here's the logfile of
1.) CWshedder
**** Run Keys ****
RUN: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
RUN: [TaskMonitor] C:\WINDOWS\taskmon.exe
RUN: [SystemTray] SysTray.Exe
RUN: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
RUN: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
RUN: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
RUN: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
RUN: [Logitech Utility] LOGI_MWX.EXE
RUN: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
RUN: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RUN: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
RUN: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
**** Browser Helper Objects ****
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar1.dll
**** IE Toolbars ****
TOOLBAR: [&Radio] C:\WINDOWS\SYSTEM\MSDXM.OCX
TOOLBAR: [&Google] c:\program files\google\googletoolbar1.dll
**** IE Extensions ****
IEExt: [@shdoclc.dll,-866]
IEExt: [Run DAP] C:\PROGRA~1\DAP\DAP.EXE
IEExt: [Microsoft AntiSpyware helper] C:\PROGRA~1\DAP\DAP.EXE
**** Hosts File Entries ****
**** IE Settings ****
Default Page:
http://www.microsoft...er=6&ar=msnhome Default Search:
http://www.microsoft...=ie&ar=iesearch Local Page: C:\WINDOWS\SYSTEM\blank.htm
**** IE Context Menu (Right click) ****
IEContext: [&Google Search] res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
IEContext: [Cached Snapshot of Page] res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
IEContext: [Similar Pages] res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
IEContext: [Backward Links] res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
IEContext: [Translate into English] res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
IEContext: [&Download with &DAP] C:\PROGRA~1\DAP\dapextie.htm
IEContext: [Download &all with DAP] C:\PROGRA~1\DAP\dapextie2.htm
**** Layered Service Providers ****
LSP: MS.w95.spi.tcp
LSP: MS.w95.spi.udp
LSP: MS.w95.spi.rsvptcp
LSP: MS.w95.spi.rsvpudp
**** Blocked Control Panel Items ****
BLOCKED: []
**** Downloaded Program Files ****
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso4.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
**** Windows Services ****
**** Custom IE Search Items ****
SEARCH: [CustomizeSearch]
http://ie.search.msn...st/srchcust.htm **** Complete IE Options ****
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\SYSTEM\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Show_ChannelBand] no
IEOPT: [LastCheckedHi]
IEOPT: [FullScreen] no
IEOPT: [Use FormSuggest] no
IEOPT: [NotifyDownloadComplete] no
IEOPT: [Window_Placement] ,
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Disable Script Debugger] yes
IEOPT: [AutoSearch]
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Save Directory] C:\My Documents\baby stages\
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [conc]
IEOPT: [Toolbars_Placement]
IEOPT: [Default_Page_URL]
http://www.microsoft...er=6&ar=msnhome IEOPT: [Default_Search_URL]
http://www.microsoft...=ie&ar=iesearch IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\WINDOWS\SYSTEM\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Custom_Key] MICROSO
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [FullScreen] no
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
2.) SPSeHjfix
(7/26/05 6:34:55 PM) SPSeHjFix started v1.1.2
(7/26/05 6:34:55 PM) OS: Win98SE A (4.10.2222)
(7/26/05 6:34:55 PM) Language: english
(7/26/05 6:34:55 PM) Win-Path: C:\WINDOWS
(7/26/05 6:34:55 PM) System-Path: C:\WINDOWS\SYSTEM
(7/26/05 6:34:55 PM) Temp-Path: C:\WINDOWS\TEMP\
(7/26/05 6:35:02 PM) Disinfection started
(7/26/05 6:35:02 PM) Bad-Dll(IEP): c:\windows\temp\se.dll
(7/26/05 6:35:02 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\GLJF.DLL
(7/26/05 6:35:02 PM) Searchassistant Uninstaller - Keys Deleted
(7/26/05 6:35:02 PM) UBF: 4 - UBB: 0 - UBR: 14
(7/26/05 6:35:02 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(7/26/05 6:35:02 PM) UBF: 4 - UBB: 0 - UBR: 13
(7/26/05 6:35:02 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/space.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/space.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(7/26/05 6:35:02 PM) Stealth-String not found
(7/26/05 6:35:02 PM) File added to delete: c:\windows\system\gljf.dll
(7/26/05 6:35:02 PM) File added to delete: c:\windows\temp\se.dll
(7/26/05 6:35:02 PM) Reboot
(7/26/05 6:35:48 PM) SPSeHjFix 2nd Step
(7/26/05 6:35:48 PM) Stealth-String not present. Disinfection succesfully
(7/26/05 6:35:53 PM) Cleaned
3.) New logile of Hijack this
Logfile of HijackThis v1.99.1
Scan saved at 6:38:03 PM, on 7/26/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\OUTPOSTUPDATE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - HKCU\..\Run: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - HKCU\..\RunServices: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - Startup: BRPReminder.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {171BBF00-F9ED-11D9-BB3A-00115B1F273D} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {171BBF00-F9ED-11D9-BB3A-00115B1F273D} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {171BBF00-F9ED-11D9-BB3A-00115B1F273D} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {171BBF00-F9ED-11D9-BB3A-00115B1F273D} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O16 - DPF: {9EAC0102-5E61-2312-BC2D-000000000000} -
http://www.awmdabest...btd/5111/td.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adi.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.10.1.1
One more problem in Win XP my cablenet software is working but no net applications are running (ie) no IE 6.0 (SP1) and yahoo msg 7 (beta) and others are not working plz also tell me remedy to this problem
And IE 6 is now not opening in Win 98 after scanning with SPSeHjfix
Edited by smit.sanu, 26 July 2005 - 10:45 AM.