Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i've been hijacked by TIBS and various spyware


  • This topic is locked This topic is locked

#1
oz615

oz615

    Member

  • Member
  • PipPip
  • 14 posts
Can anyone please help me get rid of the spyware/addware on my PC. I've tried spybot and Ad-Aware,I've even tried removing it in safe mode,but everytime i reboot it comes right back up,but heres my log

Logfile of HijackThis v1.98.2
Scan saved at 10:38:01 PM, on 3/15/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE
C:\WINDOWS\SYSTEM\CMD32.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\WINDOWS\SYSTEM\BO2OADER.EXE
C:\PROGRAM FILES\ADVANCED INTERNET ERASER\AIE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNOJHJS.EXE
C:\WINDOWS\APPLICATION DATA\NSAC.EXE
C:\WINDOWS\SYSTEM\MFCI2RC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\BOOTMINDER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\INTFFDSRONSAD.EXE
C:\WINDOWS\SYSTEM\US3432XZCB.EXE
C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.mensactivism.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.mensactivism.org/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\9d2gywgv.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\9d2gywgv.slt\prefs.js)
O2 - BHO: (no name) - {263BC1E9-2B03-29FC-28D4-2287EAF1E9C9} - C:\WINDOWS\SYSTEM\HMTNHMT.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {EB1789BE-959E-11D9-BAEC-00E07AA11867} - C:\WINDOWS\SYSTEM\BFLGC.DLL
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN8\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\WINDOWS\TEMP\MINIBUG.EXE 1
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run
O4 - HKLM\..\Run: [skcdhth] c:\windows\system\skcdhth.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [qs8h36U] BO2OADER.EXE
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\SYSTEM\ap9h4qmo.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [AIE] C:\PROGRAM FILES\ADVANCED INTERNET ERASER\AIE.exe
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run
O4 - HKCU\..\Run: [Fuyjco] C:\WINDOWS\SYSTEM\rnojhjs.exe
O4 - HKCU\..\Run: [Acuu] C:\WINDOWS\Application Data\nsac.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [bBrnRWYnR] MFCI2RC.EXE
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Bootminder 2.lnk = C:\WINDOWS\bootminder.exe
O8 - Extra context menu item: &Anonymization - C:\WINDOWS\SYSTEM\sys32.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Anonymization.Net - {8B466019-1E6E-4552-A096-7C0A2876E50E} - C:\WINDOWS\SYSTEM\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {D7F884A0-959E-11D9-BAEC-00E006FC779B} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7F884A0-959E-11D9-BAEC-00E006FC779B} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {EBFCEB20-959F-11D9-BAEC-00E006FC779B} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EBFCEB20-959F-11D9-BAEC-00E006FC779B} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {7061BDA0-95A0-11D9-BAEC-00E006FC779B} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7061BDA0-95A0-11D9-BAEC-00E006FC779B} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {3BC7E100-9569-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3BC7E100-9569-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8D370F60-9592-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D370F60-9592-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6E5A0060-9598-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6E5A0060-9598-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D7F884A0-959E-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7F884A0-959E-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EBFCEB20-959F-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EBFCEB20-959F-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7061BDA0-95A0-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7061BDA0-95A0-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O12 - Plugin for .cfm: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppl3260.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fasta...oad/tgctlcm.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azese...l/azesearch.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
O18 - Filter: text/html - {799DE9A0-9598-11D9-BAEC-00E057F3CE01} - C:\WINDOWS\SYSTEM\BFLGC.DLL
O18 - Filter: text/plain - {799DE9A0-9598-11D9-BAEC-00E057F3CE01} - C:\WINDOWS\SYSTEM\BFLGC.DLL

again if anyone there,please help me.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP