Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack Log


  • Please log in to reply

#1
bsadams23

bsadams23

    New Member

  • Member
  • Pip
  • 1 posts
here is the hijack log: this is my cousin's comptuer and i keep it running well. ive run ad-adware and spybot S&D, but i wanted to submit this log to make double sure nothing was left on it. thanks


Logfile of HijackThis v1.98.2
Scan saved at 6:21:31 PM, on 9/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\NAVISEARCH\BIN\NLS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\TV MEDIA\TVMBHO.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\SYSTEM\NVMS.DLL
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\STOP-THE-POP-UP DEMO\STOPTHEPOP.EXE" -minimized
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: WebConnect Pro 6.2.10 - https://secureconnec...ebConnectDU.cab
O16 - DPF: {10101010-1010-1111-1010-101010101011} - mhtml:C:\\NO_SUCH_MHT.MHT!http://216.240.137.40/g1.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol hijack: mhtml -
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Hi bsadams23, welcome to GTG! <_<

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\TV MEDIA\TVMBHO.DLL
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\SYSTEM\NVMS.DLL
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O16 - DPF: {10101010-1010-1111-1010-101010101011} - mhtml:C:\\NO_SUCH_MHT.MHT!http://216.240.137.40/g1.exe
O18 - Protocol hijack: mhtml -

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\TV MEDIA\TVMBHO.DLL
C:\WINDOWS\SYSTEM\MSBE.DLL
C:\WINDOWS\SYSTEM\NVMS.DLL
C:\WINDOWS\SYSTEM\MSCB.DLL
C:\WINDOWS\LOCALNRD.DLL

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :D
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP