Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE Hijacked[RESOLVED]

Started by Foxy1983 , May 07 2005 03:53 PM

  • This topic is locked This topic is locked

#1
Foxy1983
Posted 07 May 2005 - 03:53 PM

Foxy1983

    New Member

  • Member
  • Pip
  • 4 posts
Please please please help me. IE has been hijacked, and comes up as 'about:blank' in the address bar, but the page is called 'search for..', full of pop-ups etc, whenever I do anything. I've tried deleting keys in the registry whch may have caused it, run Ad-Aware, Spybot, Spyware Blaster, AVG, Start page guard, Hijack this etc, but nothing has worked. I've run out of ideas. Also run msconfig to disable items in start up,

Heres my log, does anyone have ideas?

Logfile of HijackThis v1.99.1
Scan saved at 22:50:12, on 07/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\WS_FTP PRO\WSBHO2K0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {DA233AC7-BF49-11D9-9250-000DF9F3AC50} - C:\WINDOWS\SYSTEM\JHFJ.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...atch/EARTPX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://81.26.113.246...in/h263ctrl.cab
O18 - Filter: text/html - {DA233AC6-BF49-11D9-9250-000D96BF09CB} - C:\WINDOWS\SYSTEM\JHFJ.DLL
O18 - Filter: text/plain - {DA233AC6-BF49-11D9-9250-000D96BF09CB} - C:\WINDOWS\SYSTEM\JHFJ.DLL
  • 0

Advertisements

#2
don77
Posted 07 May 2005 - 04:11 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi and welcome Foxy1983

Download SpSeHjfix into a folder. Disconnect from the net and Close ALL OPEN PROGRAMS. Run 'SpSeHjfix' and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.
  • 0

#3
Foxy1983
Posted 07 May 2005 - 04:26 PM

Foxy1983

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the quick reply, my start page appears to be set back to google as i have it usually, but heres what you asked for:



Hijack this log::

Logfile of HijackThis v1.99.1
Scan saved at 23:26:23, on 07/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\WS_FTP PRO\WSBHO2K0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {769985AB-BF4D-11D9-9250-000DC73C89AE} - C:\WINDOWS\SYSTEM\JHFJ.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...atch/EARTPX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Filter: text/html - {769985AA-BF4D-11D9-9250-000DA8702C35} - C:\WINDOWS\SYSTEM\JHFJ.DLL
O18 - Filter: text/plain - {769985AA-BF4D-11D9-9250-000DA8702C35} - C:\WINDOWS\SYSTEM\JHFJ.DLL

__________________________________________________
SPSeHjFix log:


(5/7/05 23:18:36) SPSeHjFix started v1.1.2
(5/7/05 23:18:36) OS: Win98SE A (4.10.2222)
(5/7/05 23:18:36) Language: english
(5/7/05 23:18:36) Win-Path: C:\WINDOWS
(5/7/05 23:18:36) System-Path: C:\WINDOWS\SYSTEM
(5/7/05 23:18:36) Temp-Path: C:\WINDOWS\TEMP\
(5/7/05 23:18:39) Disinfection started
(5/7/05 23:18:39) Bad-Dll(IEP): c:\windows\temp\se.dll
(5/7/05 23:18:39) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\JHFJ.DLL
(5/7/05 23:18:39) Searchassistant Uninstaller - Keys Deleted
(5/7/05 23:18:39) UBF: 6 - UBB: 2 - UBR: 3
(5/7/05 23:18:39) FilterKey: HKCR\text/html (deleted)
(5/7/05 23:18:39) FilterKey: HKCR\CLSID\{DA233AC9-BF49-11D9-9250-000DE7209DB9} (deleted)
(5/7/05 23:18:39) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(5/7/05 23:18:39) FilterKey: HKCR\text/plain (deleted)
(5/7/05 23:18:39) FilterKey: HKCR\CLSID\{DA233AC9-BF49-11D9-9250-000DE7209DB9} (error while deleting)
(5/7/05 23:18:39) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(5/7/05 23:18:39) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA233ACA-BF49-11D9-9250-000D17F203CE} (deleted)
(5/7/05 23:18:39) BHO-Key: HKCR\CLSID\{DA233ACA-BF49-11D9-9250-000D17F203CE} (deleted)
(5/7/05 23:18:39) UBF: 4 - UBB: 1 - UBR: 3
(5/7/05 23:18:39) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(5/7/05 23:18:39) Stealth-String found: C:\WINDOWS\DEFAURT.SFC
(5/7/05 23:18:39) File added to delete: c:\windows\system\jhfj.dll
(5/7/05 23:18:39) File added to delete: c:\windows\defaurt.sfc
(5/7/05 23:18:39) Reboot
(5/7/05 23:20:24) SPSeHjFix 2nd Step
(5/7/05 23:20:24) Stealth-String not present. Disinfection succesfully
(5/7/05 23:20:29) Cleaned


