Hijack This Log

Discussion in 'adware, spyware & hijack cleaning' started by Aileen, Feb 26, 2004.

Thread Status:
Not open for further replies.
  1. Aileen

    Aileen Guest

    My problem is this:

    In trying to access the following website
    http://www.hackenation.com/bbs/
    I repeatedly get the following message:

    Microsoft VBScript 运行时错误 错误 '800a0006'

    溢出: 'Ccur'

    /bbs/inc/Dv_ClsMain.asp,行511

    Problem only exists when running this particular website on this particular computer (running on Win 98 and IE6)

    I ran HijackThis and my log is:

    ogfile of HijackThis v1.97.7
    Scan saved at 12:20:16 AM, on 2/27/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\PROGRAM FILES\THINKPAD\UTILITIES\TPHKMGR.EXE
    C:\WINDOWS\SYSTEM\DAEMON.EXE
    C:\CFGSAFE\AUTOCHK.EXE
    C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
    C:\WINDOWS\SYSTEM\IBMBAY2M.EXE
    C:\PROGRAM FILES\THINKPAD\UTILITIES\TP98.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\PROGRAM FILES\THINKPAD\UTILITIES\TPONSCR.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 5\DATALAYER.EXE
    C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
    C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singnet.com.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.singnet.com.sg
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SingNet
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\x3wkbowv.slt\prefs.js)
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE
    O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
    O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
    O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
    O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE
    O4 - HKLM\..\Run: [IBMUltraBayHotSwapCPLLoader] c:\windows\SYSTEM\IBMBAY2M.EXE
    O4 - HKLM\..\Run: [TP98UTIL] C:\PROGRA~1\THINKPAD\UTILIT~1\TP98.EXE /s
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DataLayer] c:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
    O4 - HKLM\..\Run: [Nokia Tray Application] c:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
    O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
    O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
    O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.singnet.com.sg
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {0FC64BDC-D14D-4F04-802D-4B9104DF16FB} (SystemCheck Class) - http://www.singnet.com.sg/technical/helptools/pc-check/media/ALTControl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1077553652210
    O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.com.sg/technical/helptools/media/SpeedCtrl.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab


    Appreciate any advice
    Thanks
     
  2. Valkyri001

    Valkyri001 Registered Member

    Joined:
    Feb 15, 2004
    Posts:
    300
    Location:
    Friendswood Tx. 77546
    :)Welcome to Wilders Aileen!
    I'm not one of the Experts, so hang out and they will be around.
    I tried that site your trying to get to and it connects me with a Chinese site.
    You may try to update your windows VBscript though. There are several available from Microsoft.
    Try here
    http://search.microsoft.com/search/results.aspx?st=b&qu=vbscript&view=en-us
    Like I said, hang around or come back and the real experts will get with you!
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Aileen,

    Tell Frank your log was clean. ;)

    Normally I would say this is a error triggered by the site, but it loaded without errors on this computer too. o_O

    Regards,

    Pieter
     
  4. Aileen

    Aileen Guest

    Thanks all
     
Thread Status:
Not open for further replies.