help please dont know what to do next.

Discussion in 'adware, spyware & hijack cleaning' started by shaun127, Apr 27, 2004.

Thread Status:
Not open for further replies.
  1. shaun127

    shaun127 Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    8
    This thing has my head in a spin. When i'm browsing the net I can browse internal links on a site but any external links I try to visit, my browser goes inactive and all I get is a blank window over the top of the original .
    I have downloaded many trojan/virus/ spyware including ad-aware and run them as you will see from my log.

    I have enabled them all in system config utils so that Hijackthis picks them up. Hope you can help.If i dont get back in contact straight away its because i work odd hours, Sorry for any inconveinence.
    Thanks lads in advance for any help
    Heres my log,

    Logfile of HijackThis v1.97.7
    Scan saved at 12:06:41 PM, on 4/27/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\PROTECTOR PLUS\PPTBC.EXE
    C:\PROGRAM FILES\PROTECTOR PLUS\PPVSTOP.EXE
    C:\PROGRAM FILES\PROTECTOR PLUS\PPINUPDT.EXE
    C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTTRAYAPP.EXE
    C:\PROGRAM FILES\PD\SHWICON.EXE
    C:\PROGRAM FILES\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
    C:\PROGRAM FILES\TROJANHUNTER 3.8\THGUARD.EXE
    C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
    C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [PP2000 Taskbar Control] C:\PROGRA~1\PROTEC~1\PPTbc.EXE
    O4 - HKLM\..\Run: [PP2000 Real-time Scan] C:\PROGRA~1\PROTEC~1\PPVstop.exe
    O4 - HKLM\..\Run: [PP2000 InstaUpdate] C:\PROGRA~1\PROTEC~1\PPInupdt.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022] "C:\Program Files\PD\shwicon.exe" -t"The Company\USB Flash HDD Series Driver v1.17r022"
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [msbb] c:\windows\temp\msbb.exe
    O4 - HKLM\..\Run: [yzkd] C:\WINDOWS\yzkd.exe
    O4 - HKLM\..\Run: [yocqbobx] C:\WINDOWS\SYSTEM\sbgxyvqb.exe
    O4 - HKLM\..\Run: [SPOOLSVV] C:\WINDOWS\SYSTEM\SPOOLSVV.exe -invisible
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRAM FILES\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
    O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.8\THGUARD.EXE"
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi shaun127,

    Welcome to Wilders.

    Before you start, please unzip or move HijackThis to a separate folder of its own. The program will make backups to the folder it's in. These easily get lost in a temporary folder or a folder with other programs.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [msbb] c:\windows\temp\msbb.exe
    O4 - HKLM\..\Run: [yzkd] C:\WINDOWS\yzkd.exe
    O4 - HKLM\..\Run: [yocqbobx] C:\WINDOWS\SYSTEM\sbgxyvqb.exe
    O4 - HKLM\..\Run: [SPOOLSVV] C:\WINDOWS\SYSTEM\SPOOLSVV.exe -invisible

    There also may be hidden files. See HERE for how to show hidden files.

    Then reboot into safe mode and delete:

    C:\WINDOWS\SYSTEM\A.EXE
    c:\windows\temp\ <-- Delete everything inside this folder including ALL files, folders, and subdirectories.
    C:\WINDOWS\yzkd.exe
    C:\WINDOWS\SYSTEM\sbgxyvqb.exe
    C:\WINDOWS\SYSTEM\SPOOLSVV.exe

    Reboot and then post a fresh HijackThis log.

    Regards,
    Kent
     
  3. shaun127

    shaun127 Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    8
    Hello Pal
    Sorry for the delay heres my next log

    Logfile of HijackThis v1.97.7
    Scan saved at 9:19:54 AM, on 4/28/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\PD\SHWICON.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    C:\PROGRAM FILES\PROTECTOR PLUS\PPTBC.EXE
    C:\PROGRAM FILES\PROTECTOR PLUS\PPINUPDT.EXE
    C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTTRAYAPP.EXE
    C:\PROGRAM FILES\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
    C:\PROGRAM FILES\TROJANHUNTER 3.8\THGUARD.EXE
    C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
    C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.EXE

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O4 - HKLM\..\Run: [ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022] "C:\Program Files\PD\shwicon.exe" -t"The Company\USB Flash HDD Series Driver v1.17r022"
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [PP2000 Taskbar Control] C:\PROGRA~1\PROTEC~1\PPTbc.EXE
    O4 - HKLM\..\Run: [PP2000 Real-time Scan] C:\PROGRA~1\PROTEC~1\PPVstop.exe
    O4 - HKLM\..\Run: [PP2000 InstaUpdate] C:\PROGRA~1\PROTEC~1\PPInupdt.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRAM FILES\AGNITUM\TAUSCAN 1.7\TAUMON.EXE
    O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.8\THGUARD.EXE"
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi shaun127,

    Your log is clean, but did this solve the issue you had?

    Regards,

    Pieter
     
  5. shaun127

    shaun127 Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    8
    No still have the exact same problem.
    No idea what it is or how to resolve it.
    Ran win98 setup /P v over the top of install. reinstalled IE6. ran many trojan removers etc. No difference.
    Hope you have some ideas pal.
    Cheers and thanks for your time so far.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    See if this helps: http://www.mvps.org/inetexplorer/answers2.htm#blank_windows

    Regards,

    Pieter
     
  7. shaun127

    shaun127 Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    8
    hello again tried that no good either although thanks for site lot of useful stuff on there.
    Cheers Pal.
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    I don't see one, but I may have missed it. Are you using a pop-up blocker?

    Regards,

    Pieter
     
  9. shaun127

    shaun127 Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    8
    not know but i was using altavista search bar which has apop up blocker but i disinstalled it about 2 weeks ago long before problem started.

    Cheers Pal
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    I'm sorry for drawing blanks. :oops:
    Normally registering the dll's as described at the link I gave you works wonders.

    1) Click on Start button on the Task Bar.
    2) Select Run from the pop-up selection
    3) type SFC in the "open" text box and click OK. The "System File Checker" window will appear.
    4) To perform a complete check of all files click the "Scan for altered files" Selection Option and press the Start button.
    5) The computer will display "Checking Files..." within the same window, and the Start button will be grayed out while the files are checked.
    6) If any files are found to be corrupt, a window will appear showing you the name of the corrupt file and present you will 3 options to a) update that file as known to be good, b) Restore the file or c) ignore the file until the next time you run SFC.
    7) When the checking is done the "Finished" window will appear.

    Press the OK button to continue. This will bring you back to the original "System File Checker Window". Click the Close button to close the SFC program.

    You are now done. At this time you should most likely reboot your computer.

    HTH,

    Pieter
     
  11. shaun127

    shaun127 Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    8
    still no luck ran sfc, no difference.
    Could you check that link you gave me because now i cant access that at all
    Cheers again and sorry for taking up so much of your time.

    Dont worry bout coming up with blanks my IE is doing it all the time,
    But at least im learning something through yr help.
    Cheers :D
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  13. shaun127

    shaun127 Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    8
    hovering over link in status bar i see "shortcut to www. whatever the link is.
    left clicking or right click open in new window same in status bar then nothing.

    Cheers Pal.
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Did you already try to repair IE ?

    Regards,

    Pieter
     
  15. shaun127

    shaun127 Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    8
    Sorry for delay in reply ,yes I've tried repair and after that fress install of IE6
    Think Its gona have to be a format,
    Cheers Pal
     
Thread Status:
Not open for further replies.