Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

School's PC


  • Please log in to reply

#1
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Logfile of HijackThis v1.97.7
Scan saved at 2:29:49 PM, on 11/4/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RGWXRB.EXE
C:\WINDOWS\WJVIEW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\COMPAQ\COMPAQ EAB SOFTWARE\CPQEK.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SALM.EXE
C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
C:\PROGRAM FILES\NAVISEARCH\BIN\NLS.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER1.EXE
C:\PROGRAM FILES\CASHBACK\BIN\CASHBACK.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://search.search...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://search.search...look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.ieplugin.com/q.cgi?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://shinerisd.net...ate/proxy.rules
R3 - URLSearchHook: WebSearch Class -
{9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM
FILES\SE\V11\SE.DLL
O2 - BHO: (no name) - {02478D28-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} -
C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} -
C:\WINDOWS\SYSTB.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -
C:\PROGRAM FILES\BARGAIN BUDDY\BIN\APUC.DLL
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} -
C:\PROGRAM FILES\SE\V11\SE.DLL
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B}
- C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -
C:\WINDOWS\SYSTEM\NVMS.DLL
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} -
C:\WINDOWS\SYSTEM\MSCB.DLL
O3 - Toolbar: &Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM
FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Intelligent Explorer -
{69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\SYSTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vptray] c:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [fsiluiszctbj] C:\WINDOWS\SYSTEM\rgwxrb.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [salm] c:\windows\salm.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V11\SE.EXE" /H
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM
FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [nglafsh] C:\WINDOWS\nglafsh.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\PROGRAM FILES\ERRORGUARD\ERRORGUARD.Exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [rtvscn95] c:\Program Files\Norton
AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] c:\Program Files\Norton
AntiVirus\defwatch.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM
FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: Event Reminder.lnk = C:\Program
Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk =
C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program
Files\America Online 8.0\aoltray.exe
O8 - Extra context menu item: Web Savings - file://C:\Program
Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: Ebates - file://C:\PROGRAM
FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O9 - Extra button: Ebates (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
- http://download.yaho...talls/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class)
- http://us.dl1.yimg.c...ymmapi_0727.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupd...7869.3895833333
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abet...X19105/thin.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
http://www.bundlewar...veX/DS3/DS3.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -
http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
http://www.errorguar...ion/Install.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = shinerisd
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.18.2.8

<_< I QUIT MY JOB AT SCHOOL! :D
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
I don't see anything too unusual. Want me to tell you what to remove?

P.S. You're using HJT 1.97.7
  • 0

#3
Smokey

Smokey

    Member 1K

  • Topic Starter
  • Retired Staff
  • 1,423 posts
What do you mean by "too unusual"? These lines seem suspect to me:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://search.search...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://search.search...look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
= http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.ieplugin.com/q.cgi?q=%s
R3 - URLSearchHook: WebSearch Class -
{9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM
FILES\SE\V11\SE.DLL
O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} -
C:\WINDOWS\SYSTB.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -
C:\PROGRAM FILES\BARGAIN BUDDY\BIN\APUC.DLL
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} -
C:\PROGRAM FILES\SE\V11\SE.DLL
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B}
- C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -
C:\WINDOWS\SYSTEM\NVMS.DLL
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} -
C:\WINDOWS\SYSTEM\MSCB.DLL
O4 - HKLM\..\Run: [fsiluiszctbj] C:\WINDOWS\SYSTEM\rgwxrb.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [salm] c:\windows\salm.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V11\SE.EXE" /H
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM
FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [nglafsh] C:\WINDOWS\nglafsh.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\PROGRAM FILES\ERRORGUARD\ERRORGUARD.Exe
O8 - Extra context menu item: Web Savings - file://C:\Program
Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: Ebates - file://C:\PROGRAM
FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O9 - Extra button: Ebates (HKCU)
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abet...X19105/thin.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
http://www.bundlewar...veX/DS3/DS3.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -
http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
http://www.errorguar...ion/Install.cab

Is there any special way to remove all these?
  • 0

#4
freek

freek

    Member

  • Member
  • PipPipPip
  • 167 posts
Alot of these can be deleted by just deleting the Folder in the "Program Files" directory. And for the other ones that aren't listed as "Programs", check the box beside them in HJT and click "Fix Checked" or something to that nature.
  • 0

#5
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
You've correctly identified all the entries that should be fixed! <_< That's what I meant when I said I saw nothing "unusual". You've fixed logs like this before.

Use Hijack This to fix, and delete the files identified in safe mode. If you'd like me to post my suggested fix, just ask. :D
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP