Wilders Security Forums  

Go Back   Wilders Security Forums > Browser Hijacks and Spyware Problems > adware, spyware & hijack cleaning
Reload this Page My Hijack this Log, Please help!!
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Spyware Cleaning Section Closed!!
Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services.
 
 
Thread Tools Search this Thread
  #1  
Old May 29th, 2004, 11:25 PM
onesikgypo onesikgypo is offline
Infrequent Poster
  
Join Date: May 2004
Posts: 4
Default My Hijack this Log, Please help!!
hey ive got the coolwebsearch worm on my computer and i saw in another forum that i should post my hijackthis log AFTER i used spybot S&D as well as adaware to find out the problems, i really hope u guys can fix my problem, im startin to get really annoyed....Thanx in advance...by the way, i have used the cws sheredder

My log:

Logfile of HijackThis v1.97.7
Scan saved at 1:25:04 PM, on 5/30/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MATT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {5D16B655-A77F-5B37-A322-51AF0138BD9F} - C:\PROGRAM FILES\GRAM AIM DEFAULT\FIND MAPI.DLL (file missing)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Just Say Aptiva From Gdrive] C:\APTADV\JUSTSAY.EXE -auto
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [grim this] C:\PROGRA~1\MP3OOZ~1\Dart idle load.exe
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [sysmon] C:\WINDOWS\SYSTEM\sysmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Shortcut to haha got u first.lnk = C:\WINDOWS\SYSTEM32\haha got u first.txt
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab27571.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
Last edited by onesikgypo : May 29th, 2004 at 11:29 PM. Reason: i used cws right after i posted this, and it fixed some errors, so heres the new log
  #2  
Old May 30th, 2004, 03:21 AM
dvk01's Avatar
dvk01 dvk01 is offline
Global Moderator
  
Join Date: Oct 2003
Location: Loughton, Essex. UK
Posts: 3,129
Default Re: My Hijack this Log, Please help!!
Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {5D16B655-A77F-5B37-A322-51AF0138BD9F} - C:\PROGRAM FILES\GRAM AIM DEFAULT\FIND MAPI.DLL (file missing)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O4 - HKLM\..\Run: [grim this] C:\PROGRA~1\MP3OOZ~1\Dart idle load.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - Startup: Shortcut to haha got u first.lnk = C:\WINDOWS\SYSTEM32\haha got u first.txt
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -


Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT...01052409420406
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Delete these files
C:\WINDOWS\SYSTEM32\haha got u first.txt

and Delete these folders

C:\PROGRAM FILES\GRAM AIM DEFAULT
C:\PROGRAM FILES\MP3OOZ~1\<<<<< the folder containing >>>>>>>Dart idle load.exe

then go to C:\windows\Temp and select everything in that folder and delete it, except temporary internet files, cookies and history folders

then

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

then
Reboot normally &

then follow this advice
To cure the about:blank CWS hijacker if you are using Windows 98 or ME

First download the following Tools :

Win98Fix from http://www10.brinkster.com/expl0iter...ast/pvtool.htm
StartDreck from http://members.blackbox.net/hp_links...startdreck.htm

unzip them & put them in a folder on the desktop where you can get to them easily

then you need to identify the hidden bad file that is causing the problem, so

DoubleClick: 'StartDreck.exe'
Hit: config
hit: Unmark all
Check these boxes only:
Registry->run keys
System/drivers> Running processes
hit >ok.

Check specifically for this entry in the log :

»Local Machine
»RunServicesOnce
**ozkc=rundll32 C:\WINDOWS\SYSTEM\XXXXX.DLL,StreamingDeviceSetup

Any problems post the log file it makes and we'll identify the file for you

After identifying the dll, proceed with :
open the "Win98Fix. folder that you earlier unzipped &

-DoubleClick on: 'RunFix.reg' file, hit 'yes'
on the prompt!
-Restart computer!
-File should be visible!
-Do 'find files' for dll listed on log, delete.
*Note: Be sure to Save the StartDreck log before, so
you you'd be able to find the file later!
If lost (Since nothing else will find it when not hooked)
Simply run the included: "who.bat", file
will be found & listed
in "Badfile.txt".

It should be located in C:\WINDOWS\SYSTEM\XXXXX.dll

then run cwshredder again and an updated adaware
  #3  
Old May 30th, 2004, 05:31 AM
onesikgypo onesikgypo is offline
Infrequent Poster
  
Join Date: May 2004
Posts: 4
Default Re: My Hijack this Log, Please help!!
hey i wanna firstly say thanx man, i really appreciate it, hopefully there are no more probs:

My Hijackthis Log:

Logfile of HijackThis v1.97.7
Scan saved at 7:25:02 PM, on 5/30/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MATT\HIJACKTHIS.EXE

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Just Say Aptiva From Gdrive] C:\APTADV\JUSTSAY.EXE -auto
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [sysmon] C:\WINDOWS\SYSTEM\sysmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab27571.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab


Now i didnt no if u needed this or not but here it is

StartDreck log:

StartDreck (build 2.1.5 public BETA) - 2004-05-30 @ 19:27:23
Platform: Windows 98 SE (Win 4.10.2222 A)

»Registry
»Run Keys
»Current User
»Run
*Host=
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
»Default User
»Run
*Host=
*msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
»RunOnce
»Local Machine
»Run
*ScanRegistry=c:\windows\scanregw.exe /autorun
*SystemTray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*Just Say Aptiva From Gdrive=C:\APTADV\JUSTSAY.EXE -auto
*Mouse Suite 98 Daemon=PELMICED.EXE
*ZIBMACC=c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
*BigPondCable="C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
*LoadQM=loadqm.exe
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*AEZBProc=c:\ibmtools\aptezbtn\aptezbp.exe
*Norton Auto-Protect=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
*Installed=1
*Installed=1
*NoChange=1
*Installed=1
»RunOnce
*SpybotSnD="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*sysmon=C:\WINDOWS\SYSTEM\sysmon.exe
*SchedulingAgent=mstask.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
*FF0FD74F=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFF80E3=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFF9793=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFFB72B=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFE0593=C:\WINDOWS\SYSTEM\SYSMON.EXE
*FFFE15FF=C:\WINDOWS\SYSTEM\MSTASK.EXE
*FFFE87DB=C:\WINDOWS\EXPLORER.EXE
*FFFD551B=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFFD255F=C:\WINDOWS\SYSTEM\PELMICED.EXE
*FFFD3EC3=C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
*FFFD3DEF=C:\WINDOWS\LOADQM.EXE
*FFFD831B=C:\WINDOWS\SYSTEM\STIMON.EXE
*FFFD8163=C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
*FFFC4127=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
*FFFCC3E7=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
*FFFBE1AF=C:\WINDOWS\SYSTEM\WMIEXE.EXE
*FFFA6F37=C:\WINDOWS\DESKTOP\STARTDRECK.EXE
»Application specific



thanx 4 ur help again, i jus have 1 more query though, for some reason (recently) when im opening programs my computer has been very slow, this is also happenin jus in general with the use of the computer, do u have any suggestions
  #4  
Old May 30th, 2004, 09:03 AM
Pieter_Arntz's Avatar
Pieter_Arntz Pieter_Arntz is offline
Spyware Veteran
  
Join Date: Apr 2002
Location: Netherlands
Posts: 12,727
Default Re: My Hijack this Log, Please help!!
Have HijackThis fix:
O4 - HKLM\..\RunServices: [sysmon] C:\WINDOWS\SYSTEM\sysmon.exe

Then reboot and surf to:
http://www.kaspersky.com/remoteviruschk.html
and upload C:\WINDOWS\SYSTEM\sysmon.exe

Let us know the results. At first I thought it was
http://securityresponse.symantec.com...izex.worm.html
But your Norton should have recognized that (if updated)

Regards,

Pieter
__________________
Regards,

Pieter
It´s nice to be important, but it´s more important to be nice.

It's human to make mistakes. It's even more so to blame the computer for it.
  #5  
Old May 31st, 2004, 06:33 AM
onesikgypo onesikgypo is offline
Infrequent Poster
  
Join Date: May 2004
Posts: 4
Default Re: My Hijack this Log, Please help!!
hey id firstly like 2 say thanx for ur reply, now i did everythin u asked, however when i submitted the file it said it was clean, ill show u the statistics and stuff as well as my new hijackthis log:

Hijackthis Log

Logfile of HijackThis v1.97.7
Scan saved at 8:26:15 PM, on 5/31/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MATT\HIJACKTHIS.EXE

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Just Say Aptiva From Gdrive] C:\APTADV\JUSTSAY.EXE -auto
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab27571.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab


The virus report from that site:

Scanned file: Sysmon.exe

Sysmon.exe - OK


Statistics:
Known viruses: 90139 Updated: 31.05.2004
File size (Kb): 80 Scan time: 00:00:01
Speed (Kb/sec): 81 Virus bodies: 0
Archives: 0 Packed: 0
Folders: 0 Files: 1
Suspicious: 0 Warnings: 0

there ya go, plz report anythin else wrong.
  #6  
Old May 31st, 2004, 08:26 AM
Pieter_Arntz's Avatar
Pieter_Arntz Pieter_Arntz is offline
Spyware Veteran
  
Join Date: Apr 2002
Location: Netherlands
Posts: 12,727
Default Re: My Hijack this Log, Please help!!
Hi onesikgypo,

Sorry about the probably false alarm. Could you mail the file to the address in my profile, just to make sure.

Regards,

Pieter
__________________
Regards,

Pieter
It´s nice to be important, but it´s more important to be nice.

It's human to make mistakes. It's even more so to blame the computer for it.
 

Wilders Security Forums > Browser Hijacks and Spyware Problems > adware, spyware & hijack cleaning « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 08:01 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums