Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or start a new topic of your own. Joining allows you to enjoy all this forum has to offer. Learn more in our 
Ran your Start Here steps, this helped a bit, but trojan still popping up. Also had a rundll come up at starup C:\windows\cfgmgr52.dll. This also was listed in startup, I unchecked but after reboot was checked again. Here's my log file:
Logfile of HijackThis v1.99.1
Scan saved at 3:39:24 AM, on 10/15/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\HPHMON05.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\RLVKNLG.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\AT&T GLOBAL NETWORK CLIENT\NETCLIENT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/ebayISAPI.dll?MyeBay...yeBayAllSelling
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4D89FD2D-0ABB-BF3C-30E7-1ED12E920BF3} - C:\WINDOWS\Nymspnea.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\SYSTEM\HSIJYGK.DLL (file missing)
O2 - BHO: SDWin32 Class - {B2BB2960-CD23-11D9-A6E3-0080AD74888E} - C:\WINDOWS\SYSTEM\YZVTY.DLL (file missing)
O2 - BHO: (no name) - {5AFE26E4-85E8-155F-2095-56BBE8B72F2C} - C:\WINDOWS\Nymspnea.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Search - {5A64AD8A-2A68-957A-1325-C3C464194F98} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WUAUCLT.DLL,SHStart
O4 - HKLM\..\Run: [ka7t5vbb] C:\WINDOWS\SYSTEM\ka7t5vbb.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\RLVKNLG.EXE -boot
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Scanner Detector.lnk = C:\Program Files\ScanSuite\SDetect.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart...oad/XUpload.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pcwab.ab.motive.com/wizlet/atlantic...wActiveXCab.CAB
O16 - DPF: {8AB662FD-CFE0-4D68-96B8-128AFA3C68A6} (CPrtTmpControl Object) - http://eshare.hpphot...nload/setup.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://www.samsphoto...ploadClient.cab
Page 1 of 1
- Join to reply or start a new topic
-
This topic is locked
Can't rid my computer of Trojan Horse Pakes [CLOSED]
#1
- New Member
-
- Group: Member
- Posts: 4
- Joined: 12-October 05
- Operating System:Windows 98
Posted 15 October 2005 - 01:50 AM
#2
- Visiting Staff
-
- Group: Visiting Consultant
- Posts: 528
- Joined: 25-April 05
- Operating System:Xp home, Kubuntu linux
Posted 17 October 2005 - 12:00 PM
Welcome to G2G forums. Sorry it has taken a while to get back to you but we are very busy currently.
Thanks for being so patient.
You need to save this response as a notepade or word document on your desktop for use later when we go into safe mode(no internet access).
I also suggest you print out this response for easy use as well
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.
Please download QooFix9x and save it to your desktop. Do NOT run it yet.
Scan with HijackThis again and place a check next to these items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4D89FD2D-0ABB-BF3C-30E7-1ED12E920BF3} - C:\WINDOWS\Nymspnea.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\SYSTEM\HSIJYGK.DLL (file missing)
O2 - BHO: SDWin32 Class - {B2BB2960-CD23-11D9-A6E3-0080AD74888E} - C:\WINDOWS\SYSTEM\YZVTY.DLL (file missing)
O2 - BHO: (no name) - {5AFE26E4-85E8-155F-2095-56BBE8B72F2C} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: Search - {5A64AD8A-2A68-957A-1325-C3C464194F98} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [ka7t5vbb] C:\WINDOWS\SYSTEM\ka7t5vbb.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\RLVKNLG.EXE -boot
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pcwab.ab.moti...wActiveXCab.CAB
Close all other windows except HijackThis, and hit Fix Checked
To make sure you can see all hidden files, please follow the directions here
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Navigate to the following files/folders and delete these:
C:\WINDOWS\SYSTEM\ka7t5vbb.exe
C:\WINDOWS\CFGMGR52.DLL
C:\WINDOWS\RLVKNLG.EXE
C:\Program Files\Common Files\mc-58-12-0000079-d.exe
Now please double-click QooFix9x.exe(you downloaded it earlier) and unzip it to the desktop. Open the QooFix9x folder on your desktop and run RunThis.bat. If you get a warning about running MS-DOS programs in Safe Mode, please just click OK to continue. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the QooFix9x folder.
Thanks,
Lovethepirk
Thanks for being so patient.
You need to save this response as a notepade or word document on your desktop for use later when we go into safe mode(no internet access).
I also suggest you print out this response for easy use as well
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.
Please download QooFix9x and save it to your desktop. Do NOT run it yet.
Scan with HijackThis again and place a check next to these items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4D89FD2D-0ABB-BF3C-30E7-1ED12E920BF3} - C:\WINDOWS\Nymspnea.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\SYSTEM\HSIJYGK.DLL (file missing)
O2 - BHO: SDWin32 Class - {B2BB2960-CD23-11D9-A6E3-0080AD74888E} - C:\WINDOWS\SYSTEM\YZVTY.DLL (file missing)
O2 - BHO: (no name) - {5AFE26E4-85E8-155F-2095-56BBE8B72F2C} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: Search - {5A64AD8A-2A68-957A-1325-C3C464194F98} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [ka7t5vbb] C:\WINDOWS\SYSTEM\ka7t5vbb.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\RLVKNLG.EXE -boot
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pcwab.ab.moti...wActiveXCab.CAB
Close all other windows except HijackThis, and hit Fix Checked
To make sure you can see all hidden files, please follow the directions here
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Navigate to the following files/folders and delete these:
C:\WINDOWS\SYSTEM\ka7t5vbb.exe
C:\WINDOWS\CFGMGR52.DLL
C:\WINDOWS\RLVKNLG.EXE
C:\Program Files\Common Files\mc-58-12-0000079-d.exe
Now please double-click QooFix9x.exe(you downloaded it earlier) and unzip it to the desktop. Open the QooFix9x folder on your desktop and run RunThis.bat. If you get a warning about running MS-DOS programs in Safe Mode, please just click OK to continue. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the QooFix9x folder.
Thanks,
Lovethepirk
#3
- New Member
-
- Group: Member
- Posts: 4
- Joined: 12-October 05
- Operating System:Windows 98
Posted 25 October 2005 - 06:33 PM
lovethepirk, on Oct 17 2005, 12:00 PM, said:
Welcome to G2G forums. Sorry it has taken a while to get back to you but we are very busy currently.
Thanks for being so patient.
You need to save this response as a notepade or word document on your desktop for use later when we go into safe mode(no internet access).
I also suggest you print out this response for easy use as well
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.
Please download QooFix9x and save it to your desktop. Do NOT run it yet.
Scan with HijackThis again and place a check next to these items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4D89FD2D-0ABB-BF3C-30E7-1ED12E920BF3} - C:\WINDOWS\Nymspnea.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\SYSTEM\HSIJYGK.DLL (file missing)
O2 - BHO: SDWin32 Class - {B2BB2960-CD23-11D9-A6E3-0080AD74888E} - C:\WINDOWS\SYSTEM\YZVTY.DLL (file missing)
O2 - BHO: (no name) - {5AFE26E4-85E8-155F-2095-56BBE8B72F2C} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: Search - {5A64AD8A-2A68-957A-1325-C3C464194F98} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [ka7t5vbb] C:\WINDOWS\SYSTEM\ka7t5vbb.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\RLVKNLG.EXE -boot
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pcwab.ab.moti...wActiveXCab.CAB
Close all other windows except HijackThis, and hit Fix Checked
To make sure you can see all hidden files, please follow the directions here
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Navigate to the following files/folders and delete these:
C:\WINDOWS\SYSTEM\ka7t5vbb.exe
C:\WINDOWS\CFGMGR52.DLL
C:\WINDOWS\RLVKNLG.EXE
C:\Program Files\Common Files\mc-58-12-0000079-d.exe
Now please double-click QooFix9x.exe(you downloaded it earlier) and unzip it to the desktop. Open the QooFix9x folder on your desktop and run RunThis.bat. If you get a warning about running MS-DOS programs in Safe Mode, please just click OK to continue. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the QooFix9x folder.
Thanks,
Lovethepirk
Thanks for being so patient.
You need to save this response as a notepade or word document on your desktop for use later when we go into safe mode(no internet access).
I also suggest you print out this response for easy use as well
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.
Please download QooFix9x and save it to your desktop. Do NOT run it yet.
Scan with HijackThis again and place a check next to these items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4D89FD2D-0ABB-BF3C-30E7-1ED12E920BF3} - C:\WINDOWS\Nymspnea.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\SYSTEM\HSIJYGK.DLL (file missing)
O2 - BHO: SDWin32 Class - {B2BB2960-CD23-11D9-A6E3-0080AD74888E} - C:\WINDOWS\SYSTEM\YZVTY.DLL (file missing)
O2 - BHO: (no name) - {5AFE26E4-85E8-155F-2095-56BBE8B72F2C} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: Search - {5A64AD8A-2A68-957A-1325-C3C464194F98} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [ka7t5vbb] C:\WINDOWS\SYSTEM\ka7t5vbb.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\RLVKNLG.EXE -boot
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pcwab.ab.moti...wActiveXCab.CAB
Close all other windows except HijackThis, and hit Fix Checked
To make sure you can see all hidden files, please follow the directions here
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Navigate to the following files/folders and delete these:
C:\WINDOWS\SYSTEM\ka7t5vbb.exe
C:\WINDOWS\CFGMGR52.DLL
C:\WINDOWS\RLVKNLG.EXE
C:\Program Files\Common Files\mc-58-12-0000079-d.exe
Now please double-click QooFix9x.exe(you downloaded it earlier) and unzip it to the desktop. Open the QooFix9x folder on your desktop and run RunThis.bat. If you get a warning about running MS-DOS programs in Safe Mode, please just click OK to continue. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the QooFix9x folder.
Thanks,
Lovethepirk
#4
- New Member
-
- Group: Member
- Posts: 4
- Joined: 12-October 05
- Operating System:Windows 98
Posted 25 October 2005 - 06:35 PM
lovethepirk, on Oct 17 2005, 12:00 PM, said:
Welcome to G2G forums. Sorry it has taken a while to get back to you but we are very busy currently.
Thanks for being so patient.
You need to save this response as a notepade or word document on your desktop for use later when we go into safe mode(no internet access).
I also suggest you print out this response for easy use as well
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.
Please download QooFix9x and save it to your desktop. Do NOT run it yet.
Scan with HijackThis again and place a check next to these items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4D89FD2D-0ABB-BF3C-30E7-1ED12E920BF3} - C:\WINDOWS\Nymspnea.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\SYSTEM\HSIJYGK.DLL (file missing)
O2 - BHO: SDWin32 Class - {B2BB2960-CD23-11D9-A6E3-0080AD74888E} - C:\WINDOWS\SYSTEM\YZVTY.DLL (file missing)
O2 - BHO: (no name) - {5AFE26E4-85E8-155F-2095-56BBE8B72F2C} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: Search - {5A64AD8A-2A68-957A-1325-C3C464194F98} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [ka7t5vbb] C:\WINDOWS\SYSTEM\ka7t5vbb.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\RLVKNLG.EXE -boot
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pcwab.ab.moti...wActiveXCab.CAB
Close all other windows except HijackThis, and hit Fix Checked
To make sure you can see all hidden files, please follow the directions here
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Navigate to the following files/folders and delete these:
C:\WINDOWS\SYSTEM\ka7t5vbb.exe
C:\WINDOWS\CFGMGR52.DLL
C:\WINDOWS\RLVKNLG.EXE
C:\Program Files\Common Files\mc-58-12-0000079-d.exe
Now please double-click QooFix9x.exe(you downloaded it earlier) and unzip it to the desktop. Open the QooFix9x folder on your desktop and run RunThis.bat. If you get a warning about running MS-DOS programs in Safe Mode, please just click OK to continue. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the QooFix9x folder.
Thanks,
Lovethepirk
Thanks for being so patient.
You need to save this response as a notepade or word document on your desktop for use later when we go into safe mode(no internet access).
I also suggest you print out this response for easy use as well
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.
Please download QooFix9x and save it to your desktop. Do NOT run it yet.
Scan with HijackThis again and place a check next to these items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4D89FD2D-0ABB-BF3C-30E7-1ED12E920BF3} - C:\WINDOWS\Nymspnea.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\SYSTEM\HSIJYGK.DLL (file missing)
O2 - BHO: SDWin32 Class - {B2BB2960-CD23-11D9-A6E3-0080AD74888E} - C:\WINDOWS\SYSTEM\YZVTY.DLL (file missing)
O2 - BHO: (no name) - {5AFE26E4-85E8-155F-2095-56BBE8B72F2C} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: Search - {5A64AD8A-2A68-957A-1325-C3C464194F98} - C:\WINDOWS\Nymspnea.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [ka7t5vbb] C:\WINDOWS\SYSTEM\ka7t5vbb.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\RLVKNLG.EXE -boot
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pcwab.ab.moti...wActiveXCab.CAB
Close all other windows except HijackThis, and hit Fix Checked
To make sure you can see all hidden files, please follow the directions here
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Navigate to the following files/folders and delete these:
C:\WINDOWS\SYSTEM\ka7t5vbb.exe
C:\WINDOWS\CFGMGR52.DLL
C:\WINDOWS\RLVKNLG.EXE
C:\Program Files\Common Files\mc-58-12-0000079-d.exe
Now please double-click QooFix9x.exe(you downloaded it earlier) and unzip it to the desktop. Open the QooFix9x folder on your desktop and run RunThis.bat. If you get a warning about running MS-DOS programs in Safe Mode, please just click OK to continue. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the QooFix9x folder.
Thanks,
Lovethepirk
Attached File(s)
-
log.txt (430bytes)
Number of downloads: 57
#5
- Visiting Staff
-
- Group: Visiting Consultant
- Posts: 528
- Joined: 25-April 05
- Operating System:Xp home, Kubuntu linux
Posted 25 October 2005 - 07:49 PM
Baronnep,
Could you please post a new HJT log for us to look at.
Please copy and paste it into this thread instead of attaching it
Thanks,
Lovethepirk
Could you please post a new HJT log for us to look at.
Please copy and paste it into this thread instead of attaching it
Thanks,
Lovethepirk
#6
- Visiting Staff
-
- Group: Visiting Consultant
- Posts: 528
- Joined: 25-April 05
- Operating System:Xp home, Kubuntu linux
Posted 25 November 2005 - 07:59 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Share this topic:
Page 1 of 1
- Join to reply or start a new topic
-
This topic is locked
