Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help me [CLOSED]


  • This topic is locked This topic is locked

#1
herman22

herman22

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:49:58 PM, on 4/8/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://searchforfree.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchforfree.info/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {100F5040-0FE2-11d3-8A81-00C04F529A5F} - (no file)
O2 - BHO: (no name) - {0388EC16-BA98-416f-9D9B-B9A031E427AF} - C:\WINDOWS\SYSTEM\vr9uh38e3n1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 6.0\IOMON98.EXE"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [FX] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELOADER.EXE
O4 - HKLM\..\Run: [isystem] C:\WINDOWS\SYSTEM\isystem.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
O4 - HKLM\..\Run: [C:\WINDOWS\SYSTEM\nvdsvc32.exe ] C:\WINDOWS\SYSTEM\nvdsvc32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 6.0\IOMON98.EXE"
O4 - HKLM\..\RunServices: [PPHIDPAD] C:\WINPENJR\WIN32\PPHIDPAD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKCU\..\Run: [ICQ Plus] C:\PROGRA~1\ICQPLUS\vplus.exe
O4 - HKCU\..\Run: [ldriver] C:\WINDOWS\SYSTEM\ldriver.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O15 - Trusted Zone: http://*.msn.com (HKLM)
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {2F09FE00-B790-11D1-8157-00A0C90DD90C} (MSNBC News Browser Control 2.3) - http://www.msnbc.com...load/nb0330.cab
O16 - DPF: Yahoo! MahJong - http://yog13.yahoo.com/yog/y/oi0_x.cab
O16 - DPF: {AABDAB84-5B60-11D1-A046-0000F803FC79} - http://fdl.msn.com/z...4/heartbeat.cab
O16 - DPF: Yahoo! Blackjack - http://yog6.yahoo.com/yog/y/jf0_x.cab
O16 - DPF: Yahoo! Hearts - http://yog5.yahoo.com/yog/y/hf0_x.cab
O16 - DPF: Yahoo! Chess - http://yog1.yahoo.com/yog/y/cf0_x.cab
O16 - DPF: Yahoo! Go - http://yog12.yahoo.com/yog/y/gd0_x.cab
O16 - DPF: Yahoo! Bridge - http://yog11.yahoo.com/yog/y/bd2_x.cab
O16 - DPF: Yahoo! Reversi - http://yog13.yahoo.com/yog/y/ri0_x.cab
O16 - DPF: Yahoo! Poker - http://yog10.yahoo.com/yog/y/pf0_x.cab
O16 - DPF: {E89366AF-2E44-11D1-91AE-006097D602F7} (FileAccess Control) - http://www3.briefcas...vex/vfile03.dll
O16 - DPF: Yahoo! Towers 2.0 - http://yog14.yahoo.c...og/y/ywi2_x.cab
O16 - DPF: Dialpad US Java Applet - http://dialpad.com/applet/src/vscp.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://vparivalka.co...::/ieloader.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ucsd.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = ucsd.edu,resnet.ucsd.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.54.16.2,137.110.0.26,132.239.1.52
O21 - SSODL: nBCIaKVDPY - {24481408-8EE2-BEA2-57F8-7E905BBA0CD6} - C:\WINDOWS\SYSTEM\TTJ.DLL



done. But still same.Logfile of HijackThis v1.99.1
Scan saved at 4:53:36 AM, on 4/10/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TREND PC-CILLIN 6.0\IOMON98.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 6.0\WEBTRAP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://searchforfree.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchforfree.info/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://searchforfree.info/browser/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 6.0\IOMON98.EXE"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [FX] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELOADER.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [isystem] C:\WINDOWS\SYSTEM\isystem.exe
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 6.0\IOMON98.EXE"
O4 - HKLM\..\RunServices: [PPHIDPAD] C:\WINPENJR\WIN32\PPHIDPAD.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ldriver] C:\WINDOWS\SYSTEM\ldriver.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O15 - Trusted Zone: http://*.msn.com (HKLM)
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: Yahoo! Go - http://yog12.yahoo.com/yog/y/gd0_x.cab

Edited by herman22, 10 April 2005 - 05:54 AM.

  • 0

Advertisements


#2
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
We'll use some clean-up tools first - if you already have any of these and you are sure they are the latest versuion then just skip and move on to the next one.

Click here to download CWShredder v2.14 and run it, hit 'fix' as opposed to 'scan only'. Reboot when done.

Click here to download Spybot Search & Destroy v1.3 - install, update, scan and fix all RED items it finds. Reboot when done.

Click here to download Ad-Aware SE and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Click "Start", select "Perform Full System scan" and "Next" to start the scan. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?". Reboot when done.

Rescan with HJT and post a new log here so that any remnants can be removed manually.

Edited by Daemon, 09 April 2005 - 02:55 AM.

  • 0

#3
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Due to inactivity this topic will be closed.

If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP