Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware And Adware- Can Someone Look At The Hijack This Logfile?


  • Please log in to reply
1 reply to this topic

#1 Eliza26

Eliza26

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 21 December 2005 - 10:15 PM

The internet is running really slow (Windows 98). I downloaded Ad-Aware and there were about 2600 entries for spyware and adware. So I downloaded Spybot as well and it came up with more entries. Whenever I press Ctrl+Slt+Del it has some strange programs running on startup like In-svr, Devdetect. I'm sure that the computer must still have hidden things on there, could someone take a look at the Hijack-this logfile and tell me what I should delete?

Thanks so much....

Logfile of HijackThis v1.99.1
Scan saved at 12:55:04 PM, on 22/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPFW.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\UNZIPPED\HIJACKTHIS[2]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=2326
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {D41EC740-84BA-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\3DCR.DLL (file missing)
O2 - BHO: (no name) - {56DD5FA0-84C2-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\DPWSOSCKX.DLL (file missing)
O2 - BHO: (no name) - {1F36DD60-858A-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\MTMXDM.DLL (file missing)
O2 - BHO: (no name) - {D32E7480-8612-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\TXENROLL.DLL (file missing)
O2 - BHO: (no name) - {9F4666A0-8626-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\VDODREC32.DLL (file missing)
O2 - BHO: (no name) - {3E09F380-8643-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\QCUBT.DLL (file missing)
O2 - BHO: (no name) - {977FE540-86DF-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\SHEBLL32.DLL (file missing)
O2 - BHO: (no name) - {A7877440-86E3-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\DSKAPIE16.DLL (file missing)
O2 - BHO: (no name) - {7BA173A0-870E-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\SVROAPI.DLL (file missing)
O2 - BHO: (no name) - {D9B22BC0-87C1-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\RASAPDI32.DLL (file missing)
O2 - BHO: (no name) - {9BD592A0-87C2-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\YMSHTML.DLL (file missing)
O2 - BHO: (no name) - {816A5BA0-8897-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\SHJFOLDER.DLL (file missing)
O2 - BHO: (no name) - {45980D00-893E-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\LCLUSALGO.DLL (file missing)
O2 - BHO: (no name) - {283DFD00-8A1F-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\ICMFYILTER.DLL (file missing)
O2 - BHO: (no name) - {F0304920-8B15-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\RICHTED20.DLL (file missing)
O2 - BHO: (no name) - {1DB70AE0-8C7F-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\INETCPBLC.DLL (file missing)
O2 - BHO: (no name) - {341D4440-8C82-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\ESTIFER2.DLL (file missing)
O2 - BHO: (no name) - {86DD7C20-8C89-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\BRROWSELC.DLL (file missing)
O2 - BHO: (no name) - {A1AE2000-8D46-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\IEDKCSS32.DLL (file missing)
O2 - BHO: (no name) - {035ACBE0-8EB0-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\CVRT16.DLL (file missing)
O2 - BHO: (no name) - {886B91A0-9128-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\ODBICTRAC.DLL (file missing)
O2 - BHO: (no name) - {25640180-9521-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\NTRDLL.DLL (file missing)
O2 - BHO: (no name) - {CC0A8DA0-9522-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\MSMIXOMGR.DLL (file missing)
O2 - BHO: (no name) - {FC76C3C0-9525-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\DDEXML.DLL (file missing)
O2 - BHO: (no name) - {FCD1CA20-9527-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\INFRTARED.DLL (file missing)
O2 - BHO: (no name) - {B9C9FEC0-9543-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\PIMM32.DLL (file missing)
O2 - BHO: (no name) - {8C319F60-9780-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\NVIPNST32.DLL (file missing)
O2 - BHO: (no name) - {766976A0-9931-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\PANMTAP.DLL (file missing)
