Hey Trevuren...I followed the steps as you said...after i ran SpSeHjfix, the system did no automatically reboot so I rebooted...then I ran CWShredder and it did not find any trojan. Here is the HJT log
Logfile of HijackThis v1.99.1
Scan saved at 1:35:56 PM, on 7/9/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MLT1100L\Wswpd.exe
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COMPAQ\INTERNET\WATCHDOG.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\INTEL32.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F1 - win.ini: run=C:\MLT1100L\WSWPD.EXE
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {C5FC17C1-EDB0-11D9-9D6A-D9505D192B4F} - C:\WINDOWS\SYSTEM\CPBN.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [Minolta PageWorks/Pro 1100L] C:\MLT1100L\WSWPD.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\SYSTEM\intel32.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Tools_95\IMGSTART.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Tools_95\IMGICON.EXE
O4 - Startup: Iomega Watch.lnk = C:\Program Files\Tools_95\IOWATCH.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtw32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) -
http://vivo.real.com/dldv2/vvweb.cabO16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) -
http://www.cookiecen...ex/ikcntrls.cabO16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://rpma02ln.rush.edu/iNotes.cabO21 - SSODL: NDmqTBfScObA - {15341AD8-BF9E-B072-1F83-B5305430103E} - C:\WINDOWS\SYSTEM\FQMC.DLL (file missing)
and here is the SpSeHjfix log...
(7/9/05 1:19:14 PM) SPSeHjFix started v1.09
(7/9/05 1:19:14 PM) OS: Win98 (4.10.67766222)
(7/9/05 1:19:14 PM) Language: english
(7/9/05 1:19:26 PM) Disinfect started
(7/9/05 1:19:26 PM) Bad-Dll(IEP): (not found)
(7/9/05 1:19:26 PM) Bad-Dll(IEP) in BHO: (not found)
(7/9/05 1:19:26 PM) UBF: 4
(7/9/05 1:19:26 PM) UBB: 1
(7/9/05 1:19:26 PM) UBR: 23
(7/9/05 1:19:26 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(7/9/05 1:19:26 PM) Stealth-String not found:
(7/9/05 1:19:26 PM) Not infected->END
i saw the about:blank was still there so i ran through the steps again and here is the current HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 1:57:54 PM, on 7/9/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MLT1100L\Wswpd.exe
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COMPAQ\INTERNET\WATCHDOG.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\INTEL32.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F1 - win.ini: run=C:\MLT1100L\WSWPD.EXE
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {C5FC17C1-EDB0-11D9-9D6A-D9505D192B4F} - C:\WINDOWS\SYSTEM\CPBN.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [Minolta PageWorks/Pro 1100L] C:\MLT1100L\WSWPD.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\SYSTEM\intel32.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Tools_95\IMGSTART.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Tools_95\IMGICON.EXE
O4 - Startup: Iomega Watch.lnk = C:\Program Files\Tools_95\IOWATCH.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtw32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) -
http://vivo.real.com/dldv2/vvweb.cabO16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) -
http://www.cookiecen...ex/ikcntrls.cabO16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://rpma02ln.rush.edu/iNotes.cabO21 - SSODL: NDmqTBfScObA - {15341AD8-BF9E-B072-1F83-B5305430103E} - C:\WINDOWS\SYSTEM\FQMC.DLL (file missing)
thanks for the help....