Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log: Please help diagnose


  • Please log in to reply
19 replies to this topic

#1 slay77

slay77

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 23 January 2005 - 12:01 AM

Logfile of HijackThis v1.99.0
Scan saved at 10:54:28 PM, on 1/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: (no name) - {D11074A1-653C-11D9-A1EC-00100350B3B4} - C:\WINDOWS\SYSTEM\BKCFF.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [SAClient] "C:\PROGRAM FILES\INSIGHT\BBCLIENT\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KPF4] c:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER\REGCLEAN.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER COMPANION\PSCOMP.EXE"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O18 - Filter: text/html - {85EB336C-6BA5-11D9-A1EC-001002362922} - C:\WINDOWS\SYSTEM\BKCFF.DLL
O18 - Filter: text/plain - {85EB336C-6BA5-11D9-A1EC-001002362922} - C:\WINDOWS\SYSTEM\BKCFF.DLL

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:09 PM

Posted 23 January 2005 - 01:40 AM

Please follow these steps:

Step 1:

1. Click on Start, then Run and type msinfo32 and press the OK button.
2. Expand the Software Environment section.
3. Expand the System Hooks Section.
4. Look for the which may be listed As:

-Hook type: Window Procedure
-Hooked by: XXXXX.dll
-Application: RUNDLL32.EXE
-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll
-Application path: C:\WINDOWS\RUNDLL32.EXE

Where XXXXX..dll is the file name.

If you find that file, highlight it with your mouse and click on edit then copy to copy the filename.

Then post that filename with the information in the next step in a reply to this post.

5. Continue to Step 2.

Step 2:

1. Download: "StartDreck" from:

http://www.niksoft.at/download/startdreck.htm

2. Extract the file into c:\startdreck.

3. Navigate to c:\startdreck and double-click on Startdreck.exe

4. When the program opens click on the Config button.

5. Then click on the unmark all button.

6. Then put checkmarks in the following checkboxes:

Under Registry put a checkmark in the Run Keys checkbox.

Under System/Drivers put a check in the Running Proccess checkbox.

7. Press the OK button.

8. Press the Save button. Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from. If you choose the defaults the filename for the log will be StartDreck.log.

9. Post a copy of the log as a reply to this post.

#3 slay77

slay77
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 23 January 2005 - 02:34 PM

After expanding the system hooks section, It says "There are no items to display in this category"

#4 slay77

slay77
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 23 January 2005 - 09:53 PM

Actually, there is no + sign next to the system hooks section, so it cannot be expanded. The message that I mentioned appears if I double-click on the actual words.

Any help would be much appreciated.

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:09 PM

Posted 23 January 2005 - 10:51 PM

Continue with the startdreck log

#6 slay77

slay77
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 24 January 2005 - 07:44 AM

You're gonna have to forgive my ignorance, but after downloading startdreck, it asks me what program I want to use to open it with. None of them seem to work. I tried saving it to a file, and I tried opening it from the current location, but I can't seem to get it open. Sorry, I'm not very good at this sort of thing. I also don't know how to extract files. I need help please. :thumbsup:

#7 slay77

slay77
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 24 January 2005 - 07:09 PM

Can someone help me please? I just wanted to make sure this thread wasn't forgotten. I realize there are alot of people that need help, so just reply whenever you have time.

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:09 PM

Posted 24 January 2005 - 11:16 PM

You were not forgotten, just I was somewhat busy today.

To open it you will need a program called winzip. Goto http://www.winzip.com and download the evaluation version. Install it one it is downloaded. Thendouble-click on startdreck and agree to use winzip as an evaluation. Then extract the files to c:\startdreck and run it form there

#9 slay77

slay77
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 25 January 2005 - 08:49 AM

After saving the startdreck log, I tried to open the file that it was saved to and got the following error message........

"Cannot find the file 'C:/unzipped/startdreck[1]/Startdreck.txt'(or one of its components). Make sure the path and filename are correct and that all required libraries are available."

Everything went OK until that.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:09 PM

Posted 25 January 2005 - 09:19 AM

Run it again and save the log on your desktop so you can find it after. Then close all the programs and open the log saved on your desktop and paste its contents here

#11 slay77

slay77
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 25 January 2005 - 12:42 PM

It still isn't working. What do I have to type in the space provided when it asks me where to save it? Everything I type in just becomes the file name, not the location. Then it just goes into the same folder as the other one I can't open. I can't get it to save to my desktop.

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:09 PM

Posted 25 January 2005 - 04:17 PM

It should have a filename field when you save it. Make the filename c:\log.txt

Then open c:\log.txt by double-clicking on it

#13 slay77

slay77
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 26 January 2005 - 07:41 AM

When I try to open it, it still gives me the same error message I mentioned earlier.
:thumbsup:

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:09 PM

Posted 26 January 2005 - 09:20 AM

I am not sure whats happening. Can you attach the log in your next reply. At the bottom of the new reply screen you will see a section that will allow you to attach a file

#15 slay77

slay77
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 26 January 2005 - 07:37 PM

OK, I attached it below. Hope it works.

Attached Files

  • Attached File  log.txt   3.73KB   19 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users