Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log for dave_gp


  • This topic is locked This topic is locked
2 replies to this topic

#1 dave_gp

dave_gp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 15 August 2005 - 04:41 PM

//Mod edit: This log split away from thread here
http://www.bleepingcomputer.com/forums/htt...nexe-t5825.html


here is my logfile, i have the same problem


Logfile of HijackThis v1.99.1
Scan saved at 04:39:27 p.m., on 15/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\PCSUITE\DATALAYER\DATALAYER.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\NOKIA\TOOLS\NCLTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\PCSUITE\SERVICES\SERVICELAYER.EXE
C:\ARCHIVOS DE PROGRAMA\WINAMP\WINAMP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARCHIVOS DE PROGRAMA\DAP\DAP.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\ARCHIVOS DE PROGRAMA\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F1 - win.ini: run=hpfsched
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O2 - BHO: (no name) - {0388EC16-BA98-416f-9D9B-B9A031E427AF} - C:\WINDOWS\SYSTEM\ymlp3psdiybf0e.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\ARCHIVOS DE PROGRAMA\DAP\DAPIEBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE c:\windows\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rund

ll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [DataLayer] c:\Archivos de programa\Archivos comunes\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] c:\Archivos de programa\Archivos comunes\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [FX] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELOADER.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MsnMsgr] "c:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Startup: BlueSoleil.lnk = C:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\WINDOWS\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\WINDOWS\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\WINDOWS\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: &Download with &DAP - C:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\ARCHIV~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARCHIV~1\DAP\DAP.EXE
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

//Mod edit: Following updated log was received via PM

Logfile of HijackThis v1.99.1
Scan saved at 08:03:00 p.m., on 18/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\PCSUITE\DATALAYER\DATALAYER.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\NOKIA\TOOLS\NCLTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\PCSUITE\SERVICES\SERVICELAYER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARCHIVOS DE PROGRAMA\DAP\DAP.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARCHIVOS DE PROGRAMA\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F1 - win.ini: run=hpfsched
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O2 - BHO: (no name) - {0388EC16-BA98-416f-9D9B-B9A031E427AF} - C:\WINDOWS\SYSTEM\ymlp3psdiybf0e.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\ARCHIVOS DE PROGRAMA\DAP\DAPIEBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE c:\windows\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [DataLayer] c:\Archivos de programa\Archivos comunes\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] c:\Archivos de programa\Archivos comunes\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [FX] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELOADER.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MsnMsgr] "c:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Startup: BlueSoleil.lnk = C:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\WINDOWS\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\WINDOWS\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\WINDOWS\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: &Download with &DAP - C:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\ARCHIV~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARCHIV~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://vparivalka.com/G7/chm10.chm::/ieloader.exe

Edited by KoanYorel, 18 August 2005 - 08:17 PM.


BC AdBot (Login to Remove)

 


#2 Joshuacat

Joshuacat

    01001010 01000011


  • Members
  • 1,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:12:23 PM

Posted 18 August 2005 - 08:49 PM

Sorry for the delay, dave_gp.

After reviewing your log I see a few items that require our attention. Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.

1. Please run these two online scans. Make sure they are set to clean automatically:

TrendMicro's HouseCall
ActiveScan <====save the scan log and add it to your reply

You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.


2. Please download/install/configure/update with Spybot Search & Destroy and AdAware.

Follow all the instructions in the following tutorials(Hold off on doing the full scans. We will do these in safe mode.):

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers


3. You need an AntiVirus Program or you will continue to get infected! Please pick between - AVG Anti-Virus Free Edition or Anti-Vir. An anti-virus program is a must have with any computer.

Download/Install/update the selected Anti-virus program as required and run a full scan.

Restart you computer.


4. Start in Safe Mode Using the F8 method:
* Restart the computer.
* As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
* Use the arrow keys to select the Safe Mode menu item.
* Press the Enter key.

If you are having problems, additional instructions on how to do this can be found here: How to start Windows in Safe mode.


5. Perform a full system scan in Ad-aware and Spybot.

Restart your computer.


6. You are using hijackthis from a temporary folder. Temporary folders are cleaned periodically and both the program and it's backups are in danger of being accidently deleted. Please move hijackthis to c:\hjt

Once it is moved, from c:\hjt, double-click on hijackthis.exe and when the window opens, put a checkmark in the box at the bottom that states Don't show this frame again when I start HijackThis.

Then click on the button labeled None of the above, just start the program. You will now be presented with the main HJT screen.
Press the Scan button and then when it is done, the Save Log button. Save this log in c:\hjt, and then copy and paste the contents of the notepad it opens as a reply to this post.

Along with a new HijackThis log, please include the scan log you saved with the Panda ActiveScan.
JC

#3 Joshuacat

Joshuacat

    01001010 01000011


  • Members
  • 1,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:12:23 PM

Posted 05 September 2005 - 02:44 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
JC




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users