Win86.exe problem

adeuk · 10-03-2004, 05:47 AM

Hi, I'm a newbie & not very computer minded so please be gentle with me!

I've recently encountered a problem where every few seconds my connection manager pops up with the message 'The program "win86.exe" has requested access to the internet. Please 'connect' to dial.

I've done a search & it seems to be linked to a spyware/adware problem but I'm not sure.

I've run Spywarebegone & the online virus scan TrendMicro but the problem still exists. I've tried to run Ad-aware as advised but can't get it to run.

Please could somebody tell me how to fix this problem. I would be very grateful. Thank you.

Logfile of HijackThis v1.98.2
Scan saved at 11:36:58, on 03/10/04
Platform: Windows 95 B (Win9x 4.00.1212)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\TBRIDGE\FLATBED.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\WIN86.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\XP3Y5G3I\HIJACKTHIS[1].EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F1 - win.ini: load=C:\TBridge\Flatbed.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [QTWFIX] RunDLL.exe setupx.dll,InstallHinfSection RunFix 132 c:\windows\INF\qtwfix.inf
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\PROGRAM FILES\REAL\REALJUKEBOX\tsystray.exe"
O4 - HKLM\..\Run: [breathe] rundll32 C:\PROGRA~1\VISP\RyDial.dll,QuickStart
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Spyware Begone] C:\SPYWAREBEGONE\SPYWAREBEGONE.EXE -FastScan
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

**jgvernonco** · 10-03-2004, 10:26 AM

Howdy!

Download CWShredder and click on Fix (it will automatically fix anything it finds for you). If it asks if you want to delete a certain random file, choose No and post that filename here.

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures
below.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure
that the System Files and Folders are showing/visible also.

Reboot into Safe Mode (hit F8 key until menu shows up).

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click
Kill process for each one if they are still listed (they shouldn't be - but double check it):

ifmjet.exe
WIN86.EXE

Check and fix the following in HijackThis if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [ifmjet] C:\WINDOWS\ifmjet.exe
O4 - HKLM\..\Run: [howhvsvjt] C:\WINDOWS\system32\dvzbzsfd.exe
C:\WINDOWS\WIN86.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
O4 - HKLM\..\Run: [WinInit] Win86.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them)
and delete them if they exist:

C:\WINDOWS\ifmjet.exe
C:\WINDOWS\WIN86.EXE

Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean.

adeuk · 10-05-2004, 11:44 AM

Thanks for your reply, here is my new HijackThis log for checking.
Logfile of HijackThis v1.97.7
Scan saved at 18:37:53, on 05/10/04
Platform: Windows 95 B (Win9x 4.00.1212)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\TBRIDGE\FLATBED.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\SPYWAREBEGONE\SPYWAREBEGONE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\WINDOWS\RUNDLL32.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http://www-cache.freeserve.net:8080;gopher=http://www-cache.freeserve.net:8080;http=http://www-cache.freeserve.net:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
F1 - win.ini: load=C:\TBridge\Flatbed.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [QTWFIX] RunDLL.exe setupx.dll,InstallHinfSection RunFix 132 c:\windows\INF\qtwfix.inf
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\PROGRAM FILES\REAL\REALJUKEBOX\tsystray.exe"
O4 - HKLM\..\Run: [breathe] rundll32 C:\PROGRA~1\VISP\RyDial.dll,QuickStart
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Spyware Begone] C:\SPYWAREBEGONE\SPYWAREBEGONE.EXE -FastScan
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

greyknight17 · 10-05-2004, 11:57 AM

You have an outdated version of HijackThis. Click here to get the latest version of HijackThis.

Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com.

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures
below.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure
that the System Files and Folders are showing/visible also.

Reboot into Safe Mode (hit F8 key until menu shows up).

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click
Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\SPYWAREBEGONE\SPYWAREBEGONE.EXE

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

SpywareBegone - it’s rogueware and we highly recommend that you uninstall it. Rogue/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection.

Check and fix the following in HijackThis if they still exist (make sure not to miss any):

O4 - HKCU\..\Run: [Spyware Begone] C:\SPYWAREBEGONE\SPYWAREBEGONE.EXE -FastScan

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them)
and delete them if they exist:

C:\SPYWAREBEGONE\

Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean.

To help prevent future spyware installations/infections, please read the anti-spyware section and use the tools provided.

10-03-2004, 05:47 AM	#1 (permalink)
adeuk Registered User Join Date: Oct 2004 Posts: 2 OS: Win95	Win86.exe problem Hi, I'm a newbie & not very computer minded so please be gentle with me! I've recently encountered a problem where every few seconds my connection manager pops up with the message 'The program "win86.exe" has requested access to the internet. Please 'connect' to dial. I've done a search & it seems to be linked to a spyware/adware problem but I'm not sure. I've run Spywarebegone & the online virus scan TrendMicro but the problem still exists. I've tried to run Ad-aware as advised but can't get it to run. Please could somebody tell me how to fix this problem. I would be very grateful. Thank you. Logfile of HijackThis v1.98.2 Scan saved at 11:36:58, on 03/10/04 Platform: Windows 95 B (Win9x 4.00.1212) MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\TBRIDGE\FLATBED.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\WINDOWS\WIN86.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\tapiexe.exe C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\XP3Y5G3I\HIJACKTHIS[1].EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve F1 - win.ini: load=C:\TBridge\Flatbed.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [Atikey] Atitask.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe O4 - HKLM\..\Run: [QTWFIX] RunDLL.exe setupx.dll,InstallHinfSection RunFix 132 c:\windows\INF\qtwfix.inf O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\PROGRAM FILES\REAL\REALJUKEBOX\tsystray.exe" O4 - HKLM\..\Run: [breathe] rundll32 C:\PROGRA~1\VISP\RyDial.dll,QuickStart O4 - HKLM\..\Run: [WinInit] Win86.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Spyware Begone] C:\SPYWAREBEGONE\SPYWAREBEGONE.EXE -FastScan O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

10-03-2004, 10:26 AM	#2 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,960 OS: Vista Home Premium, SP 27	Howdy! Download CWShredder and click on Fix (it will automatically fix anything it finds for you). If it asks if you want to delete a certain random file, choose No and post that filename here. Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below. Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it): ifmjet.exe WIN86.EXE Check and fix the following in HijackThis if they still exist (make sure not to miss any): O4 - HKLM\..\Run: [ifmjet] C:\WINDOWS\ifmjet.exe O4 - HKLM\..\Run: [howhvsvjt] C:\WINDOWS\system32\dvzbzsfd.exe C:\WINDOWS\WIN86.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm O4 - HKLM\..\Run: [WinInit] Win86.exe Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: C:\WINDOWS\ifmjet.exe C:\WINDOWS\WIN86.EXE Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

10-05-2004, 11:44 AM	#3 (permalink)
adeuk Registered User Join Date: Oct 2004 Posts: 2 OS: Win95	Updated HijackThis log Thanks for your reply, here is my new HijackThis log for checking. Logfile of HijackThis v1.97.7 Scan saved at 18:37:53, on 05/10/04 Platform: Windows 95 B (Win9x 4.00.1212) MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\TBRIDGE\FLATBED.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE C:\WINDOWS\RunDLL.exe C:\SPYWAREBEGONE\SPYWAREBEGONE.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\tapiexe.exe C:\WINDOWS\RUNDLL32.EXE C:\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http://www-cache.freeserve.net:8080;gopher=http://www-cache.freeserve.net:8080;http=http://www-cache.freeserve.net:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm F1 - win.ini: load=C:\TBridge\Flatbed.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [Atikey] Atitask.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe O4 - HKLM\..\Run: [QTWFIX] RunDLL.exe setupx.dll,InstallHinfSection RunFix 132 c:\windows\INF\qtwfix.inf O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\PROGRAM FILES\REAL\REALJUKEBOX\tsystray.exe" O4 - HKLM\..\Run: [breathe] rundll32 C:\PROGRA~1\VISP\RyDial.dll,QuickStart O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Spyware Begone] C:\SPYWAREBEGONE\SPYWAREBEGONE.EXE -FastScan O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

10-05-2004, 11:57 AM	#4 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,327 OS: Windows 98 & Windows XP Home/Pro My System	You have an outdated version of HijackThis. Click here to get the latest version of HijackThis. Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com. Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below. Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it): C:\SPYWAREBEGONE\SPYWAREBEGONE.EXE Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: SpywareBegone - it’s rogueware and we highly recommend that you uninstall it. Rogue/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection. Check and fix the following in HijackThis if they still exist (make sure not to miss any): O4 - HKCU\..\Run: [Spyware Begone] C:\SPYWAREBEGONE\SPYWAREBEGONE.EXE -FastScan Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: C:\SPYWAREBEGONE\ Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean. To help prevent future spyware installations/infections, please read the anti-spyware section and use the tools provided. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools