johnnymcsponge
Beta member
- Messages
- 3
My computer's been infected with a program that's put an application on my desktop with the name 'Access Members Area' for some dodgy website and keeps throwing up boxes getting me to call a $1.50 number through my midem. I've tried to get rid of it using AVG, but that's not worked. I'm sure there's other problems as well slowing down the performance fo my computer. Can anybody help?
-----
Logfile of HijackThis v1.99.1
Scan saved at 13:38:51, on 26/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\KERNELS32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\E_S4I0S2.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WIN32.EXE
C:\WINDOWS\APPLICATION DATA\BSTS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\SVCHOST.EXE
C:\WINDOWS\SYSTEM\VXGAMET2.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://top-find4u.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL (file missing)
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\KJWE.DLL
O2 - BHO: ActiveX Control - {67F666E0-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\MSWYC.DLL (file missing)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\IE2CLTR.DLL
O2 - BHO: IE SP2 AddOn - {794A21C0-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\SPAKA.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\IE2CLTR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\SYSTEM\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O7 "EPUSB1:" /M "Stylus C66"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\SVCHOST.EXE /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\SYSTEM\win32.exe
O4 - HKCU\..\Run: [Shsl] C:\WINDOWS\Application Data\bsts.exe
O4 - HKCU\..\RunServices: [wupd] C:\WINDOWS\SYSTEM\win32.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {8041E260-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8041E260-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {8041E260-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8041E260-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin6.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/336//main.chm::/update.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets...refid=3548
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll
O21 - SSODL: System - {79CEE220-CD66-11D9-981A-444553540000} - vr_sys.dll (file missing)
-----
-----
Logfile of HijackThis v1.99.1
Scan saved at 13:38:51, on 26/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\KERNELS32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\E_S4I0S2.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WIN32.EXE
C:\WINDOWS\APPLICATION DATA\BSTS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\SVCHOST.EXE
C:\WINDOWS\SYSTEM\VXGAMET2.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://top-find4u.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL (file missing)
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\KJWE.DLL
O2 - BHO: ActiveX Control - {67F666E0-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\MSWYC.DLL (file missing)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\IE2CLTR.DLL
O2 - BHO: IE SP2 AddOn - {794A21C0-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\SPAKA.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\IE2CLTR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\SYSTEM\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O7 "EPUSB1:" /M "Stylus C66"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\SVCHOST.EXE /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\SYSTEM\win32.exe
O4 - HKCU\..\Run: [Shsl] C:\WINDOWS\Application Data\bsts.exe
O4 - HKCU\..\RunServices: [wupd] C:\WINDOWS\SYSTEM\win32.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {8041E260-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8041E260-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {8041E260-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8041E260-CD66-11D9-981A-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin6.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/336//main.chm::/update.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets...refid=3548
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll
O21 - SSODL: System - {79CEE220-CD66-11D9-981A-444553540000} - vr_sys.dll (file missing)
-----