Trojan-spy.html.smitfraud.c [RESOLVED] |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 Jul 21 2005, 09:22 AM
Post
#16
|
|
 Trusted Helper  Posts: 1,101 From: Long Island, New York OS: Windows XP Professional  |
Dear cryptopsy,
 (Note: Do the following steps in this post after performing the steps in the previous post I sent you.) I was talking with another member at the Geeks to Go forums web site and we talked about some possible reasons why your wininet.dll file was being deleted on a reboot. It is possible that your AntiVir Personal Edition anitivirus software is deleting your "wininet.dll" file on a reboot (with this file deletion, your internet explorer browser will not function correctly either). If you are still having problems with the "wininet.dll file being deleted on reboot. Try the following steps:
2. Re-install your wininet.dll file from your window 98 cd to your computer. Reboot your computer. 3. See if on reboot, if your computer system tries to delete your "wininet.dll" file. Reboot your computer. 4. Re-install your AntiVir Personal Edition software. 5. Check to see if your Cleanup, Adaware, Spybot programs are running correctly. 6. Check to see if your IE browser is running correctly. 7. Post to me the HijackThis log, silent runners log and the MWAV antivirus tool application log in a reply to this post. 8. In addition, let me know in detail how your computer system is running after performing the above steps.
|
 |
 
|
|
Jul 21 2005, 11:39 PM
Post
#17
|
|
|
Member  Posts: 23 OS: Windows 98 |
I downloaded and ran killbox with no problems. The files which you specified were deleted with no problems and have stayed deleted. After doing this, my computer was still running like before i had run killbox. I couldn't run cleanup, adaware, spybot, and internet explorer without restoring wininet.dll first. MWAV antivirus tool ran fine, but I never had any problems with this anyway.
I then followed your instructions in your 2nd post and uninstalled antivir and rebooted my computer. I then restored wininet.dll but it was still being deleted on rebooting, so it was causing all the same problems as before. I then reinstalled antivir and ran a scan then rebooted. My computer was still deleting wininet.dll on reboot. Before i ran killbox and did any of the steps in your last 2 posts I also noticed that both my windows help and Adaptec Easy Cd Creator 4 programmes would not operate without wininet.dll being restored. Without the file being restored i get the following message when trying to open Microsoft help: "Cannot open the file: mk:@MSITStore:C:\WINDOWS\Help\windows.chm" I get the following message when trying to open Easy Cd Creator 4 "Easy CD Creator engine initialization has failed: (Could not create the engine)" Upon restoration of wininet.dll both of these were running and operating fine, but opon rebooting wouldn't run again. My log from running MWAV antivirus tool is as follows: Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "isearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "perfectnav Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinAdServX.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\scrrun.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\ATL.DLL". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinAdServX.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\SYSTEM\SCRRUN.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{DB40C160-09A1-11D3-BAF2-000000000000}" refers to invalid object "C:\Program Files\ICQ\IExplorerMime.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{f802f260-519b-11d1-bb5d-0060974c6013}" refers to invalid object "C:\Program Files\ICQ\ICQShell.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{EDDC2226-92A4-11D2-88F2-00104B3E670E}" refers to invalid object "C:\PROGRA~1\ICQ\AGENT\ICQWEB~1.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{19A34456-852D-11D2-88E8-00104B3E670E}" refers to invalid object "C:\PROGRA~1\ICQ\AGENT\ICQWEB~1.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{BC55995C-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQFTLIB.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{BC55995F-D9F9-11D2-8A45-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQFTLIB.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{ABA40B01-DDD6-11D1-B674-006097E1E294}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQSMLIB.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A25884D1-CFF7-11D2-8A42-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQSMLIB.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{7392459A-C4AC-11D2-BF33-00104B2794E7}" refers to invalid object "C:\PROGRA~1\ICQ\MCTICKER.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{73924599-C4AC-11D2-BF33-00104B2794E7}" refers to invalid object "C:\PROGRA~1\ICQ\MCTICKER.