This topic is locked
I'm quite a novice and completely new to this site, but here are some details which I hope may be of help: (originally I posted this in the wrong place, with mistakes, and it was the wrong log too, using an older Hijack This! Sorry.)
Anyway....
My Wannadoo home page was suddenly coming up blank and with the title "about blank".
3 sex-related sites were added to bottom of favourites drop down list.
AVG reported many '.exe' files repeatedly, especially immediately after going on online.
Full AVG scan revealed 16 "trojan horse" things, 14 in C/windows, and 2 in C/Windows/system.
(examples: wp.exe, mskmidi.exe, javapb.exe, iedp32.exe, etc) - all were listed as 'Downloader Agent 11or 12. BA or H or Q or D' except for 'mskmidi.exe' which was listed as a trojan horse 'starter page.18.2'
Adaware revealed 27 critical objects, 25 of which were 'coolwebsearch' related.
Cwshredder (last merijin version) ran - nothing found.
New/updated Cwshredder ran - nothing found.
First I used the old HijackThis to carefully clear one or two things that looked dodgy, and then, I noticed that in Control Panel - Add/Remove programs, there were 3 things that shouldn't have been there, and wouldn't be removed -
"Home Search Assistent" (sic)
"Search Extender"
"Shopping Wizard"
I used regedit to back-up these keys before removing them. (HKLM,Soft, Mic, Win, CV, uninstall etc)
The pc seems to be fine now, but I was just wondering if everything has gone - and so I thought I would post this new HijackThis log to see if anyone can offer any advice. Thankyou.
--------------
Logfile of HijackThis v1.99.1
Scan saved at 13:39:07, on 11/05/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\MY DOCUMENTS\SHAUN'S FOLDER\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O9 - Extra button: (no name) - {f3de51e0-ba15-11d4-9351-004f4e03f590} - C:\Program Files\Dolphin\LinkNavigator\dolnav.htm
O9 - Extra 'Tools' menuitem: Dolphin Links Naviga&tor - {f3de51e0-ba15-11d4-9351-004f4e03f590} - C:\Program Files\Dolphin\LinkNavigator\dolnav.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.furness.a...sses/CFJava.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.cabourg.n...sCamControl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.m7z....llInstaller.exe
-------------
Really hope someone can help.
Genuine thanks in advance.
diggerbarnes.
Sign In
Create Account