(5/7/05 23:20:37) SPSeHjFix started v1.1.2
(5/7/05 23:20:37) OS: Win98SE A (4.10.2222)
(5/7/05 23:20:37) Language: english
(5/7/05 23:20:37) Win-Path: C:\WINDOWS
(5/7/05 23:20:37) System-Path: C:\WINDOWS\SYSTEM
(5/7/05 23:20:37) Temp-Path: C:\WINDOWS\TEMP\
(5/7/05 23:20:40) Disinfection started
(5/7/05 23:20:40) Bad-Dll(IEP): c:\windows\temp\se.dll
(5/7/05 23:20:40) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\JHFJ.DLL
(5/7/05 23:20:40) Searchassistant Uninstaller - Keys Deleted
(5/7/05 23:20:40) UBF: 6 - UBB: 3 - UBR: 4
(5/7/05 23:20:40) FilterKey: HKCR\text/html (deleted)
(5/7/05 23:20:40) FilterKey: HKCR\CLSID\{7CA7D0A3-BF4D-11D9-9250-000D4A037842} (deleted)
(5/7/05 23:20:40) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(5/7/05 23:20:40) FilterKey: HKCR\text/plain (deleted)
(5/7/05 23:20:40) FilterKey: HKCR\CLSID\{7CA7D0A3-BF4D-11D9-9250-000D4A037842} (error while deleting)
(5/7/05 23:20:40) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(5/7/05 23:20:40) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CA7D0A4-BF4D-11D9-9250-000DC5EAE036} (deleted)
(5/7/05 23:20:40) BHO-Key: HKCR\CLSID\{7CA7D0A4-BF4D-11D9-9250-000DC5EAE036} (deleted)
(5/7/05 23:20:40) UBF: 4 - UBB: 2 - UBR: 4
(5/7/05 23:20:40) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(5/7/05 23:20:40) Stealth-String found: C:\WINDOWS\DEFAURT.SFC
(5/7/05 23:20:40) File added to delete: c:\windows\system\jhfj.dll
(5/7/05 23:20:40) File added to delete: c:\windows\defaurt.sfc
(5/7/05 23:20:40) Reboot
(5/7/05 23:20:41) Disinfection started
(5/7/05 23:20:41) Bad-Dll(IEP): c:\windows\temp\se.dll
(5/7/05 23:20:41) UBF: 4 - UBB: 2 - UBR: 4
(5/7/05 23:20:41) UBF: 4 - UBB: 2 - UBR: 4
(5/7/05 23:20:41) Bad IE-pages: (none)
(5/7/05 23:20:41) Stealth-String found: C:\WINDOWS\DEFAURT.SFC
(5/7/05 23:20:41) File added to delete: c:\windows\system\jhfj.dll
(5/7/05 23:20:41) File added to delete: c:\windows\defaurt.sfc
(5/7/05 23:20:41) Reboot
(5/7/05 23:22:55) SPSeHjFix 2nd Step
(5/7/05 23:22:55) Stealth-String not present. Disinfection succesfully
(5/7/05 23:22:58) Cleaned


