Scan saved at 11:49:58 PM, on 4/8/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://searchforfree.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchforfree.info/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {100F5040-0FE2-11d3-8A81-00C04F529A5F} - (no file)
O2 - BHO: (no name) - {0388EC16-BA98-416f-9D9B-B9A031E427AF} - C:\WINDOWS\SYSTEM\vr9uh38e3n1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 6.0\IOMON98.EXE"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [FX] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELOADER.EXE
O4 - HKLM\..\Run: [isystem] C:\WINDOWS\SYSTEM\isystem.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
O4 - HKLM\..\Run: [C:\WINDOWS\SYSTEM\nvdsvc32.exe ] C:\WINDOWS\SYSTEM\nvdsvc32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 6.0\IOMON98.EXE"
O4 - HKLM\..\RunServices: [PPHIDPAD] C:\WINPENJR\WIN32\PPHIDPAD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKCU\..\Run: [ICQ Plus] C:\PROGRA~1\ICQPLUS\vplus.exe
O4 - HKCU\..\Run: [ldriver] C:\WINDOWS\SYSTEM\ldriver.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O15 - Trusted Zone: http://*.msn.com (HKLM)
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {2F09FE00-B790-11D1-8157-00A0C90DD90C} (MSNBC News Browser Control 2.3) - http://www.msnbc.com...load/nb0330.cab
O16 - DPF: Yahoo! MahJong - http://yog13.yahoo.com/yog/y/oi0_x.cab
O16 - DPF: {AABDAB84-5B60-11D1-A046-0000F803FC79} - http://fdl.msn.com/z...4/heartbeat.cab
O16 - DPF: Yahoo! Blackjack - http://yog6.yahoo.com/yog/y/jf0_x.cab
O16 - DPF: Yahoo! Hearts - http://yog5.yahoo.com/yog/y/hf0_x.cab
O16 - DPF: Yahoo! Chess - http://yog1.yahoo.com/yog/y/cf0_x.cab
O16 - DPF: Yahoo! Go - http://yog12.yahoo.com/yog/y/gd0_x.cab
O16 - DPF: Yahoo! Bridge - http://yog11.yahoo.com/yog/y/bd2_x.cab
O16 - DPF: Yahoo! Reversi - http://yog13.yahoo.com/yog/y/ri0_x.cab
O16 - DPF: Yahoo! Poker - http://yog10.yahoo.com/yog/y/pf0_x.cab
O16 - DPF: {E89366AF-2E44-11D1-91AE-006097D602F7} (FileAccess Control) - http://www3.briefcas...vex/vfile03.dll
O16 - DPF: Yahoo! Towers 2.0 - http://yog14.yahoo.c...og/y/ywi2_x.cab
O16 - DPF: Dialpad US Java Applet - http://dialpad.com/applet/src/vscp.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://vparivalka.co...::/ieloader.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ucsd.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = ucsd.edu,resnet.ucsd.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.54.16.2,137.110.0.26,132.239.1.52
O21 - SSODL: nBCIaKVDPY - {24481408-8EE2-BEA2-57F8-7E905BBA0CD6} - C:\WINDOWS\SYSTEM\TTJ.DLL
done. But still same.Logfile of HijackThis v1.99.1
Scan saved at 4:53:36 AM, on 4/10/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TREND PC-CILLIN 6.0\IOMON98.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 6.0\WEBTRAP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://searchforfree.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchforfree.info/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://searchforfree.info/browser/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 6.0\IOMON98.EXE"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [FX] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELOADER.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [isystem] C:\WINDOWS\SYSTEM\isystem.exe
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 6.0\IOMON98.EXE"
O4 - HKLM\..\RunServices: [PPHIDPAD] C:\WINPENJR\WIN32\PPHIDPAD.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ldriver] C:\WINDOWS\SYSTEM\ldriver.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O15 - Trusted Zone: http://*.msn.com (HKLM)
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: Yahoo! Go - http://yog12.yahoo.com/yog/y/gd0_x.cab
Edited by herman22, 10 April 2005 - 05:54 AM.