Post by: Guest_charmagne_* on March 28, 2005, 09:44:04 AM
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> Logfile of HijackThis v1.99.1
Scan saved at 6:18:20 PM, on 3/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\VIRTUAL CD V4\SYSTEM\VCDPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SADBLOCK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\VIRTUAL CD V4\SYSTEM\VCDTRAY.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\PROGRAM FILES\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL
O2 - BHO: (no name) - {1F02FBE4-9EEC-11D9-8CA2-00503356D095} - [SABInprocServer32] (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\SYSTEM\VCDPLAY.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [Caffe-Client] c:\program files\Caffe\Client.exe
O4 - HKCU\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Folder.htt
O4 - Global Startup: Folder.htt
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1
O18 - Filter: text/html - {B9DE0860-9BF1-11D9-8CA2-00503D9C2581} - C:\WINDOWS\SYSTEM\CFMN.DLL
O18 - Filter: text/plain - {B9DE0860-9BF1-11D9-8CA2-00503D9C2581} - C:\WINDOWS\SYSTEM\CFMN.DLL
here's startdreck log...
StartDreck (build 2.1.7 public stable) - 2005-03-27 @ 18:31:30 (GMT -08:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2600.0000
Logged in as pc25 at PC25
»Registry
»Run Keys
»Current User
»Run
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
*NVIEW=rundll32.exe nview.dll,nViewLoadHook
*Yahoo! Pager=C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
*Caffe-Client=c:\program files\Caffe\Client.exe
*Tweak UI=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
»RunOnce
»Default User
»Run
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
*NVIEW=rundll32.exe nview.dll,nViewLoadHook
*Yahoo! Pager=C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
*Caffe-Client=c:\program files\Caffe\Client.exe
*Tweak UI=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*VCDPlayer=C:\PROGRA~1\VIRTUA~1\SYSTEM\VCDPLAY.EXE
*sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*SABBHO.SuperAdBlockerBHO.1/{00000000-6C30-11D8-9363-000AE6309654}
`InprocServer32=C:\PROGRAM FILES\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SABBHO.DLL
*{61B0FE6E-9EEC-11D9-8CA2-0050B33E15DC}
`InprocServer32=C:\WINDOWS\SYSTEM\CFMN.DLL
»Files
»System/Drivers
»Running Processes
+FFCF86F9=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFC6D9=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFFC849=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFE46F9=C:\WINDOWS\SYSTEM\MSTASK.EXE
+FFFE49C5=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE8FD5=C:\WINDOWS\EXPLORER.EXE
+FFFED459=C:\WINDOWS\TASKMON.EXE
+FFFEDB25=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFD1B79=C:\WINDOWS\RUNDLL32.EXE
+FFFD63DD=C:\PROGRAM FILES\VIRTUAL CD V4\SYSTEM\VCDPLAY.EXE
+FFFDB4DD=C:\WINDOWS\RUNDLL32.EXE
+FFFD1EBD=C:\WINDOWS\RUNDLL32.EXE
+FFFC4039=C:\PROGRAM FILES\SUPERADBLOCKER.COM\SUPER AD BLOCKER\SADBLOCK.EXE
+FFFCCECD=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFFB7D0D=C:\WINDOWS\RUNDLL32.EXE
+FFFDF0FD=C:\WINDOWS\SYSTEM\WMIEXE.EXE
+FFFB540D=C:\PROGRAM FILES\VIRTUAL CD V4\SYSTEM\VCDTRAY.EXE
+FFFA336D=C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
+FFFC36AD=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFCF0DE9=C:\WINDOWS\NOTEPAD.EXE
+FFF506FD=C:\WINDOWS\TEMP\RAR$EX02.337\STARTDRECK.EXE
»Application specific
please help me get away with this
/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> thanks in advance