I need help.

Discussion in 'adware, spyware & hijack cleaning' started by armlep, Jun 28, 2004.

Thread Status:
Not open for further replies.
  1. armlep

    armlep Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    3
    I want to download bhblastersetup.exe in the page: www.wilderssecurity.com/bhblaster.html
    but i can´t. The message is: File not found.


    I have a problem with a spyware hijacker with my explore.

    This spyware redirection my browser to porn pages.

    Please help me to download your software.
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi armlep, and welcome.

    Please follow ALL the instructions, and each step in this link, carefully:
    HOW TO? Read here about how to post your log!!

    Do the scans with AdAware and Spybot S&D then follow the steps below for posting your hijackthis log.

    Create a permanent folder for it on your C: (call the folder whatever you'd like) then unzip Hijackthis.exe into the new folder (do not put it in a Temp folder or desktop).

    Then open Hijackthis and run it by clicking on the Scan button. When the scan has finished, the "Scan" button will then change to a Save Log button. Press the "Save Log" button and save it to a location you can easily find it. Open the saved log and copy and paste the entire contents of the log here in this thread.

    Please do NOT fix anything in Hijackthis by yourself. Most of what it lists will be harmless and even essential. Someone will review your log and reply back with instructions on what needs to be fixed.

    Regards,

    snap
     
  3. armlep

    armlep Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    3
    I ran Adware and Hijackthis and send the log

    Today run Adware (previosly updated) and save the log.

    The results are 15 new object:







    *******************************************************

    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Martes 29 de Junio de 2004 02:20:07 PM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R325 27.06.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    29-06-04 02:20:07 PM - Scan started. (Custom mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [kernel32.dll]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4279212045
    Threads : 10
    Priority : High
    FileSize : 468 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1991-1999
    CompanyName : Microsoft Corporation
    FileDescription : Componente del n
    InternalName : KERNEL32
    OriginalFilename : KERNEL32.DLL
    ProductName : Sistema operativo Microsoft(R) Windows(R)
    Created on : 15/04/04 11:45:16 AM
    Last accessed : 29/06/04
    Last modified : 5/05/99 10:22:00 PM

    #:2 [msgsrv32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294924333
    Threads : 1
    Priority : Normal
    FileSize : 11 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1992-1998
    CompanyName : Microsoft Corporation
    FileDescription : Servidor de mensajes VxD de 32 bits de Windows
    InternalName : MSGSRV32
    OriginalFilename : MSGSRV32.EXE
    ProductName : Sistema operativo Microsoft(R) Windows(R)
    Created on : 15/04/04 11:45:48 AM
    Last accessed : 29/06/04
    Last modified : 5/05/99 10:22:00 PM

    #:3 [mprexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294923709
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : WIN32 Network Interface Service Process
    InternalName : MPREXE
    OriginalFilename : MPREXE.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 15/04/04 11:43:26 AM
    Last accessed : 29/06/04
    Last modified : 5/05/99 10:22:00 PM

    #:4 [mmtask.tsk]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294890465
    Threads : 1
    Priority : Normal
    FileSize : 1 KB
    FileVersion : 4.03.1998
    ProductVersion : 4.03.1998
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Multimedia background task support module
    InternalName : mmtask.tsk
    OriginalFilename : mmtask.tsk
    ProductName : Microsoft Windows
    Created on : 15/04/04 11:44:00 AM
    Last accessed : 29/06/04
    Last modified : 5/05/99 10:22:00 PM

    #:5 [mstask.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294896677
    Threads : 3
    Priority : Normal
    FileSize : 109 KB
    FileVersion : 4.71.1968.1
    ProductVersion : 4.71.1968.1
    Copyright : Copyright (C) Microsoft Corp. 2000
    CompanyName : Microsoft Corporation
    FileDescription : Task Scheduler Engine
    InternalName : TaskScheduler
    OriginalFilename : mstask.exe
    ProductName : Microsoft
    Created on : 15/04/04 11:59:49 AM
    Last accessed : 29/06/04
    Last modified : 15/04/04 11:59:50 AM

    #:6 [pavsched.exe]
    FilePath : C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\
    ProcessID : 4294890613
    Threads : 2
    Priority : Normal
    FileSize : 108 KB
    FileVersion : 02.02.01
    ProductVersion : 7.0
    CompanyName : Panda Software International
    FileDescription : pavsched.exe
    InternalName : pavsched.exe
    ProductName : Panda Antivirus Platinum
    Created on : 25/06/04 12:45:08 PM
    Last accessed : 29/06/04
    Last modified : 31/05/02 05:34:34 PM

