Argus Hijackthis log 280404

Discussion in 'adware, spyware & hijack cleaning' started by argus, Apr 27, 2004.

Thread Status:
Not open for further replies.
  1. argus

    argus Registered Member

    Joined:
    Apr 17, 2004
    Posts:
    6
    Originally posted logfile on 18 April but due to time constraints have been unable to fully action your advice so I decided to start from scratch again.

    Using broadband cable connection
    Ran adaware and spybot
    Slow internet speed
    Web pages freezing/hanging having to reboot and reconnect regularly
    Windows sometimes not shutting down fully
    Regularlar pop up ads
    Daily unsolicited e-mails some with attachments
    IE search bar changes and can't stop it despite spywareguard prompting to restore old values

    Thanks for any help
    Argus

    Logfile of HijackThis v1.97.7
    Scan saved at 11:58:28, on 28/04/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY1\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://members.kawananet.com.au
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;www.national.com.a;203.57.240.;203.57.24;<local>
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTOOLBAND.DLL
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O2 - BHO: (no name) - {01673329-3404-33E8-9264-0DE45ABA40E9} - C:\PROGRAM FILES\GLOBAL WINDOW PEAK\DATA HTM.DLL
    O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\PROGRAM FILES\TELSTRA\TOOLBAR\BPUMTOOLBAND.DLL
    O3 - Toolbar: Betfair Bar - {1D62BD48-16F6-4004-A54A-3C41E4955A87} - C:\Program Files\Betfair\BFTool_4.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: WMA EXTRA - {A610CDAF-4335-24D3-A18D-9064C0D21CF3} - C:\PROGRAM FILES\GLOBAL WINDOW PEAK\DATA HTM.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money1\System\reminder.exe
    O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
    O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {2646205B-878C-11D1-B07C-0000C040BCDB} (NSIEMisc Class) - file://D:\iet\HD\nskey.dll
    O16 - DPF: {E936C500-D12E-11D2-9E4D-0080C84BBDBB} (National Internet Banking Custom) - http://www.national.com.au/rib/afs/v3002/cabinet/NABcustom.cab
    O16 - DPF: {B8D69BC3-E4DE-11D1-9BA1-0000C006B0D8} (National Internet Banking Images) - http://www.national.com.au/rib/afs/v3002/cabinet/images.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {4E6F9E15-C8E3-4E19-B987-04EF390E9824} - http://www.betfair.com/install/setup.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38091.061724537
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi argus,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html

    O2 - BHO: (no name) - {01673329-3404-33E8-9264-0DE45ABA40E9} - C:\PROGRAM FILES\GLOBAL WINDOW PEAK\DATA HTM.DLL

    O3 - Toolbar: WMA EXTRA - {A610CDAF-4335-24D3-A18D-9064C0D21CF3} - C:\PROGRAM FILES\GLOBAL WINDOW PEAK\DATA HTM.DLL


    Then reboot and delete:
    C:\PROGRAM FILES\GLOBAL WINDOW PEAK <= entire folder

    Did you install the Betfair bar yourself?
    Just curious.

    Regards,

    Pieter
     
  3. argus

    argus Registered Member

    Joined:
    Apr 17, 2004
    Posts:
    6
    Hi pieter

    I don't recall installing the betfair bar but I do regularly use the betfair site

    Thanks for your assistance

    Regards
    Argus
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    My pleasure. :cool:

    Do you mean you never noticed the Toolbar you have for Betfair?

    Regards,

    Pieter
     
  5. argus

    argus Registered Member

    Joined:
    Apr 17, 2004
    Posts:
    6
    That's correct i'd not noticed it and don't use it.

    ARGUS
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    OK. Thanks for the info,

    Pieter
     
Thread Status:
Not open for further replies.