,
    | : There may be humor in this post, and,
    | : Naturally, you will not sue,
    | : should things get worse after this,
    | : PCR
    | : pcrrcp@netzero.net
    | : "Dan" <spamyou@user.nec> wrote in message
    | : news:e3uu6zjLFHA.2648@TK2MSFTNGP14.phx.gbl...
    | : | Which forum do you like best, Jeff? Thanks in advance! :o
    | : |
    | : | "Jeff Richards" <JRichards@msn.com.au> wrote in message
    | : | news:O7b$tzqJFHA.2648@TK2MSFTNGP14.phx.gbl...
    | : | : This is not the appropriate place for logs. Try:
    | : | : http://boards.cexx.org/index.php
    | : | : http://forums.tomcoyote.com/
    | : | : http://forum.gladiator-antivirus.com/
    | : | : http://forums.net-integration.net/
    | : | : http://forums.subratam.org/
    | : | : http://www.zerosrealm.com/forums/
    | : | : http://forums.maddoktor2.com/
    | : | : --
    | : | : Jeff Richards
    | : | : MS MVP (Windows - Shell/User)
    | : | : "ReNeX" <ReNeX@discussions.microsoft.com> wrote in message
    | : | : news:A1C46A6B-7DFE-4B2A-8130-FFA82D3ABD0D@microsoft.com...
    | : | : > Yes. So I downloaded a malware remover called HiJackThis and I
    | : scanned
    | : | and
    | : | : > it
    | : | : > tells me to ask an expert on what to delete so.. can you
    please
    | : tell me
    | : | : > what
    | : | : > to
    | : | : > delete? It scanned this:
    | : | : >
    | : | :
    | : | :
    | : |
    | : |
    | :
    | :
    |
    |
Ask a new question

Read More

MSN Hotmail Email Internet Explorer Windows