    #:7 [pavfires.exe]
    FilePath : C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\
    ProcessID : 4294871633
    Threads : 16
    Priority : Normal
    FileSize : 164 KB
    FileVersion : 1, 1, 1, 0
    ProductVersion : 7, 4, 0, 0
    Copyright : Panda Software Copyright
    CompanyName : Panda Software
    FileDescription : Personal Firewall Service
    InternalName : Pavfires
    OriginalFilename : Pavfires.exe
    ProductName : Platinum 7 Pavfires
    Created on : 25/06/04 12:45:16 PM
    Last accessed : 29/06/04
    Last modified : 30/01/03 05:30:34 PM

    #:8 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294851985
    Threads : 5
    Priority : Normal
    FileSize : 176 KB
    FileVersion : 4.72.3110.1
    ProductVersion : 4.72.3110.1
    Copyright : (C) Microsoft Corporation 1981-1997
    CompanyName : Microsoft Corporation
    FileDescription : Explorador de Windows
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Sistema operativo Microsoft(R) Windows NT(R)
    Created on : 15/04/04 11:43:24 AM
    Last accessed : 29/06/04
    Last modified : 5/05/99 10:22:00 PM

    #:9 [rnaapp.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294780633
    Threads : 3
    Priority : Normal
    FileSize : 44 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1992-1996
    CompanyName : Microsoft Corporation
    FileDescription : Aplicaci
    InternalName : RNAAPP
    OriginalFilename : RNAAPP.EXE
    ProductName : Sistema operativo Microsoft(R) Windows(R)
    Created on : 15/04/04 11:45:49 AM
    Last accessed : 29/06/04
    Last modified : 5/05/99 10:22:00 PM

    #:10 [tapisrv.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294773185
    Threads : 6
    Priority : Normal
    FileSize : 120 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1994-1998
    CompanyName : Microsoft Corporation
    FileDescription : Servidor de telefon
    InternalName : Servicio de telefon
    OriginalFilename : TAPISRV.EXE
    ProductName : Sistema operativo Microsoft(R) Windows(R)
    Created on : 15/04/04 11:45:51 AM
    Last accessed : 29/06/04
    Last modified : 5/05/99 10:22:00 PM

    #:11 [systray.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294741977
    Threads : 2
    Priority : Normal
    FileSize : 32 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : Subprograma Bandeja de sistema
    InternalName : SYSTRAY
    OriginalFilename : SYSTRAY.EXE
    ProductName : Sistema operativo Microsoft(R) Windows(R)
    Created on : 15/04/04 11:45:51 AM
    Last accessed : 29/06/04
    Last modified : 5/05/99 10:22:00 PM

    #:12 [taskmon.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294735213
    Threads : 2
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1998
    CompanyName : Microsoft Corporation
    FileDescription : Task Monitor
    InternalName : TaskMon
    OriginalFilename : TASKMON.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 15/04/04 11:45:52 AM
    Last accessed : 29/06/04
    Last modified : 5/05/99 10:22:00 PM

    #:13 [apvxdwin.exe]
    FilePath : C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\
    ProcessID : 4294667921
    Threads : 9
    Priority : Normal
    FileSize : 256 KB
    FileVersion : 02.11.15
    ProductVersion : 7.00
    CompanyName : Panda Software International
    FileDescription : Apvxdwin.exe
    InternalName : Apvxdwin.exe
    ProductName : Panda Antivirus Platinum
    Created on : 25/06/04 12:45:01 PM
    Last accessed : 29/06/04
    Last modified : 30/04/03 05:57:50 PM

    #:14 [pavproxy.exe]
    FilePath : C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\
    ProcessID : 4294673125
    Threads : 5
    Priority : Normal
    FileSize : 140 KB
    FileVersion : 3, 1, 6, 10
    ProductVersion : 3, 1, 6, 10
    Copyright : Copyright
    CompanyName : Panda Software
    FileDescription : PavProxy
    InternalName : PavProxy
    OriginalFilename : PavProxy.exe
    ProductName : Residente Correo
    Created on : 25/06/04 12:45:15 PM
    Last accessed : 29/06/04
    Last modified : 30/01/03 10:34:42 AM

    #:15 [ddhelp.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294447021
    Threads : 3
    Priority : Realtime
    FileSize : 48 KB
    FileVersion : 4.06.03.0518
    ProductVersion : 4.06.03.0518
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft DirectX Helper
    InternalName : ddhelp.exe
    OriginalFilename : ddhelp.exe
    ProductName : Microsoft
    Created on : 15/04/04 11:43:23 AM
    Last accessed : 29/06/04
    Last modified : 5/05/99 10:22:00 PM

    #:16 [ad-aware.exe]
    FilePath : C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE 6\
    ProcessID : 4294465613
    Threads : 4
    Priority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 29/06/04 01:13:31 PM
    Last accessed : 29/06/04
    Last modified : 12/07/03 09:00:20 PM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Alexa Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 1


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchURL/your-searcher.com

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "http://your-searcher.com/index.htm"
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\SearchURL
    Value :
    Data : "http://your-searcher.com/index.htm"

    Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchURL/your-searcher.com

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "http://your-searcher.com/index.htm"
    Rootkey : HKEY_USERS
    Object : .Default\Software\Microsoft\Internet Explorer\SearchURL
    Value :
    Data : "http://your-searcher.com/index.htm"

    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "about:blank"
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Start Page
    Data : "about:blank"

    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "about:blank"
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Start Page
    Data : "about:blank"

    Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "about:blank"
    Rootkey : HKEY_USERS
    Object : .Default\Software\Microsoft\Internet Explorer\Main
    Value : Start Page
    Data : "about:blank"

    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Search Page
    Data : "file://C:\WINDOWS\TEMP\sp.html"

    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Search Bar
    Data : "file://C:\WINDOWS\TEMP\sp.html"

    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Search
    Value : SearchAssistant
    Data : "file://C:\WINDOWS\TEMP\sp.html"

    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Search Page
    Data : "file://C:\WINDOWS\TEMP\sp.html"

    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Search Bar
    Data : "file://C:\WINDOWS\TEMP\sp.html"

    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Internet Explorer\Search
    Value : SearchAssistant
    Data : "file://C:\WINDOWS\TEMP\sp.html"

    Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_USERS
    Object : .Default\Software\Microsoft\Internet Explorer\Main
    Value : Search Page
    Data : "file://C:\WINDOWS\TEMP\sp.html"

    Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_USERS
    Object : .Default\Software\Microsoft\Internet Explorer\Main
    Value : Search Bar
    Data : "file://C:\WINDOWS\TEMP\sp.html"

    Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_USERS
    Object : .Default\Software\Microsoft\Internet Explorer\Search
    Value : SearchAssistant
    Data : "file://C:\WINDOWS\TEMP\sp.html"


    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 14
    Objects found so far: 15


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Disk scan result for C:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 15


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 15


    02:29:02 PM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:08:55:410
    Objects scanned :49261
    Objects identified :15
    Objects ignored :0
    New objects :15

    **********************************************************





    After: ran HijackThis and the results are:


    **********************************************************




    Logfile of HijackThis v1.97.7
    Scan saved at 02:41:10 PM, on 29/06/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVSCHED.EXE
    C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
    C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
    C:\ANTI SPYWARE\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - C:\WINDOWS\IEHR.DLL (file missing)
    O2 - BHO: (no name) - {EF693CE1-C36E-11D8-8960-0050A44FA507} - C:\WINDOWS\SYSTEM\EIDAEGA.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
    O4 - HKLM\..\RunServices: [PAVFIRES] C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
    O13 - WWW. Prefix: http://
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab

    **********************************************************

    My windows98 after this utilities is good. but ..... my problem continue

    Please help me. Say me wich entries must be fixed.

    Thak you
     
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: I ran Adware and Hijackthis and send the log

    Hi armlep

    Let ad aware remove the objects it finds !

    Check the following items in HIjackThis - close ALL windows\browsers except HIjackThis and click Fixed:

    Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - C:\WINDOWS\IEHR.DLL (file missing)

    O2 - BHO: (no name) - {EF693CE1-C36E-11D8-8960-0050A44FA507} - C:\WINDOWS\SYSTEM\EIDAEGA.DLL

    Optional:
    O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

    Reboot

    Now, empty your TEMP Folder / Temporary Internet Files Folder and then empty your "Recycle Bin" and reboot.

    Run HJT again and pls. post a FRESH log. Thanks.
     
  5. armlep

    armlep Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    3
    OK. I ran again hijackThis and the results was:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:32:15 AM, on 30/06/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVSCHED.EXE
    C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
    C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
    C:\ANTI SPYWARE\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
    O4 - HKLM\..\RunServices: [PAVFIRES] C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
    O13 - WWW. Prefix: http://
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab


    After run HJT the computer apparently is good

    See you later, I´m tessting my computer... Thank you.
     
Thread Status:
Not open for further replies.