HiJack This log please help gotta get rid of CWS

Logfile of HijackThis v1.98.2
Scan saved at 5:35:36 PM, on 02/17/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version! thats what it says but i am using IE 6.0

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AVANT BROWSER\AVANT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: (no name) - {5E561166-7ECB-11D9-A799-0006CE76B688} - C:\WINDOWS\SYSTEM\HGNF.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Filter: text/html - {063C89E0-8075-11D9-A799-0006195EEA9C} - C:\WINDOWS\SYSTEM\HGNF.DLL
O18 - Filter: text/plain - {063C89E0-8075-11D9-A799-0006195EEA9C} - C:\WINDOWS\SYSTEM\HGNF.DLL

---------------------------------------------------------------------------
Don't know if this will help but here is my PrcView

AVANT.EXE 4290971027 C:\PROGRAM FILES\AVANT BROWSER\AVANT.EXE Avant Browser 10.0.
DDHELP.EXE 4291049083 C:\WINDOWS\SYSTEM\DDHELP.EXE Microsoft DirectX Helper 4.09.00.0900. Copyright © Microsoft Corp. 1994-2002
EXPLORER.EXE 4294868111 C:\WINDOWS\EXPLORER.EXE Windows Explorer 4.72.3110.1. Copyright (C) Microsoft Corp. 1981-1997
IEXPLORE.EXE 4291054227 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Internet Explorer 6.00.2800.1106. © Microsoft Corporation. All rights reserved.
KERNEL32.DLL 4291790467 C:\WINDOWS\SYSTEM\KERNEL32.DLL Win32 Kernel core component 4.10.2222. Copyright (C) Microsoft Corp. 1991-1999
MMTASK 4294846899 C:\WINDOWS\SYSTEM\mmtask.tsk Multimedia background task support module 4.03.1998. Copyright © Microsoft Corp. 1991-1998
MPREXE.EXE 4294952575 C:\WINDOWS\SYSTEM\MPREXE.EXE WIN32 Network Interface Service Process 4.10.1998. Copyright (C) Microsoft Corp. 1993-1998
MSGSRV32 4294963695 C:\WINDOWS\SYSTEM\MSGSRV32.EXE Windows 32-bit VxD Message Server 4.10.2222. Copyright (C) Microsoft Corp. 1992-1998
PELMICED.EXE 4290839663 C:\WINDOWS\SYSTEM\PELMICED.EXE Mouse Suite 98 Daemon 1.0.0.0. Copyright (c) 1997, Primax Electronics Ltd.
PRCVIEW.EXE 4290963879 C:\UNZIPPED\PRCVIEW[1]\PRCVIEW.EXE Process Viewer Application 3.7.2.5. Developed by Igor Nys, 1995-2002
PSTORES.EXE 4291079335 C:\WINDOWS\SYSTEM\PSTORES.EXE Protected storage server 5.00.1877.3. Copyright (C) Microsoft Corp. 1981-1998
QTTASK.EXE 4290893951 C:\WINDOWS\SYSTEM\QTTASK.EXE QuickTime QuickTime 6.5. © Apple Computer, Inc. 2001-2004
RUNDLL32.EXE 4290788399 C:\WINDOWS\RUNDLL32.EXE Run a DLL as an App 4.10.1998. Copyright (C) Microsoft Corp. 1991-1998
SPOOL32.EXE 4291154431 C:\WINDOWS\SYSTEM\SPOOL32.EXE Spooler Sub System Process 4.10.1998. Copyright (C) Microsoft Corp. 1994 - 1998
STIMON.EXE 4290878459 C:\WINDOWS\SYSTEM\STIMON.EXE Still Image Devices Monitor 4.10.2222. Copyright (C) Microsoft Corp. 1996-1998
TASKMON.EXE 4290891187 C:\WINDOWS\TASKMON.EXE Task Monitor 4.10.1998. Copyright (C) Microsoft Corp. 1998

 

Please download the latest version of HijackThis and post a new log.

http://radiosplace.com/

 

Thanks here is the new Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:35:37 PM, on 02/18/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ARES LITE EDITION\ARESLITE.EXE
C:\PROGRAM FILES\AVANT BROWSER\AVANT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\UV2JW9OR\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: (no name) - {5E561166-7ECB-11D9-A799-0006CE76B688} - C:\WINDOWS\SYSTEM\HGNF.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &AIM Search - res://C:\PROGRA~1\AIMTOO~1\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm
O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm
O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Filter: text/html - {063C89E0-8075-11D9-A799-0006195EEA9C} - C:\WINDOWS\SYSTEM\HGNF.DLL
O18 - Filter: text/plain - {063C89E0-8075-11D9-A799-0006195EEA9C} - C:\WINDOWS\SYSTEM\HGNF.DLL

 

Download: "StartDreck ", from here:
http://members.blackbox.net/hp_links/21/ni.../startdreck.htm

Unzip to its own folder and start the program,

Press 'Config'
Press 'Unmark All'

Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'

Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Post the log in this thread.

 

Here it is

StartDreck (build 2.1.7 public stable) - 2005-02-19 @ 19:16:11 (GMT -06:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2800.1106
Logged in as Preferred Customer at A0B6X1

»Registry
»Run Keys
»Current User
»Run
*Spyware Doctor= "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
»RunOnce
»Default User
»Run
*Spyware Doctor= "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*Mouse Suite 98 Daemon=PELMICED.EXE
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*TaskMonitor=C:\WINDOWS\taskmon.exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*QuickTime Task= "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
»RunOnce
»RunServices
»RunServicesOnce
**ouhe=rundll32 C:\WINDOWS\SYSTEM\SQLMJBC.DLL,StreamingDeviceSetup
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
+FFCF9DA3=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFEACF=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFFE227=C:\WINDOWS\SYSTEM\SPOOL32.EXE
+FFFFD06B=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFE87C3=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFEF5A7=C:\WINDOWS\RUNDLL32.EXE
+FFFEF2BB=C:\WINDOWS\EXPLORER.EXE
+FFC1FBA7=C:\WINDOWS\SYSTEM\PELMICED.EXE
+FFC1DCE3=C:\WINDOWS\SYSTEM\STIMON.EXE
+FFC02D5B=C:\WINDOWS\TASKMON.EXE
+FFC01163=C:\WINDOWS\SYSTEM\QTTASK.EXE
+FFC07907=C:\WINDOWS\RUNDLL32.EXE
+FFC066DF=C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
+FFC573DB=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFC5292F=C:\PROGRAM FILES\AVANT BROWSER\AVANT.EXE
+FFC5B457=C:\WINDOWS\SYSTEM\PSTORES.EXE
+FFC487CF=C:\UNZIPPED\STARTDRECK[1]\STARTDRECK.EXE
»Application specific

 

If you don't have Ad-aware SE 1.05, download it from my signature, install and check for updates. If you have it already, check for updates.

Download CWShredder 2.0 from here. Save it to the desktop. Double click to install.

Create a new folder named HJT and place HijackThis.exe in it. Scan again and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {5E561166-7ECB-11D9-A799-0006CE76B688} - C:\WINDOWS\SYSTEM\HGNF.DLL
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O18 - Filter: text/html - {063C89E0-8075-11D9-A799-0006195EEA9C} - C:\WINDOWS\SYSTEM\HGNF.DLL
O18 - Filter: text/plain - {063C89E0-8075-11D9-A799-0006195EEA9C} - C:\WINDOWS\SYSTEM\HGNF.DLL


Go to start>run and type msconfig, hit enter. On the General tab click the advanced button. Check the box to 'enable start menu' and OK out. DO NOT allow restart.


Download: "Win98Fix.zip" from here:

http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm

Unzip to its own folder. Open Folder and double click on the RunFix.reg file. Click yes to merge it into your registry. Restart your computer and choose safe mode.

You will need to show hidden files and folders.

Open CWShredder from the new shortcut on the desktop, close ALL other windows and click fix.

Open C:\WINDOWS\SYSTEM and locate the file SQLMJBC.DLL
Right click, select 'Properties' and remove any 'Read only' protection.
Right click again and select 'Delete'.

Open C:\Temp (if present), select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Applog, select all and delete.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.

Open Ad-aware and run a full scan. Delete all it finds.

Open My Computer and right click Local Disk C:, then choose disk cleanup. Check all boxes and click OK.
Uncheck the box to 'enable start menu' in msconfig and OK out. Reboot.

Back in Windows, scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log.