Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Have backdoor virus and posted my Hijack this log


  • Please log in to reply

#1
emmauncas

emmauncas

    New Member

  • Member
  • Pip
  • 1 posts
Hello.
This is my first time here and this is a great resource! Thank you to all who do this.
I read the steps and have done everything required that I could do with a Win 98 system. But...I think I'm still infected. My screen does a lot of blinking and goes very slow.
Thank you in advance. I will happily make a donation in exchange for some help.

Logfile of HijackThis v1.99.1
Scan saved at 5:14:44 PM, on 5/12/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\IJ75P2PS.EXE
C:\WINDOWS\LOADQM.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\OPWARE32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\opware16.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\EREG\REMIND32.EXE
C:\AMERICA ONLINE 4.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\TOOLS\HIJACKTHIS\HIJACKTHIS.EXE
C:\COMPAQ\CPQINET\CPQNPCSS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...e...0409&c=1c00
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...bar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MSN
F1 - win.ini: run=hpfsched
O2 - BHO: QPHlprObj Class - {EFD440C0-0943-11d3-9D65-00A0CC22CBC4} - C:\WINDOWS\QPHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe
O4 - HKLM\..\Run: [CompaqPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [IJ75P2PSERVER] IJ75P2PS.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] c:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPFMonitor] c:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
O4 - Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&lc=0409 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab
O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL




Uninstall List
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements
America Online
ArcSoft PhotoBase
Built-In Technician
Canon PhotoRecord
Canon ScanGear Toolbox 3.1
Carbon Copy 32
CeQuadrat just!burn
CeQuadrat PacketCD
CheckIt Diagnostics
Compaq Desktop100 Screen Saver
Compaq Diagnostics for Windows
Compaq Hardware Discovery
Compaq IE Custom
Compaq IE5 Customization
Compaq IJ300 Electronic Registration
Compaq OOBE Online
Compaq Quick Print
Compaq Quick Print 2-Up
Compaq WebISP
Compaq WebReg
Compaq Wizard Host Online
Compaq.NET Registration
CPQ Hardware Discovery
Easy Access Button Support
Eudora
HijackThis 1.99.1
Hijackthis 1.99.1
HP DeskJet 880C Series (Remove only)
HSP56 MicroModem Drivers
Internet Explorer Q916281
Kaspersky Online Scanner
KODAK DC3200
LivePresence
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Microsoft Connection Manager
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia 2000
Microsoft Excel 2000
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft VGX Q833989
Microsoft Word 2000
Microsoft Works 2000
Moraff's MomJongg 1.00
MouseWare
MSN Internet Access 5.6
MSN Messenger 4.5
Napster v2.0 BETA 9
Netscape SmartDownload 1.5
NetWaiting
Network Play System (Patching)
Norton SystemWorks 2005 Premier (Symantec Corporation)
OmniPage Pro 9.0
On-Screen Display
PerformanceTest v5.0
RioPort Audio Manager
Scan Manager 5.2
Security Update for Windows 98 (KB913433)
Service Connection
Shockwave
SUPERAntiSpyware Free Edition
Windows 98 KB891711 Update
Windows 98 KB896358 Update
Windows 98 KB908519 Update
Windows 98 KB918547 Update
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows 98 Q888113 Update
Windows 98 Q890175 Update
Windows 98 Second Edition Digital Video Update
Zoom V.92 PCI Voice Faxmodem
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP