Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - Dominix - Friend Elite 98


  • Please log in to reply
2 replies to this topic

#1 Dominix

Dominix

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 12 January 2005 - 01:05 PM

Logfile of HijackThis v1.99.0
Scan saved at 1:00:18 PM, on 1/12/05
Platform: Windows 98 SE (Win9x 4.10.1998A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WLAN\802.11 WIRELESS LAN\WLANMONITOR.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...=consumer&i=enu
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGRAB.DLL
O2 - BHO: SDWin32 Class - {7AABF0A0-4FAF-11D9-9D64-000D2F014915} - C:\WINDOWS\SYSTEM\SDPFJ.DLL (file missing)
O2 - BHO: SDWin32 Class - {C2B12280-4FAF-11D9-9D64-000D2F014915} - C:\WINDOWS\SYSTEM\NWREM.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - Startup: Configuration & Monitor Utility.lnk = C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {B52058E9-B6DD-11D3-AFDC-005004A74E81} (qqRegister Control) - http://www.qqonline.com/web/webupdates/qqRegister.ocx
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab

---

It is a win98 machine that had systb.dll adware.ieplugin on it. I cleaned that with symantec's fxplgn.exe. But it still gets popups with sites like google that aren't suppose to get popups. Also it is connected to Roadrunner broadband and after a few minutes the connection bogs down till no page will load. Any help is much needed. Both adaware and spybot show clean scans and it has all critical updates.

BC AdBot (Login to Remove)

 


m

#2 Dominix

Dominix
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 13 January 2005 - 12:12 AM

Here is a bit more info:
This computer is hooked to a wireless lan. When this ones internet access bogs down it can still access the network shares and network printer. The other 2 machines have no trouble with the net connection. I switch wireless adapters around with no difference in activity.

Shortly after posting the first time, systb.dll came back. The only sites I've visited since removing it the first time are: google, cnn, boortz, townhall, sayanythingblog, bleepingcomputer, llic and bbandt.

This computer has AVG antivirus, Ad-Aware, Spybot S&D and SpyWareBlaster installed, up to date and running on it. It had Zone Alarm untill I uninstalled it earlier (to make sure it wasn't cutting off internet access).

I also uninstall IE6 rebooted and then re-installed IE6 to make sure it wasn't causing the trouble (it was having trouble with security certificates).

I've cleaned the temp folders and browsed through the drive for files and folders that I know don't belong.

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:28 PM

Posted 15 January 2005 - 05:03 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGRAB.DLL
O2 - BHO: SDWin32 Class - {7AABF0A0-4FAF-11D9-9D64-000D2F014915} - C:\WINDOWS\SYSTEM\SDPFJ.DLL (file missing)
O2 - BHO: SDWin32 Class - {C2B12280-4FAF-11D9-9D64-000D2F014915} - C:\WINDOWS\SYSTEM\NWREM.DLL
O16 - DPF: {B52058E9-B6DD-11D3-AFDC-005004A74E81} (qqRegister Control) - http://www.qqonline.com/web/webupdates/qqRegister.ocx

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\BTGRAB.DLL
C:\WINDOWS\SYSTEM\NWREM.DLL

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users