hello 2 u all, im new here and im happy to be here.
it all started when i had a few problems in my computer, at first i couldnt drag icons on the desktop(like for the garbagecan )
and then i could not open a second window on the explorer, you know, like if you click right button on the mouse and try to open in a new window...i get blank page...without any writing what so ever...not even in the address bar, not even "blank"...so i ran macafee, and it showed me the AANTX.DLL in windows/system

and then i hit google for some answers and got the hijack this with a toturial for it.

then i got this forum and saw another guy showing his log....now i have a problem, i have that virus, but my log say nothing about it....

i put my log to your wisdom....what do you sugest ill do?

Logfile of HijackThis v1.99.0
Scan saved at 18:23:09, on 25/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MEDIASCAPE\AIRBOARD MANAGER\MEDIACTR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\MEDIASCAPE\AIRBOARD MANAGER\AIRBOARD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\EMULE\EMULE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.833\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.walla.co.il
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.hugesearch.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.walla.co.il
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {F6890109-15D9-7BCD-A66A-F4AECA724F15} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: IEWorkaround Class - {08442457-929D-4522-AE24-9D3E4664A0C1} - C:\PROGRAM FILES\IE URL SPOOFING PATCH\IEWORKAROUND3.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [KBD MediaCenter] C:\Program Files\Mediascape\Airboard Manager\MediaCtr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SuperRam] "C:\PROGRAM FILES\SUPERRAM\SUPERRAM.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVU/launcher.cab
O16 - DPF: {51C98AC0-31D3-4049-B659-24389E0D94E3} (TCM3Control Control) - http://video.icellcom.co.il/TCM3Viewer.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4416/mcfscan.cab

thanx for your time and answers, sorry for the grammer and speling mistakes(im not an native english speaker)
hope to here from you soon.

madm00n.

You have some problems there... Before anything else, please move HJT to a permanent folder... You are running it from a Temp folder and it is a good idea to clear Temp folders out when you have this kind of problem and that means it could be deleted...

Then please download and run CWShredder from either the link for it or for HJT in my links...

Then open HJT and check these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.hugesearch.net/bar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {F6890109-15D9-7BCD-A66A-F4AECA724F15} - (no file)

If you don't recognize this, it would be a good idea to mark these items as well:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.walla.co.il
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.walla.co.il

If you did not use Spybot or another protection program to set these, check them as well:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Now close all open windows except HJT and click Fix Checked....

Reboot and post a fresh log...

thanx for the help.
i did like you said, i checked 4 rows, the others i knew and i do use spyboot so i didnt check them as well.

then i did reboot and this is the new log :

Logfile of HijackThis v1.99.0
Scan saved at 18:25:17, on 26/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MEDIASCAPE\AIRBOARD MANAGER\MEDIACTR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\MEDIASCAPE\AIRBOARD MANAGER\AIRBOARD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.walla.co.il
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.walla.co.il
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: IEWorkaround Class - {08442457-929D-4522-AE24-9D3E4664A0C1} - C:\PROGRAM FILES\IE URL SPOOFING PATCH\IEWORKAROUND3.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [KBD MediaCenter] C:\Program Files\Mediascape\Airboard Manager\MediaCtr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SuperRam] "C:\PROGRAM FILES\SUPERRAM\SUPERRAM.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVU/launcher.cab
O16 - DPF: {51C98AC0-31D3-4049-B659-24389E0D94E3} (TCM3Control Control) - http://video.icellcom.co.il/TCM3Viewer.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4416/mcfscan.cab


i must tell u, i see no changes, still cant open a page in a new window(all i get is a blank page with no address), and still i cant drag items on my screen...mybe the things we did are helping in he background, but how can i fix ny problems?....

i await patiencely for yor reply, thanx again,

madm00n.

It looks like your log is clean, so you need to move on to running a series of scans... I would start with Spybot since you have that already... Make sure you have version 1.3 or higher and that it has been updated...

Next download and run Ad-Aware SE... Again, make sure it is updated before running it...

Use the links in my signature to run at least one online virus scan... Housecall seems to be the better one at the moment...

If these don't work, there are a couple of other things we can do... Post back with a progress report so we can tell if more needs to be done...

captains log stardate 2219763 :

ive tried to fix up the problems in my win dir by myself.
our engineers told me that deleting this speciphic file would be a snack...boy they where wrong...when i tried to enter my sys after reboot i found it wont respond...

after 40 min of dispare and on the edge of mental colapse, abadoned on some forsaken planet called unplugged reality, a friend of my brother came out of noware and rescue me...we manage to boot the cd-rom and repair the win system all over...when i was finaly on line i remembered the words of the wise guru budford and realised its sooo smart that i followed his instructions b4 the big crash...i now only have to run the series of minor checkups and im set for takeoff again.....to explore the deep realms of the web...to surf where no man had surf b4.....

the end.


p.s.

thanks for all of your help bro, all is working properly, the combination of your guidence and the total sys crash did the trick this time, cant really put my finger on what exactly did it, but all sys working properly.
as they say what comes arround goes arround....next time is on me...

madm00n.