Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • Please log in to reply
1 reply to this topic

#1 ticomaster

ticomaster

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:San Jose, Costa Rica
  • Local time:07:23 AM

Posted 30 August 2005 - 03:55 PM

Logfile of HijackThis v1.99.1
Scan saved at 01:40:47 p.m., on 30/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\SOFTWARE\ANTIVIRUS\AVGCC.EXE
C:\SOFTWARE\ANTIVIRUS\AVGEMC.EXE
C:\SOFTWARE\ANTIVIRUS\AVGAMSVR.EXE
C:\ARCHIVOS DE PROGRAMA\A-DATA\USB FLASH DISK UTILITY\PLBKMON.EXE
C:\SOFTWARE\INTERNET\SPYBOT\TEATIMER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\LINKS\HIJACK\HIJACKTHIS.EXE
C:\ARCHIVOS DE PROGRAMA\ARES LITE EDITION\ARESLITE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...ie5update&O1=b1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.cr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.4.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://ivanmadrigal.freestoreclub.com"); (C:\Archivos de programa\Netscape\Users\imadrigal\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Software\Internet\Spybot\SDHelper.dll
O2 - BHO: (no name) - {EBB47F0A-194A-11DA-A247-0007F8EF7206} - C:\WINDOWS\SYSTEM\FIBK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HP CD-DVD] C:\Hardware\Cdwriter\Hpcdw\Umbrella\hpcdtray.exe
O4 - HKLM\..\Run: [PowerDVD] C:\SOFTWARE\MULTIMEDIA\POWERDVD\POWERDVD.EXE /autostart
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\Software\Norton AntiVirus\NAVAPW32.exe /LOADQUIET
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\SOFTWARE\ANTIVI~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\SOFTWARE\ANTIVI~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\SOFTWARE\ANTIVI~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Archivos de programa\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSSVC] "C:\WINDOWS\SYSTEM\svcsys.exe" 8192
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Software\Internet\Spybot\TeaTimer.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\SOFTWARE\INTERNET\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\SOFTWARE\INTERNET\DOWNLOAD\GETRIGHT\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\SOFTWARE\INTERNET\DOWNLOAD\GETRIGHT\GRbrowse.htm
O12 - Plugin for .m3u: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O18 - Filter: text/html - {EBB47F09-194A-11DA-A247-0007083DEC71} - C:\WINDOWS\SYSTEM\FIBK.DLL
O18 - Filter: text/plain - {EBB47F09-194A-11DA-A247-0007083DEC71} - C:\WINDOWS\SYSTEM\FIBK.DLL
O19 - User stylesheet: (file missing)

--END--

BC AdBot (Login to Remove)

 


#2 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:23 AM

Posted 02 September 2005 - 10:57 AM

Hello and Welcome at Bleepingcomputer.com

Download CleanUp!.
If that doesn’t work, use this link.
Don't run the program, we'll do that later.


*Download Killbox.
*Extract the program to your desktop, but do not run it yet


Start Hijack This and put a check at the following lines

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...ie5update&O1=b1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {EBB47F0A-194A-11DA-A247-0007F8EF7206} - C:\WINDOWS\SYSTEM\FIBK.DLL

O4 - HKCU\..\Run: [MSSVC] "C:\WINDOWS\SYSTEM\svcsys.exe" 8192

O18 - Filter: text/html - {EBB47F09-194A-11DA-A247-0007083DEC71} - C:\WINDOWS\SYSTEM\FIBK.DLL

O18 - Filter: text/plain - {EBB47F09-194A-11DA-A247-0007083DEC71} - C:\WINDOWS\SYSTEM\FIBK.DLL

O19 - User stylesheet: (file missing)

Now click Fix checked
And close hijack this


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Once it's done, close the program it might ask you log out or restart but don’t do that yet, click NO we got one more thing to do


***
Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\SYSTEM\FIBK.DLL
C:\WINDOWS\SYSTEM\svcsys.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

After the reboot

Make and post a fresh Hijack This log and tell me how your computer is running now

Edited by perculator, 02 September 2005 - 10:58 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users