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D116A2F3-8380-11D2-A147-00104B9B4C0E}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQP3C.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C5D28581-CA46-11d2-A150-00104B9B4C0E}" refers to invalid object "C:\PROGRAM FILES\ICQ\POP3.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D26BB11A-2890-11D3-AF1A-0090270D8D35}" refers to invalid object "C:\PROGRA~1\ICQ\STREAM~1.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{483BE501-E42A-11D1-B679-006097E1E294}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0C116523-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0C116522-3028-11D2-8A05-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FEA9C971-B6B6-11D2-8A38-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\GREETING\ICQGREET.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0659DDD1-FAC8-11D2-ACB6-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{31D6F701-0B27-11D3-ACB8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{30C8A6E1-351E-11D2-8A0B-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{302B93B5-9014-11D2-ACA5-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E37C97F1-904F-11D2-ACA5-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{6E8A9A21-BE9A-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQUNKNW.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C031D0D1-312C-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9C457A31-C68D-11D2-8A3C-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{980556F1-3128-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{08D781E1-3129-11D2-8A09-00104B9B48AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E9AF8C17-BB5B-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\VOICEMESSAGE\ICQVOICE.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{36C1F411-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{36C1F412-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{36C1F413-ABB1-11D2-ACA8-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{25516251-CFE3-11D2-ACB0-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{25516252-CFE3-11D2-ACB0-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\EICQ.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E9AF8C14-BB5B-11D2-ACAE-00104BBC2B53}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{CC772B71-2F0C-11D3-AF13-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{CC772B72-2F0C-11D3-AF13-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{BB5122E3-2F91-11D3-AF14-0090270D89AB}" refers to invalid object "C:\PROGRAM FILES\ICQ\ICQALINV.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3D4E5C2-4990-11D3-ADDF-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{104DD9C3-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{104DD9C5-402D-11D3-AF32-0090271A8BEA}" refers to invalid object "C:\PROGRAM FILES\ICQ\PLUGINS\ICQMAIL\ICQMAIL.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{99B4815C-2008-11d3-AF17-0090270D6DEC}" refers to invalid object "C:\PROGRA~1\ICQ\ALAGENT.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\WINDOWS\SYSTEM\MFC42.1". Action Taken: No Action Taken. Entry "HKCR\CLSID\{DCB06047-D907-11D1-9DF0-006097E09FDB}" refers to invalid object "C:\PROGRA~1\CASINO~1\CHIPCTRL.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{DCB06046-D907-11D1-9DF0-006097E09FDB}" refers to invalid object "C:\PROGRA~1\CASINO~1\CHIPCTRL.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{43D94B25-2B3C-4635-93DE-3240327DC9CD}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0B76AB44-9926-48b3-8738-D864D8E1BE5F}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A1491A15-2BFE-4094-B631-2871FCD35B3B}" refers to invalid object "C:\PROGRA~1\MESSEN~1\MCMESS.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2482B240-E979-11D9-9A77-4445726C1340}" refers to invalid object "C:\WINDOWS\SYSTEM\KFFA.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\SYSTEM\COMCT232.OCX". Action Taken: No Action Taken. My log from hijackthis is as follows: Logfile of HijackThis v1.99.1 Scan saved at 17:10:50, on 22/07/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\w6tq86az.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5CNetscapeSearch.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\w6tq86az.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot O4 - HKLM\..\Run: [DLF_00001000] C:\WINDOWS\SYSTEM\Vcdlf.exe /c O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.fhm.com/girls/zoomify/download/zoomify138.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab |
|
|
|
|
Jul 22 2005, 05:31 AM
Post
#18
|
|
|
Trusted Helper Posts: 1,101 From: Long Island, New York OS: Windows XP Professional |
Dear crytopsy
I would like you to generate a "Startup List" log using the HijackThis application. Here is how you can do this: Restart your computer.
