Hey...
Hey...I got some problems, and I don't know how to fix it. I ran spybot and adaware, but it has not helped, so heres my log. Thanks.
Logfile of HijackThis v1.98.2
Scan saved at 8:55:07 PM, on 9/12/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\AVPERSONAL\AVSCHED32.EXE
C:\PROGRAM FILES\CONFIGURATION UTILITY\TASKBAR.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\NEW FOLDER\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchs.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thesearchs.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thesearchs.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchs.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchs.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://thesearchs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=gim
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=gim
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Search - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\SYSTEM\JFI.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [MsSystem] c:\mssys.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\PROGRAM FILES\AVPERSONAL\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - Startup: taskbar.lnk = C:\Program Files\Configuration Utility\taskbar.exe
O4 - User Startup: taskbar.lnk = C:\Program Files\Configuration Utility\taskbar.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft® VBScript® Console - {BEA621C0-EBBB-11D8-BD95-00024483AB31} - (no file)
O9 - Extra 'Tools' menuitem: VBScript Terminal - {BEA621C0-EBBB-11D8-BD95-00024483AB31} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Microsoft® VBScript® Terminal - {BEA621C0-EBBB-11D8-BD95-00024483AB31} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: VBScript Terminal - {BEA621C0-EBBB-11D8-BD95-00024483AB31} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.klikeuro.nl/cab/EasyWebInstaller.cab
O16 - DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} (MaxisSimCity3TeleX Control) - http://simcity3000unlimited.ea.com/teleport/simcity/MaxisSimCity3TeleX.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
Logfile of HijackThis v1.98.2
Scan saved at 8:55:07 PM, on 9/12/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\AVPERSONAL\AVSCHED32.EXE
C:\PROGRAM FILES\CONFIGURATION UTILITY\TASKBAR.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\NEW FOLDER\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchs.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thesearchs.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thesearchs.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchs.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchs.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://thesearchs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=gim
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=gim
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Search - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\SYSTEM\JFI.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [MsSystem] c:\mssys.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\PROGRAM FILES\AVPERSONAL\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - Startup: taskbar.lnk = C:\Program Files\Configuration Utility\taskbar.exe
O4 - User Startup: taskbar.lnk = C:\Program Files\Configuration Utility\taskbar.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft® VBScript® Console - {BEA621C0-EBBB-11D8-BD95-00024483AB31} - (no file)
O9 - Extra 'Tools' menuitem: VBScript Terminal - {BEA621C0-EBBB-11D8-BD95-00024483AB31} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Microsoft® VBScript® Terminal - {BEA621C0-EBBB-11D8-BD95-00024483AB31} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: VBScript Terminal - {BEA621C0-EBBB-11D8-BD95-00024483AB31} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.klikeuro.nl/cab/EasyWebInstaller.cab
O16 - DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} (MaxisSimCity3TeleX Control) - http://simcity3000unlimited.ea.com/teleport/simcity/MaxisSimCity3TeleX.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
0
This discussion has been closed.
Comments
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchs.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thesearchs.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thesearchs.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchs.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchs.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://thesearchs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=gim
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=gim
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Search - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\SYSTEM\JFI.DLL
O4 - HKLM\..\Run: [MsSystem] c:\mssys.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - Startup: taskbar.lnk = C:\Program Files\Configuration Utility\taskbar.exe
O4 - User Startup: taskbar.lnk = C:\Program Files\Configuration Utility\taskbar.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft® VBScript® Console - {BEA621C0-EBBB-11D8-BD95-00024483AB31} - (no file)
O9 - Extra 'Tools' menuitem: VBScript Terminal - {BEA621C0-EBBB-11D8-BD95-00024483AB31} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.klikeuro.nl/cab/EasyWebInstaller.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
Reboot, and then post a new log.
Logfile of HijackThis v1.98.2
Scan saved at 12:18:24 AM, on 9/13/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\AVPERSONAL\AVSCHED32.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\NEW FOLDER\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\PROGRAM FILES\AVPERSONAL\AVSCHED32.EXE /min
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {69F497FB-5082-4EA4-9305-9E19F20A2BFF} (MaxisSimCity3TeleX Control) - http://simcity3000unlimited.ea.com/teleport/simcity/MaxisSimCity3TeleX.cab