O2 - BHO: (no name) - {BF8664A0-9932-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\EQMGRPRXY.DLL (file missing)
O2 - BHO: (no name) - {119BE4E0-99FB-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\ODBCCSTF.DLL (file missing)
O2 - BHO: (no name) - {9CCA1060-9CED-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\OLESVWR32.DLL (file missing)
O2 - BHO: (no name) - {2C111680-A043-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\IR32S_32.DLL (file missing)
O2 - BHO: (no name) - {C694CD00-A0F2-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\COMMDLWG.DLL (file missing)
O2 - BHO: (no name) - {563E5BC0-A1A6-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\EDX3J.DLL (file missing)
O2 - BHO: (no name) - {1B8D1FE0-A1D1-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\SENDSMAIL.DLL (file missing)
O2 - BHO: (no name) - {4840B0E0-A660-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\PKPD3B2.DLL (file missing)
O2 - BHO: (no name) - {C65766E0-A679-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\OCRYPTEXT.DLL (file missing)
O2 - BHO: (no name) - {74D66380-A727-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\ODFOX3F2.DLL (file missing)
O2 - BHO: (no name) - {77BCE300-A766-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\QMGDR.DLL (file missing)
O2 - BHO: (no name) - {0D35AD20-A8B8-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\FRNAPH.DLL (file missing)
O2 - BHO: (no name) - {DDE26580-AA7F-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\AMVICAP.DLL (file missing)
O2 - BHO: (no name) - {6E0DABA0-ACD9-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\PIPARSAE.DLL (file missing)
O2 - BHO: (no name) - {3C800320-ACDA-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\ODEXLE32.DLL (file missing)
O2 - BHO: (no name) - {84F69F00-ACDB-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\JANVACYPT.DLL (file missing)
O2 - BHO: (no name) - {84ED4EC0-AFD1-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\SYQSDETMG.DLL (file missing)
O2 - BHO: (no name) - {38BECC00-B7C8-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\MPSNSSPC.DLL (file missing)
O2 - BHO: (no name) - {83C0D0C0-BBC6-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\MSRECR4Y0.DLL (file missing)
O2 - BHO: (no name) - {60C27EA0-BC59-11D8-8E20-444553540000} - C:\WINDOWS\SYSTEM\MSJINT4I0.DLL (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: GoogleCatch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - C:\PROGRAM FILES\2SEARCH\2SEARCH.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-AU\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [ecc] C:\Program Files\Telstra\BigPond Assist\assist.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-au\msnappau.exe"
O4 - HKLM\..\Run: [IMprocess] C:\PROGRAM FILES\IM NAMES\IM-SVR.exe
O4 - HKLM\..\Run: [2Search] C:\PROGRAM FILES\2SEARCH\MAIN.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [gqCq5] C:\MPKMCXJ.EXE
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [YoqtRXdpU] CJSTP.EXE
O4 - HKCU\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [YoqtRXdpU] CJSTP.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\WINDOWS\TEMP\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au

BC AdBot (Login to Remove)

 


m

#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 22 December 2005 - 09:36 PM

98 fixes are trouble as many programs are written for W2K/XP

DownLoad http://www.intermute.com/spysubtract/cwshr...r_download.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"

Fix these with HJT – mark them, close IE, click fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=2326

Fix all of the O2 file missing entries

O4 - HKLM\..\Run: [IMprocess] C:\PROGRAM FILES\IM NAMES\IM-SVR.exe

O4 - HKLM\..\Run: [2Search] C:\PROGRAM FILES\2SEARCH\MAIN.EXE

O4 - HKLM\..\Run: [gqCq5] C:\MPKMCXJ.EXE

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKCU\..\Run: [YoqtRXdpU] CJSTP.EXE

O4 - HKCU\..\RunServices: [YoqtRXdpU] CJSTP.EXE

O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\WINDOWS\TEMP\~DlfnTmp0\imgSizer.ocx

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\PROGRAM FILES\IM NAMES
C:\PROGRAM FILES\2SEARCH
C:\MPKMCXJ.EXE
C:\Program Files\SurfAccuracy

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users