(5/7/05 23:23:00) SPSeHjFix started v1.1.2
(5/7/05 23:23:00) OS: Win98SE A (4.10.2222)
(5/7/05 23:23:00) Language: english
(5/7/05 23:23:00) Win-Path: C:\WINDOWS
(5/7/05 23:23:00) System-Path: C:\WINDOWS\SYSTEM
(5/7/05 23:23:00) Temp-Path: C:\WINDOWS\TEMP\
(5/7/05 23:23:01) Disinfection started
(5/7/05 23:23:01) Bad-Dll(IEP): c:\windows\temp\se.dll
(5/7/05 23:23:01) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\JHFJ.DLL
(5/7/05 23:23:01) Searchassistant Uninstaller - Keys Deleted
(5/7/05 23:23:01) UBF: 6 - UBB: 3 - UBR: 4
(5/7/05 23:23:01) FilterKey: HKCR\text/html (deleted)
(5/7/05 23:23:01) FilterKey: HKCR\CLSID\{769985A7-BF4D-11D9-9250-000D467183AB} (deleted)
(5/7/05 23:23:01) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(5/7/05 23:23:01) FilterKey: HKCR\text/plain (deleted)
(5/7/05 23:23:01) FilterKey: HKCR\CLSID\{769985A7-BF4D-11D9-9250-000D467183AB} (error while deleting)
(5/7/05 23:23:01) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(5/7/05 23:23:01) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769985A8-BF4D-11D9-9250-000D37EE17D9} (deleted)
(5/7/05 23:23:01) BHO-Key: HKCR\CLSID\{769985A8-BF4D-11D9-9250-000D37EE17D9} (deleted)
(5/7/05 23:23:01) UBF: 4 - UBB: 2 - UBR: 4
(5/7/05 23:23:01) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(5/7/05 23:23:01) Stealth-String found: C:\WINDOWS\DEFAURT.SFC
(5/7/05 23:23:01) File added to delete: c:\windows\system\jhfj.dll
(5/7/05 23:23:01) File added to delete: c:\windows\defaurt.sfc
(5/7/05 23:23:01) Reboot
(5/7/05 23:24:01) SPSeHjFix 2nd Step
(5/7/05 23:24:02) Stealth-String not present. Disinfection succesfully
(5/7/05 23:24:06) Cleaned
  • 0

#4
don77
Posted 07 May 2005 - 04:34 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Good deal looks to have cleaned most of it up, Couple more things to do here,
  • Download and install Cleanup
  • Dowload the following program
    CWShredder
    It should be the current version, but check for updates
    “Don’t run it yet”
  • Please download and install Ad-aware.
    Setting up Ad-aware- please make sure you update it first



  • Next,. Reboot into SAFE MODE
    Please restart HJT put a check next to the following if they still exist, close all open windows and click “fix.checked”
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {769985AB-BF4D-11D9-9250-000DC73C89AE} - C:\WINDOWS\SYSTEM\JHFJ.DLL (file missing)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O18 - Filter: text/html - {769985AA-BF4D-11D9-9250-000DA8702C35} - C:\WINDOWS\SYSTEM\JHFJ.DLL
    O18 - Filter: text/plain - {769985AA-BF4D-11D9-9250-000DA8702C35} - C:\WINDOWS\SYSTEM\JHFJ.DLL

    make sure you can view all View all Hidden Files/Folders search for and delete the following in BOLD if still present

    C:\WINDOWS\SYSTEM\JHFJ.DLL

  • While still in safe mode
    Run Program cwshredder and have it fix anything it finds.
    Make sure you click the “Fix” button


  • Open Cleanup! Click on clean up now and let it run,
    When it has finished click NO to reboot now.

  • Scan with AdAware have it remove what it finds
  • Restart your computer, Post back a fresh log please

  • 0

#5
Foxy1983
Posted 07 May 2005 - 04:55 PM

Foxy1983

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
AD AWARE LOG:

Ad-Aware SE Build 1.05
Logfile Created on:07 May 2005 23:51:07
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


07-05-05 23:51:07 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : .DEFAULT\software\kazaa\search
Description : list of recent searches performed with sharman networks kazaa


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291785635
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294921171
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294948003
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294936087
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294937683
Threads : 18
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:6 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294743707
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:7 [AVGEMC.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4294736627
Threads : 7
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:8 [MSNMSGR.EXE]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294801011
Threads : 22
Priority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:9 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294052235
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:10 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294175563
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:11 [IEXPLORE.EXE]
FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
ProcessID : 4293927383
Threads : 19
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

23:54:11 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:04.0
Objects scanned:71172
Objects identified:0
Objects ignored:0
New critical objects:0

________________________________________________
HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 23:56:20, on 07/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\WS_FTP PRO\WSBHO2K0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...atch/EARTPX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#6
don77
Posted 07 May 2005 - 05:56 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Nice job your log is clean !
How is it running ?
Please use the following suggestion to help prevent reinfection

Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep Ad-aware and Spybot handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program
Download and install Cleanup
Run "Cleanup" and when it has finished, Reboot

Remeber to Check Windows for updates
  • 0

#7
Foxy1983
Posted 07 May 2005 - 06:11 PM

Foxy1983

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the help don77, Im not experiencing any of the problems I was when I initially posted on the forum, I'm really really impressed and very very grateful!! :tazz:

Edited by Foxy1983, 07 May 2005 - 06:11 PM.

  • 0

#8
don77
Posted 07 May 2005 - 06:17 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
your very welcome glad I could help !
  • 0

#9
don77
Posted 07 May 2005 - 06:25 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP