Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

malware problems

Started by aga , Nov 16 2005 06:10 AM

  • Please log in to reply

#1
aga
Posted 16 November 2005 - 06:10 AM

aga

    New Member

  • Member
  • Pip
  • 1 posts
It seems I have some malware problem I can't solve: redirections, IE pop-ups... I have done all the scans suggested in the "start here" topic. Please Help!

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:09:16 PM, on 11/16/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\NMSSVC.EXE
C:\PROGRAMMI\COMPAQ\LCRMS\LCRMS.EXE
C:\WINDOWS\CPQALERT.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\WINDOWS\CPQDMI.EXE
C:\PROGRAMMI\COMPAQ\CPQWEBDMI\WEBDMI.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\Tools_95\Register\REMIND.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SMTRAY.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\PROGRAMMI\COMPAQ\COMPAQ EAB SOFTWARE\CPQEK.EXE
C:\PROGRAMMI\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\DESKTOP\MAXTOR\5000_USB\MXOALDR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\CY_BG.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMMI\U.S. ROBOTICS 802.11G WLAN\USRWLANG.EXE
C:\PROGRAMMI\PALM\HOTSYNC.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da VirgilioTin
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exe
O3 - Toolbar: &Virgilio Rapido - {844FC402-F06A-4A47-ACB9-45BDC9721BD1} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\VIRGILIOBANDS187.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &SearchBar - {0494d0d9-f8e0-41ad-92a3-14154ece70ac} - C:\PROGRAMMI\MYWAY\MYBAR\2.BIN\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [cpqek] C:\Programmi\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Programmi\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Programmi\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\DESKTOP\MAXTOR\5000_USB\MXOALDR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NMSSvc] C:\WINDOWS\SYSTEM\NMSSVC.EXE
O4 - HKLM\..\RunServices: [LCRMS] C:\PROGRAMMI\COMPAQ\LCRMS\LCRMS.EXE
O4 - HKLM\..\RunServices: [CPQALERT] CpqAlert.Exe
O4 - HKLM\..\RunServices: [Win32SL] c:\dmi\win32\bin\Win32sl.exe -i -p -r
O4 - HKLM\..\RunServices: [CPQDMI] CPQDMI.EXE
O4 - HKLM\..\RunServices: [CpqWebDmi] C:\Programmi\COMPAQ\CpqWebDMI\WebDmi.Exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\windows\SYSTEM\E_SRCV02.EXE
O4 - Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Programmi\U.S. Robotics 802.11g WLAN\USRWLANG.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Manager HotSync.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMMI\FLASHGET\FLASHGET.EXE (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMMI\FLASHGET\FLASHGET.EXE (file missing)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} (XView Class) - http://software.acti...SFViewerWeb.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...618/mcfscan.cab
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP