Options
hijack log any help please?
I have tried my best - but its just not enough to resolve the prob.
ANy help would be fabulous
Logfile of HijackThis v1.98.2
Scan saved at 10:37:23 PM, on 08/25/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
F:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\D3EC.EXE
C:\Tools_95\Register\REMIND.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
F:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\WINDOWS\FSSCRCTL.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about_:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about_:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about_:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exe
O2 - BHO: Class - {57031518-1EF5-9E36-92EF-3E4E0944F8D1} - C:\WINDOWS\NTML32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\SYSTEM\pc32.exe bg
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG_CC] F:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] F:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [D3EC.EXE] C:\WINDOWS\SYSTEM\D3EC.EXE
O4 - HKCU\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00127\GD-DIAL.EXE -remove
O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
O4 - Startup: Shortcut to FSScrCtl.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Liatro SWF Decoder Catch - G:\PROGRAM FILES\LIATRO\LIATRO SWF DECODER 4.5\swfcatch.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O13 - WWW. Prefix: http://
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: Yahoo! PagerLite - http://jpager.yahoo.com/m6/msgr.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://www.rsvp.com.au:4080/chat/da...sie/msichat.ocx
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c371/chat.cab
O16 - DPF: {18000D07-72C4-11D4-B4BD-004026422A29} (Hot_net Control) - http://www.wakibara.com/Hot_net.CAB
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/ticker.cab
O16 - DPF: {1D7532CE-995B-40F2-8C17-2E01AF16FFAC} (XChoco.XChocoCtl) - http://www.eromax.com/cab/XChoco.CAB
O16 - DPF: {B15108AA-D8D0-480D-B535-07E18D6549A8} (XBurger.XBurgerCtl) - http://www.eromax.com/cab/XBurger.CAB
O16 - DPF: {41770406-8D8B-4E77-81BD-459F191F4347} (XEng003.XEng003Ctl) - http://cutygirls.net/pink/003/XEng003.CAB
O16 - DPF: {A5E3B21E-CCBB-450E-9D0C-EEF06076B856} (XEng026.XEng026Ctl) - http://iii.tv/pink/026/XEng026.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {25835E8C-225A-46F0-898A-3A96E43D7929} (XJp.XJpCtl) - http://fever.18x.cx/exe/j0082.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yah...ebio5_0_2_7.cab
O16 - DPF: {DCF96DA0-ED33-40FF-B83E-AB7011C2BA7E} (Dialer Class) - http://blizzard.isprime.com/dialers/1339.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//paxan/main.chm::/load.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/powertools.cab
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} - file://C:\WINDOWS\SYSTEM\SearchBar\popblocker.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ozemail
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 210.80.58.34,210.80.58.42
O21 - SSODL: System - {B0ED6A40-F195-11D8-BC7E-000D88E3219C} - C:\WINDOWS\system32\system32.dll (file missing)
ANy help would be fabulous
Logfile of HijackThis v1.98.2
Scan saved at 10:37:23 PM, on 08/25/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
F:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\D3EC.EXE
C:\Tools_95\Register\REMIND.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
F:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\WINDOWS\FSSCRCTL.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about_:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about_:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about_:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exe
O2 - BHO: Class - {57031518-1EF5-9E36-92EF-3E4E0944F8D1} - C:\WINDOWS\NTML32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\SYSTEM\pc32.exe bg
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG_CC] F:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] F:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [D3EC.EXE] C:\WINDOWS\SYSTEM\D3EC.EXE
O4 - HKCU\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00127\GD-DIAL.EXE -remove
O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
O4 - Startup: Shortcut to FSScrCtl.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Liatro SWF Decoder Catch - G:\PROGRAM FILES\LIATRO\LIATRO SWF DECODER 4.5\swfcatch.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O13 - WWW. Prefix: http://
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: Yahoo! PagerLite - http://jpager.yahoo.com/m6/msgr.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://www.rsvp.com.au:4080/chat/da...sie/msichat.ocx
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c371/chat.cab
O16 - DPF: {18000D07-72C4-11D4-B4BD-004026422A29} (Hot_net Control) - http://www.wakibara.com/Hot_net.CAB
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/ticker.cab
O16 - DPF: {1D7532CE-995B-40F2-8C17-2E01AF16FFAC} (XChoco.XChocoCtl) - http://www.eromax.com/cab/XChoco.CAB
O16 - DPF: {B15108AA-D8D0-480D-B535-07E18D6549A8} (XBurger.XBurgerCtl) - http://www.eromax.com/cab/XBurger.CAB
O16 - DPF: {41770406-8D8B-4E77-81BD-459F191F4347} (XEng003.XEng003Ctl) - http://cutygirls.net/pink/003/XEng003.CAB
O16 - DPF: {A5E3B21E-CCBB-450E-9D0C-EEF06076B856} (XEng026.XEng026Ctl) - http://iii.tv/pink/026/XEng026.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {25835E8C-225A-46F0-898A-3A96E43D7929} (XJp.XJpCtl) - http://fever.18x.cx/exe/j0082.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yah...ebio5_0_2_7.cab
O16 - DPF: {DCF96DA0-ED33-40FF-B83E-AB7011C2BA7E} (Dialer Class) - http://blizzard.isprime.com/dialers/1339.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//paxan/main.chm::/load.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/powertools.cab
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} - file://C:\WINDOWS\SYSTEM\SearchBar\popblocker.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ozemail
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 210.80.58.34,210.80.58.42
O21 - SSODL: System - {B0ED6A40-F195-11D8-BC7E-000D88E3219C} - C:\WINDOWS\system32\system32.dll (file missing)
0
Comments
Remove the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about_:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about_:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about_:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exe
O2 - BHO: Class - {57031518-1EF5-9E36-92EF-3E4E0944F8D1} - C:\WINDOWS\NTML32.DLL
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\SYSTEM\pc32.exe bg
O4 - HKLM\..\RunServices: [D3EC.EXE] C:\WINDOWS\SYSTEM\D3EC.EXE
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00127\GD-DIAL.EXE -remove
O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows
O13 - WWW. Prefix: http://
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: Yahoo! PagerLite - http://jpager.yahoo.com/m6/msgr.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://www.rsvp.com.au:4080/chat/da...sie/msichat.ocx
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c371/chat.cab
O16 - DPF: {18000D07-72C4-11D4-B4BD-004026422A29} (Hot_net Control) - http://www.wakibara.com/Hot_net.CAB
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/ticker.cab
O16 - DPF: {1D7532CE-995B-40F2-8C17-2E01AF16FFAC} (XChoco.XChocoCtl) - http://www.eromax.com/cab/XChoco.CAB
O16 - DPF: {B15108AA-D8D0-480D-B535-07E18D6549A8} (XBurger.XBurgerCtl) - http://www.eromax.com/cab/XBurger.CAB
O16 - DPF: {41770406-8D8B-4E77-81BD-459F191F4347} (XEng003.XEng003Ctl) - http://cutygirls.net/pink/003/XEng003.CAB
O16 - DPF: {A5E3B21E-CCBB-450E-9D0C-EEF06076B856} (XEng026.XEng026Ctl) - http://iii.tv/pink/026/XEng026.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {25835E8C-225A-46F0-898A-3A96E43D7929} (XJp.XJpCtl) - http://fever.18x.cx/exe/j0082.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yah...ebio5_0_2_7.cab
O16 - DPF: {DCF96DA0-ED33-40FF-B83E-AB7011C2BA7E} (Dialer Class) - http://blizzard.isprime.com/dialers/1339.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//paxan/main.chm::/load.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/powertools.cab
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} - file://C:\WINDOWS\SYSTEM\SearchBar\popblocker.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O21 - SSODL: System - {B0ED6A40-F195-11D8-BC7E-000D88E3219C} - C:\WINDOWS\system32\system32.dll (file missing)
Then you should boot into DOS mode and MANUALLY SEARCH FOR AND DELETE THE FOLLOWING FILES:
C:\WINDOWS\aewpj.dll
C:\WINDOWS\NTML32.DLL
C:\WINDOWS\system32\system32.dll
c:\program files\GlobalDialer\ (delete the whole GLobalDialer folder)
C:\WINDOWS\SYSTEM\pc32.exe
C:\Program Files\Internet Explorer\IEengine.exe
C:\WINDOWS\SYSTEM\D3EC.EXE
Try that, post a new HJT log when you're done.
C:\WINDOWS\NTML32.DLL
C:\WINDOWS\system32\system32.dll
c:\program files\GlobalDialer\ (delete the whole GLobalDialer folder)
C:\Program Files\Internet Explorer\IEengine.exe
these files werent found
Logfile of HijackThis v1.98.2
Scan saved at 6:14:16 PM, on 08/27/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
F:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
F:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\WINDOWS\FSSCRCTL.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
F:\PROGRAM FILES\GRISOFT\AVG6\AVGW.EXE
E:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aewpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {57031518-1EF5-9E36-92EF-3E4E0944F8D1} - C:\WINDOWS\NTML32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\SYSTEM\pc32.exe bg
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG_CC] F:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] F:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [D3EC.EXE] C:\WINDOWS\SYSTEM\D3EC.EXE
O4 - HKLM\..\RunServices: [MSWX32.EXE] C:\WINDOWS\MSWX32.EXE
O4 - HKLM\..\RunServices: [NETAH.EXE] C:\WINDOWS\SYSTEM\NETAH.EXE
O4 - HKLM\..\RunServices: [NTZM32.EXE] C:\WINDOWS\NTZM32.EXE
O4 - HKCU\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00127\GD-DIAL.EXE -remove
O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
O4 - Startup: Shortcut to FSScrCtl.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Liatro SWF Decoder Catch - G:\PROGRAM FILES\LIATRO\LIATRO SWF DECODER 4.5\swfcatch.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O13 - WWW. Prefix: http://
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: Yahoo! PagerLite - http://jpager.yahoo.com/m6/msgr.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://www.rsvp.com.au:4080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c371/chat.cab
O16 - DPF: {18000D07-72C4-11D4-B4BD-004026422A29} (Hot_net Control) - http://www.wakibara.com/Hot_net.CAB
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/ticker.cab
O16 - DPF: {1D7532CE-995B-40F2-8C17-2E01AF16FFAC} (XChoco.XChocoCtl) - http://www.eromax.com/cab/XChoco.CAB
O16 - DPF: {B15108AA-D8D0-480D-B535-07E18D6549A8} (XBurger.XBurgerCtl) - http://www.eromax.com/cab/XBurger.CAB
O16 - DPF: {41770406-8D8B-4E77-81BD-459F191F4347} (XEng003.XEng003Ctl) - http://cutygirls.net/pink/003/XEng003.CAB
O16 - DPF: {A5E3B21E-CCBB-450E-9D0C-EEF06076B856} (XEng026.XEng026Ctl) - http://iii.tv/pink/026/XEng026.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {25835E8C-225A-46F0-898A-3A96E43D7929} (XJp.XJpCtl) - http://fever.18x.cx/exe/j0082.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {DCF96DA0-ED33-40FF-B83E-AB7011C2BA7E} (Dialer Class) - http://blizzard.isprime.com/dialers/1339.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//paxan/main.chm::/load.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewizzle.com/installfiles/powertools.cab
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} - file://C:\WINDOWS\SYSTEM\SearchBar\popblocker.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ozemail
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 210.80.58.34,210.80.58.42
O21 - SSODL: System - {B0ED6A40-F195-11D8-BC7E-000D88E3219C} - C:\WINDOWS\system32\system32.dll (file missing)
Read my post in this thread. I believe it's post #4. You'll have to use DOS commands to get rid of these things.