Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt - Georgep


  • This topic is locked This topic is locked
3 replies to this topic

#1 GEORGEP

GEORGEP

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 31 October 2005 - 11:28 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:51:41 PM, on 10/31/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
C:\WINDOWS\SYSTEM\INTEL32.EXE
C:\WINDOWS\SYSTEM\ICASSERV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SYSVCS.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1130813304\EE\SERVICES\ANTISPYWAREAPP\VER2_0_7\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1130813304\EE\AOLHOSTMANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1130813304\EE\AOLSERVICEHOST.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1130813304\EE\AOLSERVICEHOST.EXE
C:\PROGRAM FILES\JASC SOFTWARE INC\PAINT SHOP PRO 7\PSP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Fizzlebar.clsFwBar - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - C:\SYSFWB\2523433727\IEFWBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\2.BIN\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {03EF22E1-4A25-11DA-A856-0010A86B39A6} - C:\WINDOWS\SYSTEM\GLHL.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\SYSTEM\intel32.exe
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\SYSTEM\ICASSERV.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130813304\ee\AOLHostManager.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunOnce: [JetsonsDemise1] COMMAND.COM /c erase C:\WINDOWS\ALLUSE~1\APPLIC~1\AOL\CA_AME~1.0\ASP\AOLSETUP.EXE
O4 - HKLM\..\RunOnce: [JetsonsDemise2] COMMAND.COM /c erase C:\WINDOWS\ALLUSE~1\APPLIC~1\AOL\CA_AME~1.0\ASP\MAIN.INI
O4 - HKLM\..\RunOnce: [JetsonsDemise3] COMMAND.COM /c erase C:\WINDOWS\TEMP\~J20E4.TMP
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\Shared\QFinder7\QFINDER.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk514BAUS
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\Start Menu\Programs\IMVU\Run IMVU.lnk
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.4.49/jumb...e-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.34/spid...r-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.4.64/flin...r-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.3.4.64/cana...a-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/mlsl...s-ob-assets.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/Me...bridge-c420.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.3.27/turb...1-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.3.27/euch...e-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.0.34/swee...h-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.3.3.38/popp...2-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.3.38/back...n-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.4.49/sque...s-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.41/peng...s-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.48/crib...e-ob-assets.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O18 - Filter: text/html - {03EF22E0-4A25-11DA-A856-0010C7279C3D} - C:\WINDOWS\SYSTEM\GLHL.DLL
O18 - Filter: text/plain - {03EF22E0-4A25-11DA-A856-0010C7279C3D} - C:\WINDOWS\SYSTEM\GLHL.DLL
O21 - SSODL: BXEvWzbgIPlD - {392A19E6-9380-B34C-FB81-0AAC662B0FC5} - C:\WINDOWS\SYSTEM\FWG.DLL

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:47 AM

Posted 01 November 2005 - 06:38 PM

Welcome to Bleeping! :thumbsup:

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was

*Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWShredder.exe

* Download 'SpSeHjfix'. to the desktop and then
right click a blank part of desktop & select new folder, call it spfix and unzip the file into that folder

*Download about:Buster from:
http://www.majorgeeks.com/download4289.html
Double click aboutbuster.exe, click Update, click OK
DO NOT RUN IT YET!

*Close ALL OPEN PROGRAMS.

*Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

* Now run the Shredder - Hit The FIX button!

* Now run about buster, click start, then exit when finished.

* Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.

David

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:47 AM

Posted 06 November 2005 - 07:07 AM

Hi there :thumbsup:

Whilst we appreciate you may be busy, we haven't heard from you for a while. You haven't answered the reply i have posted.

This message is just a bump, to remind you that i am helping you - if no answer is given in a few more days, the topic will be closed.

Thanks very much for understanding

David

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:47 AM

Posted 09 November 2005 - 01:19 PM

Due to the lack of feedback, I will close this thread. :thumbsup:

If you want to thread to be re-opened at any point, please PM me or any other staff with a link to it!

If anyone else is reading this with a similar problem that you would like help with, please post it in a new thread in the security section!

:flowers: David :trumpet:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users