|
|
|
|
|
Jul 22 2005, 07:21 AM
Post
#19
|
|
|
Member Posts: 23 OS: Windows 98 |
Cheers, i really appreciate the work you have been doing to try and fix my computer. Here is the startup list log:
StartupList report, 23/07/05, 01:18:32 StartupList version: 1.52.2 Started from : C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE Detected: Windows 98 SE (Win9x 4.10.2222A) Detected: Internet Explorer v6.00 (6.00.2600.0000) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\NOTEPAD.EXE C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\WINDOWS\Start Menu\Programs\StartUp] EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\WINDOWS\All Users\Start Menu\Programs\StartUp] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ScanRegistry = C:\WINDOWS\scanregw.exe /autorun TaskMonitor = C:\WINDOWS\taskmon.exe SystemTray = SysTray.Exe LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme NInit = C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE 3dfx Tools = rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot DLF_00001000 = C:\WINDOWS\SYSTEM\Vcdlf.exe /c LoadQM = loadqm.exe QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE WheelMouse = Amoumain.exe TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme TVWatch = C:\WINDOWS\SYSTEM\TVWatch.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = C:\WINDOWS\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [SetupcPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf [AppletsPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf [FontsPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf [PerUser_ICW_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383} [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [{89820200-ECBD-11cf-8B85-00AA005B4395}] * StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36 [>PerUser_MSN_Clean] * StubPath = C:\WINDOWS\msnmgsr1.exe [{CA0A4247-44BE-11d1-A005-00805F8ABE06}] * StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf [PerUser_Msinfo] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf [PerUser_Msinfo2] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf [MotownMmsysPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf [MotownAvivideoPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub [MotownMPlayPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf [PerUser_Base] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf [ShellPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf [Shell2PerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf [PerUser_winbase_Links] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf [PerUser_winapps_Links] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf [PerUser_LinkBar_URLs] * StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L [TapiPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf [{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1 [PerUserOldLinks] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf [MmoptRegisterPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf [OlsPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf [OlsMsnPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf [PerUser_Paint_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf [PerUser_Calc_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf [PerUser_dxxspace_Links] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf [PerUser_MSBackup_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 C:\WINDOWS\INF\applets1.inf [PerUser_CVT_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf [MotownRecPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf [PerUser_Vol] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf [PerUser_MSWordPad_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf [PerUser_RNA_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf [PerUser_Wingames_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_Sysmon_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_Sysmeter_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_netwatch_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_CharMap_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_Dialer_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_ClipBrd_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf [MmoptMusicaPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf [MmoptJunglePerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf [MmoptRobotzPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf [MmoptUtopiaPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf [PerUser_CDPlayer_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf [{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95 [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install [Shell3PerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf [Theme_Windows_PerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 C:\WINDOWS\INF\themes.inf [Theme_MoreWindows_PerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *No subkeys found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load= run= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=Explorer.exe SCRNSAVE.EXE= drivers=mmsystem.dll power.drv -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- C:\WINDOWS\WININIT.INI listing: *File not found* -------------------------------------------------- C:\WINDOWS\WININIT.BAK listing: (Created 22/7/2005, 15:34:48) [rename] NUL=C:\WINDOWS\TEMP\DELUS.EXE -------------------------------------------------- C:\AUTOEXEC.BAT listing: attrib -s -h -r c:\windows\system\wininet.dll del c:\windows\system\wininet.dll -------------------------------------------------- C:\CONFIG.SYS listing: DEVICE=C:\WINDOWS\HIMEM.SYS DEVICE=C:\WINDOWS\EMM386.EXE RAM DOS=HIGH,UMB DEVICEHIGH=C:\WINDOWS\SAMPLE.SYS /D:MSCD001 DEVICEHIGH=C:\WINDOWS\COMMAND\ANSI.SYS DEVICEHIGH=C:\WINDOWS\COMMAND\DRVSPACE.SYS /MOVE [COMMON] -------------------------------------------------- C:\WINDOWS\WINSTART.BAT listing: *File not found* -------------------------------------------------- C:\WINDOWS\DOSSTART.BAT listing: ECHO OFF LH C:\MOUSE\MOUSE LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:MSCD001 /V LH SMARTDRV -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Internet Explorer Classes for Java] CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd [Yahoo! Audio Conferencing] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\YACSCOM.DLL CODEBASE = http://cs6.chat.yahoo.com/v/yacscom.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab [{00000161-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab [{3334504D-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab [Zoom Class] InProcServer32 = C:\WINDOWS\DOWNLO~1\ZACTIVEX.DLL CODEBASE = http://www.fhm.com/girls/zoomify/download/zoomify138.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab [{31564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab [QuickTime Object] InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [CV3 Class] InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL CODEBASE = http://windowsupdate.microsoft.com/R880/V3...en/actsetup.cab [{32564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab [Update Class] InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...B?1070498057050 [Yahoo! Poker] InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL CODEBASE = http://download.games.yahoo.com/games/clients/y/pt3_x.cab OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Poker.osd [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll -------------------------------------------------- Enumerating Win9x VxD services: VNETSUP: vnetsup.vxd NDIS: ndis.vxd,ndis2sup.vxd JAVASUP: JAVASUP.VXD CONFIGMG: *CONFIGMG NTKern: *NTKERN VWIN32: *VWIN32 VFBACKUP: *VFBACKUP VCOMM: *VCOMM COMBUFF: *COMBUFF IFSMGR: *IFSMGR IOS: *IOS MTRR: *mtrr SPOOLER: *SPOOLER UDF: *UDF VFAT: *VFAT VCACHE: *VCACHE VCOND: *VCOND VCDFSD: *VCDFSD VXDLDR: *VXDLDR VDEF: *VDEF VPICD: *VPICD VTD: *VTD REBOOT: *REBOOT VDMAD: *VDMAD VSD: *VSD V86MMGR: *V86MMGR PAGESWAP: *PAGESWAP DOSMGR: *DOSMGR VMPOLL: *VMPOLL SHELL: *SHELL PARITY: *PARITY BIOSXLAT: *BIOSXLAT VMCPD: *VMCPD VTDAPI: *VTDAPI PERF: *PERF VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386 VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd VNETBIOS: vnetbios.vxd VREDIR: (no file) DFS: dfs.vxd -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 24,136 bytes Report generated in 0.440 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
|
|
|
|
Jul 22 2005, 07:53 AM
Post
#20
|
|
|
Trusted Helper Posts: 1,101 From: Long Island, New York OS: Windows XP Professional |
Dear cryptopsy,
When you restore the "wininet.dll" file back to your computer system (i.e. don't reboot the computer, because this file will get deleted as you are well aware of), I want you to do the following: Double-click on My Computer and locate the file "wininet.dll" (this should be located in the C:\windows\system directory). Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Company Name", "Internal Name", "Language", "Original Filename", "Product Name", and "Product Version", and please post whatever the text in the box immediately to the right says for each, in a reply to this post. Also on the "Version" tab, post back to me, what it says for "File Version", "Description" and "Copyright". rambro
|
|
|
|
|
Jul 22 2005, 09:25 AM
Post
#21
|
|
|
Trusted Helper Posts: 1,101 From: Long Island, New York OS: Windows XP Professional |
Dear cryptospy,
Please go to Start -> Programs -> Accessories and open up the Notepad application (i.e. notepad.exe). Once the Notepad application is open, go to the "File" menu on the notepad application and choose "Open". In the "Open" dialog box, in the "Files of type" text drop-down box, click the downward arrow and choose "All Files (*.*)". Next go to the following file: C:\autoexec.bat and open it (make sure the "Files of type" is set to "All Files"). Copy and paste the contents of the "autoexec.bat" file in a reply to this post. Close the notepad application. Do not alter the "autoexec.bat" file in any way rambro
|
|
|
|
|
Jul 22 2005, 11:55 PM
Post
#22
|
|
|
Member Posts: 23 OS: Windows 98 |
Here are the wininet.dll file details:
File version: 5.00.2614.3500 Description: Internet Extensions for Win32 Copyright: Copyright © Microsoft Corp. 1981-1999 Company name: Microsoft Corporation Internal name: wininet.dll Language: English (United States) Original filename: wininet.dll Product name: Microsoft® Windows ® 2000 Operating System Product version: 5.00.2614.3500 Here are the contents of autoexec.bat from notepad: attrib -s -h -r c:\windows\system\wininet.dll del c:\windows\system\wininet.dll |
|
|
|
|
Jul 23 2005, 04:57 AM
Post
#23
|
|
|
Trusted Helper Posts: 1,101 From: Long Island, New York OS: Windows XP Professional |
Dear cryptospy,
Read this post over a couple of times before executing the steps in this post. From your last post, I noticed in the properties of the "wininet.dll" fiile that the product name said "Microsoft® Windows ® 2000 Operating System", are you restoring the wininet.dll file from your windows 98 CD or from a windows 2000 CD? Let me know your reponse in detail. In this post we are going to manipulate and important file on your computer system called the "autoexec.bat" file through the notpad application. When you "open" and "save" this file in the notepad application, make sure the "Files of type" and the "Save as type" text drop-down boxes are set to "All Files" respectively. Before we manipulate the the "autoexec.bat" file, I want to create a backup of this original "autoexec.bat" file, just in case, the fix in this post does not work, and we have to restore the original file back to your computer system. Let us first open up our notepad application by going to Start -> Programs -> Accessories -> Notepad. The Notepad application should open up, go the the "File" menu and click on "Open", the "Open" dialogue box will open up, make sure the "Files of type" is changed to "All Files". Go to the following file, which is located at "C:\autoexec.bat" and open it up. Go to the "File" menu in the notepad application and click on "Save As", the "Save As" dialog box should open up, name this file "autoexec.old" and save the file in the C:\ directory, make sure the "Save as type" text drop-down box is set to "All Files". Once this is done, click on the "Save" button and close out of the notepad application. You have just created your "autoexec.bat" backup file and called it "autoexec.old" Next, open up the notepad application again, and go to the file located at "C:\autoexec.bat" and open up that file, making sure that the "Files of type" is changed to "All Files". Now I want you to delete the following lines in this file (be careful while executing this procedure because this file is important): QUOTE attrib -s -h -r c:\windows\system\wininet.dll del c:\windows\system\wininet.dll then I want you to go to the "File" menu in the notepad application and click the "Save" item under the "File" heading of the notepad's menu bar. Restore your "wininet.dll" file from your windows 98 CD-ROM, if you have not done so already and reboot your computer. Let me know in detail, what happens to the "wininet.dll" file on reboot (it should not be deleted on reboot). Note: if something goes wrong with the current (manipulated) autoexec.bat file, then rename/delete this file and rename the "autoexec.old" file back to the "autoexec.bat" file name. ******************************** Next, I have some files, I want you to delete in the "Safe mode". Please reboot your computer into Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml Delete the following file marked in blue (if it exists) C:\WINDOWS\TEMP\DELUS.EXE Finally, go to the Start Menu, click "Run", and in the window type cleanmgr. This will run the System Cleanup program. Make sure the box next to "Temporary files" is checked, and then click "OK". Restart your computer, in normal mode, and then please post a new "Startup List" log using the HijackThis application. In addition, let me know in detail how your computer system is running after performing the above steps.
This post has been edited by rambro: Jul 23 2005, 05:24 AM |
|
|
|
|
Jul 23 2005, 06:39 PM
Post
#24
|
|
|
Member Posts: 23 OS: Windows 98 |
In response to your first question i have been restoring wininet.dll from my windows 98 cd. I don't have windows 2000 installed and never had so it struck me as weird when i saw "Microsoft® Windows ® 2000 Operating System" under the product name.
After following your instructions wininet.dll is no longer being deleted on reboot, and the command line has disappeared from the startup screens as expected. I have also had no problems with autoexec.bat. With regards to how my computer is now running, Cleanup, Adaware and Spybot are able to startup and run fine. My Windows help menu and Adaptec Easy Cd Creator programme are also opening and running fine. Outlook express is opening and running fine. Internet explorer is opening with no problems and is running pretty much fine. The only problem i am having with it, was when i tried to go to www.hotmail.com i got the following message: "Cookies must be allowed Your browser is currently set to block cookies. Your browser must allow cookies before you can use the Passport Network. Cookies are small text files stored on your computer that tell Passport Network sites and services when you're signed in. To learn how to allow cookies, see online help in your web browser." I then went into my internet options and noticed that the privacy tab was set at: "Custom -Advanced or imported settings" I then clicked the default button and moved the slider to medium to try and allow cookies. I then clicked on apply and ok. However, when i went back into my internet options straight away, the privacy settings were back to custom again. I tried to changed the slider to a different setting of "allow all cookies" and clicked on apply and ok. However upon going back into the internet options the privacy level was back at custom again. I then went to the general tab in internet options and clicked on settings for temporary internet files. I then looked at the files and noticed that temporary internet files were being stored from websites i had just viewed as per usual, and the cookie files from certain websites that i had just visited were in there as well. I then tried to access my hotmail inbox via msn messenger and i did so with no problems. After viewing my inbox and signing out i went back into my temporary internet files and noticed that the following cookies were in there: cookie:family@hotmail.msn.com cookie:family@msn.com cookie:family@passport.com However i still could not access www.hotmail.com by way of internet explorer due to getting the message that cookies must be allowed. I then went back to the privacy tab in internet options and clicked edit. I then typed in www.hotmail.com and clicked allow, but when doing so i got the following error message: EXPLORER caused an invalid page fault in module <unknown> at 0000:00000009. Registers: EAX=02848856 CS=017f EIP=00000009 EFLGS=00010286 EBX=70bff27d SS=0187 ESP=028467cc EBP=0284a8ec ECX=44671102 DS=0187 ESI=00000000 FS=340f EDX=d4760e40 ES=0187 EDI=00000000 GS=0000 Bytes at CS:EIP: 00 49 06 65 04 70 00 65 04 70 00 54 ff 00 f0 d8 Stack dump: 00000187 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0000012a 00000011 000001d9 00000078 00000303 00000089 00000000 00000000 I tried again but continued to get the same message. To see if i could modify anything in internet options, i changed my homepage and clicked apply and ok. This worked with no problems. Apart from this problem with hotmail.com, my computer is running and operating with no problems that i am aware of. Here is my startup list log from hijackthis: StartupList report, 24/07/05, 12:06:16 StartupList version: 1.52.2 Started from : C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE Detected: Windows 98 SE (Win9x 4.10.2222A) Detected: Internet Explorer v6.00 (6.00.2600.0000) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\EXPLORER.EXE C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE C:\WINDOWS\NOTEPAD.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\WINDOWS\Start Menu\Programs\StartUp] EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\WINDOWS\All Users\Start Menu\Programs\StartUp] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ScanRegistry = C:\WINDOWS\scanregw.exe /autorun TaskMonitor = C:\WINDOWS\taskmon.exe SystemTray = SysTray.Exe LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme NInit = C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE 3dfx Tools = rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot DLF_00001000 = C:\WINDOWS\SYSTEM\Vcdlf.exe /c LoadQM = loadqm.exe QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE WheelMouse = Amoumain.exe TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme TVWatch = C:\WINDOWS\SYSTEM\TVWatch.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = C:\WINDOWS\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [SetupcPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf [AppletsPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf [FontsPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf [PerUser_ICW_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383} [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [{89820200-ECBD-11cf-8B85-00AA005B4395}] * StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36 [>PerUser_MSN_Clean] * StubPath = C:\WINDOWS\msnmgsr1.exe [{CA0A4247-44BE-11d1-A005-00805F8ABE06}] * StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf [PerUser_Msinfo] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf [PerUser_Msinfo2] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf [MotownMmsysPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf [MotownAvivideoPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub [MotownMPlayPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf [PerUser_Base] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf [ShellPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf [Shell2PerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf [PerUser_winbase_Links] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf [PerUser_winapps_Links] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf [PerUser_LinkBar_URLs] * StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L [TapiPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf [{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1 [PerUserOldLinks] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf [MmoptRegisterPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf [OlsPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf [OlsMsnPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf [PerUser_Paint_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf [PerUser_Calc_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf [PerUser_dxxspace_Links] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf [PerUser_MSBackup_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 C:\WINDOWS\INF\applets1.inf [PerUser_CVT_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf [MotownRecPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf [PerUser_Vol] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf [PerUser_MSWordPad_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf [PerUser_RNA_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf [PerUser_Wingames_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_Sysmon_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_Sysmeter_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_netwatch_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_CharMap_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_Dialer_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf [PerUser_ClipBrd_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf [MmoptMusicaPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf [MmoptJunglePerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf [MmoptRobotzPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf [MmoptUtopiaPerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf [PerUser_CDPlayer_Inis] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf [{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95 [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install [Shell3PerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf [Theme_Windows_PerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 C:\WINDOWS\INF\themes.inf [Theme_MoreWindows_PerUser] * StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *No subkeys found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load= run= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=Explorer.exe SCRNSAVE.EXE= drivers=mmsystem.dll power.drv -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- C:\WINDOWS\WININIT.INI listing: *File not found* -------------------------------------------------- C:\WINDOWS\WININIT.BAK listing: (Created 22/7/2005, 15:34:48) [rename] NUL=C:\WINDOWS\TEMP\DELUS.EXE -------------------------------------------------- C:\AUTOEXEC.BAT listing: -------------------------------------------------- C:\CONFIG.SYS listing: DEVICE=C:\WINDOWS\HIMEM.SYS DEVICE=C:\WINDOWS\EMM386.EXE RAM DOS=HIGH,UMB DEVICEHIGH=C:\WINDOWS\SAMPLE.SYS /D:MSCD001 DEVICEHIGH=C:\WINDOWS\COMMAND\ANSI.SYS DEVICEHIGH=C:\WINDOWS\COMMAND\DRVSPACE.SYS /MOVE [COMMON] -------------------------------------------------- C:\WINDOWS\WINSTART.BAT listing: *File not found* -------------------------------------------------- C:\WINDOWS\DOSSTART.BAT listing: ECHO OFF LH C:\MOUSE\MOUSE LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:MSCD001 /V LH SMARTDRV -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Internet Explorer Classes for Java] CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd [Yahoo! Audio Conferencing] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\YACSCOM.DLL CODEBASE = http://cs6.chat.yahoo.com/v/yacscom.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab [{00000161-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab [{3334504D-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab [Zoom Class] InProcServer32 = C:\WINDOWS\DOWNLO~1\ZACTIVEX.DLL CODEBASE = http://www.fhm.com/girls/zoomify/download/zoomify138.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab [{31564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab [QuickTime Object] InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [CV3 Class] InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL CODEBASE = http://windowsupdate.microsoft.com/R880/V3...en/actsetup.cab [{32564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab [Update Class] InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...B?1070498057050 [Yahoo! Poker] InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL CODEBASE = http://download.games.yahoo.com/games/clients/y/pt3_x.cab OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Poker.osd [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll -------------------------------------------------- Enumerating Win9x VxD services: VNETSUP: vnetsup.vxd NDIS: ndis.vxd,ndis2sup.vxd JAVASUP: JAVASUP.VXD CONFIGMG: *CONFIGMG NTKern: *NTKERN VWIN32: *VWIN32 VFBACKUP: *VFBACKUP VCOMM: *VCOMM COMBUFF: *COMBUFF IFSMGR: *IFSMGR IOS: *IOS MTRR: *mtrr SPOOLER: *SPOOLER UDF: *UDF VFAT: *VFAT VCACHE: *VCACHE VCOND: *VCOND VCDFSD: *VCDFSD VXDLDR: *VXDLDR VDEF: *VDEF VPICD: *VPICD VTD: *VTD REBOOT: *REBOOT VDMAD: *VDMAD VSD: *VSD V86MMGR: *V86MMGR PAGESWAP: *PAGESWAP DOSMGR: *DOSMGR VMPOLL: *VMPOLL SHELL: *SHELL PARITY: *PARITY BIOSXLAT: *BIOSXLAT VMCPD: *VMCPD VTDAPI: *VTDAPI PERF: *PERF VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386 VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd VNETBIOS: vnetbios.vxd VREDIR: (no file) DFS: dfs.vxd -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 24,220 bytes Report generated in 0.388 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
|
|
|
|
Jul 23 2005, 07:43 PM
Post
#25
|
|
|
Trusted Helper Posts: 1,101 From: Long Island, New York OS: Windows XP Professional |
Dear cryptospy,
Since you are using an older version of the "wininet.dll" file. I would like you to re-install a new version of Internet Explorer over your older version. The re-installation of a new version of Internet Explorer will also download a current version of your "wininet.dll" file. Open up your Netscape Navigator browser and download the setup file for the current Internet Explorer browser application from the following web site: http://www.microsoft.com/downloads/details...&DisplayLang=en. Once the the Internet Exploxer setup file is downloaded to your computer (you should save this file to your desktop or better yet create a new folder and name it "Internet Explorer Set Up File" and save the IE browser setup file to this folder), exit out of the Netscape Navigator browser. Make sure no other browsers and windows are open, and then proceed to install your Internet Explorer browser application. If during the installation of the Interenet Explorer browser, the installation should prompt you that you have a "previous installation of Internet Explorer on your computer, and if you want to overwrite your existing Internet Explorer files", choose Yes or OK. This will overwrite your existing IE files and in the process give you a new version of the "wininet.dll" file. Next, after your new IE browser is installed, double-click on My Computer and locate the file "wininet.dll" (this should be located in the C:\windows\system directory). Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Company Name", "Internal Name", "Language", "Original Filename", "Product Name", and "Product Version", and please post whatever the text in the box immediately to the right says for each, in a reply to this post. Also on the "Version" tab, post back to me, what it says for "File Version", "Description" and "Copyright". In addition, let me know in detail how your computer system is running after performing the above steps.
|
|
|
|
|
Jul 24 2005, 11:09 PM
Post
#26
|
|
|
Member Posts: 23 OS: Windows 98 |
I reinstalled Internet explorer and i can now go to www.hotmail.com and am able to change my cookie settings with no problems. My computer is now having no problems that i am aware of. Here are the new wininet.dll details:
File version: 6.00.2800.1106 Description: Internet Extensions for Win32 Copyright: © Microsoft Corporation. All rights reserved. Company name: Microsoft Corporation Internal name: wininet.dll Language: English (United States) Original filename: wininet.dll Product name: Microsoft® Windows® Operating System Product version: 6.00.2800.1106 |
|
|
|
|
Jul 25 2005, 12:09 AM
Post
#27
|
|
|
Trusted Helper Posts: 1,101 From: Long Island, New York OS: Windows XP Professional |
Dear cryptospy,
Here's some recommended changes in the IE browser settings that will help protect your computer from infection. Go to the Tools menu, then choose Internet Options. Click on the Privacy tab and click on the Advanced button. In the box that pops up, check both the Override automatic cookie handling and Always allow session cookies boxes. Set First party cookies to "Allow" and Third party cookies to "Block". Click OK Go to the Security tab & click the Custom Level button. The following ActiveX section settings should be changed as follows: * Download signed ActiveX controls: Prompt * Download unsigned ActiveX controls: Prompt * Initialize and script ActiveX controls not marked as safe: Disable In the Microsoft VM section (if it exists), set Java Permissions to "High Safety". In the Miscellaneous section, set Installations of desktop items to "Prompt" Click on the Advanced tab and uncheck both Install on demand items. Click on Apply, then OK. ************************ Dear cryptopy, please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here: http://www.mozilla.org/products/firefox/. I use Firefox as my main browser, to search the Internet and have Internet Explorer as a backup. If you decide to download and run Firefox, and feel comfortable with this browser, then you may want to uninstall your netscape browser. I use Internet Explorer, for windows 98 updates and to run certain on-line scans such as Housecall and the Panda Active Scan. rambro
This post has been edited by rambro: Jul 25 2005, 06:02 AM |
|
|
|
|
Jul 25 2005, 12:16 AM
Post
#28
|
|
|
Trusted Helper Posts: 1,101 From: Long Island, New York OS: Windows XP Professional |
Dear cryptopsy,
I would like you to run the following applications.
2. Housecall by Trend Micro (run from the IE browser) 3. Panda Active Scan (run from the IE browser) 4. Ad-Aware SE (See this link: http://www.bleepingcomputer.com/forums/?showtutorial=48 ) 5. Spybot Search and Destroy (See this link: http://www.bleepingcomputer.com/forums/?showtutorial=43 ) 6. Test to see if the SilentRunners application is working (you don't have to give me the log, just let me know in a reply to this post if it is working). 7. Test to see if the MWAV antivirus tool application is working (you don't have to give me the log, just let me know in a reply to this post if it is working). 8. Scan your computer with your "AntiVir Personal Edition" antivirus software.
This post has been edited by rambro: Jul 25 2005, 06:06 AM |
|
|
|
|
Jul 25 2005, 05:47 AM
Post
#29
|
|
|
Trusted Helper Posts: 1,101 From: Long Island, New York OS: Windows XP Professional |
Dear cryptopsy,
Restart your computer and then please post a new HijackThis log.
|
|
|
|
|
Jul 25 2005, 10:40 PM
Post
#30
|
|
|
Member Posts: 23 OS: Windows 98 |
I changed the internet explorer settings as directed, and will look into firefox further. I ran all the required programmes with no difficulty except silentrunners was still coming up with the same message as before when i tried to start it, of:
Windows Script Host Script: C:\Windows\Desktop\Silent Runners.vbs Line: 84 Char: 13 Error: Could not create object named "WScript.Shell". Code: 80040154 Source: WScript.CreateObject My computer is currently running fine with no problems that i am aware of. Here is my hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 16:35:22, on 26/07/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\GEOFF\FIXING COMPUTER\PROGRAMMES\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot O4 - HKLM\..\Run: [DLF_00001000] C:\WINDOWS\SYSTEM\Vcdlf.exe /c O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.fhm.com/girls/zoomify/download/zoomify138.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
8 / 1,154 | 12th November 2005 - 10:01 AM dnulnoj started - last by Michelle |
|||||
|
10 / 3,446 | 13th August 2005 - 08:13 AM hunterwang started - last by greyknight17 |
|||||
 |
18 / 5,214 | 22nd August 2005 - 10:04 PM johanvd started - last by Michelle |
|||||
|
16 / 1,868 | 10th September 2005 - 05:57 AM RecoDesign started - last by LostAccount |
|||||
|
Time is now: 20th November 2009 - 07:50 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising