Help - Search - Members - Calendar
Full Version: Tons of problems
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
Sherman8r44
Dec 6 2005, 11:10 PM
Hi! I don't have much experience with this stuff so I'll just post my HJT log and describe some symptoms. I have been attacked three times w/spyware and trojans now and it is really starting to pi*s me off. Just on the Desktop there is "UnSpyPC", DAT files "1", "2", and "3", and "PSGuard". I ran the Trend Micro antivirus thingy and although it came up with 18 infections NONE could be cured. I downloaded spywareblaster 3.4 and it gives me "error code 4" or something like that. Internet Explorer has extra buttons under tools tab including "Sun Java Console" and "Scan and Protect PC." The computer is still rather slow and unstable, and when I tried to run Windows Update for my Windows ME system, I think everything stuck except for the Jscript 5.6 update. Which brings me to the fact that Java apps don't always work. PLEASE HELP ME!!! help.gif

Logfile of HijackThis v1.99.1
Scan saved at 6:07:36 PM, on 12/6/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\SAITEK\SAITEK GAMING EXTENSIONS\SAICNFIG.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\HPZTSB10.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\CA\ETRUST PESTPATROL\PPACTIVEDETECTION.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\GAMEUTIL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPTSKMGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
F1 - win.ini: run=C:\WINDOWS\HPFsched.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [SiSAudio] C:\WINDOWS\system\MP_S3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\PROGRAM FILES\CA\ETRUST PESTPATROL\PPACTIVEDETECTION.EXE"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\SYSTEM\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TEMP\IXP002.TMP\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: GameUtil.lnk = C:\WINDOWS\SYSTEM\GameUtil.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.systemquote.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://www.zonelabs.com
O15 - Trusted Zone: http://donwloads.zonelabs.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.114.12,85.255.112.83

THANKS IN ADVANCE!!!!!! ahah.gif
LoPhatPhuud
Dec 7 2005, 02:21 AM
Since you apparently did not run any AntiSpyware apps, that will be the first step. Run SpySweeper (free trial) according to the following instructions.


First:
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.


Second:
Download 'Autoruns' from here:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in this thread.


Last:
Run HiJackThis again and post a new log in this thread.
Sherman8r44
Dec 7 2005, 05:43 AM
I actually have run Spybot and Adaware, but that was about a week ago. I ran Spy Sweeper as you told me, but after scanning there was no next button--it told me I had to be a subscriber to remove stuff and I couldn't get a log.

Here is autoruns:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ CountrySelection PCTPTT.EXE PCtel, Inc. c:\windows\pctptt.exe

+ eTrust PestPatrol Active Protection eTrust PestPatrol background protection application Computer Associates c:\program files\ca\etrust pestpatrol\ppactivedetection.exe

+ Hidserv HID Audio Service Microsoft Corporation c:\windows\system\hidserv.exe

+ HP Component Manager HP Framework Component Manager Service Hewlett-Packard Company c:\program files\hp\hpcoretech\hpcmpmgr.exe

+ HP Software Update hpwuSchd Hewlett-Packard Company c:\program files\hewlett-packard\hp software update\hpwuschd2.exe

+ HPDJ Taskbar Utility  HP c:\windows\system\hpztsb10.exe

+ IrMon Infrared Monitor Microsoft Corporation c:\windows\system\irmon.exe

+ LoadPowerProfile Power Profile Helper DLL Microsoft Corporation c:\windows\system\powrprof.dll

+ LoadQM Microsoft QMgr Microsoft Corporation c:\windows\loadqm.exe

+ NvCplDaemon NVIDIA Taskbar Utility Library NVIDIA Corporation c:\windows\system\nvqtwk.dll

+ nwiz NVIDIA nView Wizard, Version 31.00 NVIDIA Corporation c:\windows\system\nwiz.exe

+ PCHealth PC Health Client Scheduling Application Microsoft Corporation c:\windows\pchealth\support\pchschd.exe

+ PCTVOICE pctvoice MFC Application 0 c:\windows\pctvoice.exe

+ PTSNOOP File not found: ptsnoop.exe

+ QuickTime Task Apple Computer, Inc. c:\windows\system\qttask.exe

+ SAITEKAUTOCONFIGURE Configures Controllers for Foreground Application Saitek plc c:\program files\saitek\saitek gaming extensions\saicnfig.exe

+ ScanRegistry Registry Checker Microsoft Corporation c:\windows\scanregw.exe

+ SiSAudio File not found: C:\WINDOWS\system\MP_S3.exe

+ SmcService Sygate Agent Firewall Sygate Technologies, Inc. c:\program files\sygate\spf\smc.exe

+ SpySweeper Spy Sweeper Client Executable Webroot Software, Inc. c:\program files\webroot\spy sweeper\spysweeper.exe

+ SystemTray System Tray Applet Microsoft Corporation c:\windows\system\systray.exe

+ TaskMonitor Task Monitor Microsoft Corporation c:\windows\taskmon.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

+ wextract_cleanup0 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

C:\WINDOWS\Start Menu\Programs\StartUp

+ GameUtil.lnk Gamma control, ATI overclock reset on resume, refresh rate hack, per game do stuff in general Byron Montgomerie c:\windows\system\gameutil.exe

+ Microsoft Office.lnk Microsoft Office XP component Microsoft Corporation c:\program files\microsoft office\office10\osa.exe

C:\WINDOWS\win.ini

+ C:\WINDOWS\HPFsched.exe c:\windows\hpfsched.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ SpybotSD TeaTimer System settings protector Safer Networking Limited c:\program files\spybot - search & destroy\teatimer.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Corporation c:\windows\system\iedkcs32.dll

+ CDSAMPLE Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ CRLUpdate UPDCRL Microsoft Corporation c:\windows\system\updcrl.exe

+ Internet Explorer 6 SP1 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system\ie4uinit.exe

+ Microsoft Outlook Express 6 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ Microsoft Web Publishing Wizard 1.6 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ Microsoft Windows Media Player 6.4 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ MSN Messenger 4.6 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ MSN-Migration Microsoft MSN Setup Microsoft Corporation c:\windows\msnmgsr1.exe

+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ Power Policy Settings Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ System Restore Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system\regsvr32.exe

+ Windows Movie Maker Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Accessibility Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - America Online Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Applets Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - AT&T WorldNet Service Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Calculator Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - CD Player Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Character Map Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Classic Games Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Clipboard Viewer Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Color Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Dial-Up Networking Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - DriveSpace Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Earthlink Internet Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - FAT32 Converter Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Fonts Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Home Networking Wizard Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - HyperTerminal Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Internet Games Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Links Bar c:\windows\command\sulfnbk.exe

+ Windows Setup - Messaging Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - More Applets Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Multimedia Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Multimedia Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Multimedia Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Multimedia Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Net Server Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Netwatch Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Online Services Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Paint Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Phone Dialer Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Plus! Games Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Prodigy Internet Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Setup Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Shell Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Shell Cursors Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Sound Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Sound Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Sound Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Sound Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Sound Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Start Menu Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Start Menu Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - System Information Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - System Information Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - System Meter Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - System Monitor Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Telephony Support Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - The Microsoft Network Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Volume Control Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Wordpad Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup -- Themes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ AUHook Microsoft AutoUpdate Microsoft Corporation c:\windows\system\auhook.dll

+ UPnPMonitor UPNP Tray Monitor and Folder Microsoft Corporation c:\windows\system\upnpui.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ &Links Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ ActiveDesktop Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system\occache.dll

+ Address Bar Parser Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Briefcase Folder Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Channel File Channel Definition File Viewer Microsoft Corporation c:\windows\system\cdfview.dll

+ Channel Handler Object Channel Definition File Viewer Microsoft Corporation c:\windows\system\cdfview.dll

+ Channel Menu Channel Definition File Viewer Microsoft Corporation c:\windows\system\cdfview.dll

+ Channel Properties Channel Definition File Viewer Microsoft Corporation c:\windows\system\cdfview.dll

+ Channel Shortcut Channel Definition File Viewer Microsoft Corporation c:\windows\system\cdfview.dll

+ CmdFileIcon Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Default Image Extrator for Properties Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Desktop Explorer NVIDIA Desktop Explorer, Version 31.00 NVIDIA Corporation c:\windows\system\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 31.00 NVIDIA Corporation c:\windows\system\nvshell.dll

+ Dial-Up Networking Dial-Up Networking User Interface Microsoft Corporation c:\windows\system\rnaui.dll

+ Display Control Panel HTML Extensions Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ File Property Page Extension Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ File Types Page Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Folder Options Property Page Extension Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Folder Shortcut Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ GDI+ file thumbnail extractor Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ History Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ HTML Thumbnail Extractor Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system\icmui.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Internet Name Space Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ InternetShortcut Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ IShellFolderBand Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ LNK file thumbnail interface delegator Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Media Band Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Menu Band Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Menu Desk Bar Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Menu Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Menu Site Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microangelo Context Menu Extension c:\windows\system\muangsys.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft CopyTo Service Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft MoveTo Service Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft New Object Service Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Microsoft Office HTML Icon Handler Microsoft Office XP component Microsoft Corporation c:\program files\microsoft office\office10\msohev.dll

+ Microsoft SendTo Service Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft Url History Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ MIME File Types Hook Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Mounted Volume Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ My Computer Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system\mydocs.dll

+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system\mydocs.dll

+ MyDocs Folder My Documents Folder UI Microsoft Corporation c:\windows\system\mydocs.dll

+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system\mydocs.dll

+ Office Graphics Filters Thumbnail Extractor Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Open With Context Menu Handler Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ PostAgent Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system\sendmail.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system\sendmail.dll

+ Shell Automation Folder View Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Shell Automation Service Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Shell Drag and Drop helper Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Shell extensions for Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system\wshext.dll

+ Shell Favorite Folder Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system\mstask.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ The Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Thumbnail Image Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Thumbnails Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Tracking Shell Menu Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Universal Plug and Play Devices UPNP Tray Monitor and Folder Microsoft Corporation c:\windows\system\upnpui.dll

+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Web Folders Microsoft Web Folders Microsoft Corporation c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll

+ Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

+ zipfldr.dll Microsoft Compressed Folders Shell Extension Microsoft Corporation c:\windows\system\zipfldr.dll

+ zipfldr.dll Microsoft Compressed Folders Shell Extension Microsoft Corporation c:\windows\system\zipfldr.dll

+ zipfldr.dll Microsoft Compressed Folders Shell Extension Microsoft Corporation c:\windows\system\zipfldr.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web Folders Microsoft Web Folders Microsoft Corporation c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ Image Property Extractor Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ ShAVColumnProvider class DocProp2 Microsoft Corporation c:\windows\system\docprop2.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class AcroIEHelper Module ( c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ AIM AOL Instant Messenger America Online, Inc. c:\program files\aim\aim.exe





AND MY NEW [PROBABLY UNCHANGED] HJT FILE:

Logfile of HijackThis v1.99.1
Scan saved at 12:40:57 AM, on 12/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\SAITEK\SAITEK GAMING EXTENSIONS\SAICNFIG.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\HPZTSB10.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CA\ETRUST PESTPATROL\PPACTIVEDETECTION.EXE
C:\WINDOWS\SYSTEM\GAMEUTIL.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
F1 - win.ini: run=C:\WINDOWS\HPFsched.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\PROGRAM FILES\CA\ETRUST PESTPATROL\PPACTIVEDETECTION.EXE"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [SiSAudio] C:\WINDOWS\system\MP_S3.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\SYSTEM\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TEMP\IXP002.TMP\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: GameUtil.lnk = C:\WINDOWS\SYSTEM\GameUtil.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.systemquote.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://www.zonelabs.com
O15 - Trusted Zone: http://donwloads.zonelabs.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...642/mcfscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.114.12,85.255.112.83

Thanks again!
LoPhatPhuud
Dec 8 2005, 01:31 AM
The SpySweeper error shold only happen if you have had it installed before and are past the trial period. We'll dispense with it for the time being and I suggest you uninstall the program since it ahs no value.

There was nothing in the Autoruns log either so part of your symptoms are puzzling since I can see no trace of infection. Perhaps leftover junk from already removed exploits.


First:
Download: CCleaner (freeware) http://www.ccleaner.com/
Once installed, run CCleaner click the Windows [tab] Select the following options: (not all are available for Win98/ME)
Next: click Options click Advanced
Uncheck: "Only delete files older than 48 hrs", click Ok Then click Run Cleaner (bottom right) then Exit

CCleaner should be run with the above settings for each user!


Next:
Run Check Disk in fix.
(Start -> Run -> chkdsk /f)

Then run Defrag.


Then post back and advise how your system is running any specific symptoms you have.
Sherman8r44
Dec 8 2005, 03:02 AM
Thanks for your help. The symptoms aren't really that active, just sometimes when running more than one major program, stuff stops responding. My [newly downloaded] firewall stops responding A LOT. And although nothing really bothers me, It is still wierd to see PSGuard, UnSpyPC, mysterious DAT files, and "Sun Java Console" and "Scan and Protect Your PC" (which I think is related to UnSpyPC) under tools. I guess that there are only fragments of these programs left because they don't badger me anymore (PSGuard used to be a PITA). I also know that "ptsnoop" is active on my system, though I'm not sure what it is. When I tried to run the program "SpywareBlaster", I got a code 4 error, which by searching I found out meant that I have malware on my system that for some reason prevents it from running. And I'm still not sure why I always have some sort of problem with things closing and other things not installing when I try to WindowsUpdate.
LoPhatPhuud
Dec 8 2005, 03:20 AM
Do an online scan here: http://www.kaspersky.com/virusscanner

Kaspersky should be able to catch any remnants.

:Let me know if performance improves.
Sherman8r44
Dec 8 2005, 04:45 AM
I did the scan but there was no way to remove anything...
LoPhatPhuud
Dec 8 2005, 04:58 AM
I was interested in the results of the Kaspersky scan. That would reveal what, if anything was hiding.

Try this...

Run an online antivirus check from at least one and preferably 2 of the following sites....
http://virusscan.jotti.org/
http://info.ahnlab.com/english/
http://www.kaspersky.com/remoteviruschk.html
http://www.dials.ru/english/www_av/
http://security.symantec.com/default.asp?
http://www.pcpitstop.com/pcpitstop/AntiVirusCntr.asp
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/

Remove all that is found.
Sherman8r44
Dec 9 2005, 03:14 AM
Just FYI, here are the results from the Symantec scan:

c:\WINDOWS\SYSTEM\oleext.dll is infected with Trojan.Desktophijack.B
c:\WINDOWS\SYSTEM\WININET.DLL is infected with Trojan.Alemod
c:\WINDOWS\SYSTEM\sphlp32.exe is infected with Adware.Livechat
c:\WINDOWS\SYSTEM\dmyxg.exe is infected with Download.Trojan
c:\_RESTORE\TEMP\A10101~1.0 is infected with Trojan.Desktophijack.B
c:\_RESTORE\TEMP\A0121567.CPY is infected with Trojan.Desktophijack.B
c:\_RESTORE\TEMP\A0150374.CPY is infected with Download.Trojan
c:\_RESTORE\TEMP\A0150415.CPY is infected with Download.Trojan
c:\_RESTORE\TEMP\A0150421.CPY is infected with Download.Trojan
c:\_RESTORE\TEMP\A0151488.CPY is infected with Download.Trojan
c:\_RESTORE\TEMP\A0151508.CPY is infected with Download.Trojan
c:\_RESTORE\TEMP\A0151524.CPY is infected with Download.Trojan

I didn't know how to remove any of it tho, so I'll try a few other antivirus programs that you listed.
LoPhatPhuud
Dec 9 2005, 03:30 AM
The hits inc:\_RESTORE\ are your system restore area and can be removed by resetting it.

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows ME.......why?

One of the best features of Windows ME is the System Restore option, however if a virus infects a computer with this operating system the virus can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after a virus removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows ME)
To disable System Restore:
1. Right-click My Computer, and then click Properties.
2. On the Performance tab, click File System, or press ALT+F.
3. On the Troubleshooting tab, click to select the Disable System Restore check box.
4. Click OK twice, and then click Yes when you are prompted to restart the computer.
5. To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

How to Enable and Disable System Restore (Windows ME)
http://support.microsoft.com/default.aspx?...kb;en-us;264887


Next, search your system for the following file:
wininet.dll

Note where all the copies are:

Then boot into Safe Mode and delete the following files:
c:\WINDOWS\SYSTEM\oleext.dll is infected with Trojan.Desktophijack.B
c:\WINDOWS\SYSTEM\sphlp32.exe is infected with Adware.Livechat
c:\WINDOWS\SYSTEM\dmyxg.exe is infected with Download.Trojan

If there is at least one more copy of wininet.dll, the delete this one as well
c:\WINDOWS\SYSTEM\WININET.DLL is infected with Trojan.Alemod

You need to copy a good version to C:\Windows\System\ to replace the one you just deleted. Do not delete if there is only one copy!!


Then post back here and advise your system status
Sherman8r44
Dec 9 2005, 07:39 PM
Here were my results:
1. Only one copy of WININET.DLL, so I didn't delete it.
2. I tried to delete oleext.dll, but an error message came up saying "cannot delete oleext: The specified file is being used by Windows.
3. There is no sphlp32.exe, so I guess that's a good thing.
4. Successfully deleted dmyxg.exe.

BTW there is a folder called "backups" on my comp. that had not been there until a couple of days ago.

Any suggestions?

Thanks
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.