My Hijack this Log, Please help!!

Discussion in 'adware, spyware & hijack cleaning' started by onesikgypo, May 29, 2004.

Thread Status:
Not open for further replies.
  1. onesikgypo

    onesikgypo Registered Member

    Joined:
    May 29, 2004
    Posts:
    4
    hey ive got the coolwebsearch worm on my computer and i saw in another forum that i should post my hijackthis log AFTER i used spybot S&D as well as adaware to find out the problems, i really hope u guys can fix my problem, im startin to get really annoyed....Thanx in advance...by the way, i have used the cws sheredder

    My log:

    Logfile of HijackThis v1.97.7
    Scan saved at 1:25:04 PM, on 5/30/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\SYSMON.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\PELMICED.EXE
    C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MATT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {5D16B655-A77F-5B37-A322-51AF0138BD9F} - C:\PROGRAM FILES\GRAM AIM DEFAULT\FIND MAPI.DLL (file missing)
    O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Just Say Aptiva From Gdrive] C:\APTADV\JUSTSAY.EXE -auto
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [grim this] C:\PROGRA~1\MP3OOZ~1\Dart idle load.exe
    O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [sysmon] C:\WINDOWS\SYSTEM\sysmon.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Shortcut to haha got u first.lnk = C:\WINDOWS\SYSTEM32\haha got u first.txt
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
     
    Last edited: May 29, 2004
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {5D16B655-A77F-5B37-A322-51AF0138BD9F} - C:\PROGRAM FILES\GRAM AIM DEFAULT\FIND MAPI.DLL (file missing)
    O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
    O4 - HKLM\..\Run: [grim this] C:\PROGRA~1\MP3OOZ~1\Dart idle load.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - Startup: Shortcut to haha got u first.lnk = C:\WINDOWS\SYSTEM32\haha got u first.txt
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -


    Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Delete these files
    C:\WINDOWS\SYSTEM32\haha got u first.txt

    and Delete these folders

    C:\PROGRAM FILES\GRAM AIM DEFAULT
    C:\PROGRAM FILES\MP3OOZ~1\<<<<< the folder containing >>>>>>>Dart idle load.exe

    then go to C:\windows\Temp and select everything in that folder and delete it, except temporary internet files, cookies and history folders

    then

    1) Open Control Panel
    2) Click on Internet Options
    3) On the General Tab, in the middle of the screen, click on Delete Files
    4) You may also want to check the box "Delete all offline content"
    5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
    6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

    then
    Reboot normally &

    then follow this advice
    To cure the about:blank CWS hijacker if you are using Windows 98 or ME

    First download the following Tools :

    Win98Fix from http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm
    StartDreck from http://members.blackbox.net/hp_links/21/nikolaus.rameis/download/startdreck.htm

    unzip them & put them in a folder on the desktop where you can get to them easily

    then you need to identify the hidden bad file that is causing the problem, so

    DoubleClick: 'StartDreck.exe'
    Hit: config
    hit: Unmark all
    Check these boxes only:
    Registry->run keys
    System/drivers> Running processes
    hit >ok.

    Check specifically for this entry in the log :

    »Local Machine
    »RunServicesOnce
    **ozkc=rundll32 C:\WINDOWS\SYSTEM\XXXXX.DLL,StreamingDeviceSetup

    Any problems post the log file it makes and we'll identify the file for you

    After identifying the dll, proceed with :
    open the "Win98Fix. folder that you earlier unzipped &

    -DoubleClick on: 'RunFix.reg' file, hit 'yes'
    on the prompt!
    -Restart computer!
    -File should be visible!
    -Do 'find files' for dll listed on log, delete.
    *Note: Be sure to Save the StartDreck log before, so
    you you'd be able to find the file later!
    If lost (Since nothing else will find it when not hooked)
    Simply run the included: "who.bat", file
    will be found & listed
    in "Badfile.txt".

    It should be located in C:\WINDOWS\SYSTEM\XXXXX.dll

    then run cwshredder again and an updated adaware
     
  3. onesikgypo

    onesikgypo Registered Member

    Joined:
    May 29, 2004
    Posts:
    4
    hey i wanna firstly say thanx man, i really appreciate it, hopefully there are no more probs:

    My Hijackthis Log:

    Logfile of HijackThis v1.97.7
    Scan saved at 7:25:02 PM, on 5/30/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\SYSMON.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\PELMICED.EXE
    C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\MATT\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Just Say Aptiva From Gdrive] C:\APTADV\JUSTSAY.EXE -auto
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [sysmon] C:\WINDOWS\SYSTEM\sysmon.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab


    Now i didnt no if u needed this or not but here it is

    StartDreck log:

    StartDreck (build 2.1.5 public BETA) - 2004-05-30 @ 19:27:23
    Platform: Windows 98 SE (Win 4.10.2222 A)

    »Registry
    »Run Keys
    »Current User
    »Run
    *Host=
    *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    »RunOnce
    »Default User
    »Run
    *Host=
    *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    »RunOnce
    »Local Machine
    »Run
    *ScanRegistry=c:\windows\scanregw.exe /autorun
    *SystemTray=SysTray.Exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *Just Say Aptiva From Gdrive=C:\APTADV\JUSTSAY.EXE -auto
    *Mouse Suite 98 Daemon=PELMICED.EXE
    *ZIBMACC=c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
    *BigPondCable="C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    *LoadQM=loadqm.exe
    *StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
    *AEZBProc=c:\ibmtools\aptezbtn\aptezbp.exe
    *Norton Auto-Protect=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    *Installed=1
    *Installed=1
    *NoChange=1
    *Installed=1
    »RunOnce
    *SpybotSnD="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
    »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *sysmon=C:\WINDOWS\SYSTEM\sysmon.exe
    *SchedulingAgent=mstask.exe
    »RunServicesOnce
    »RunOnceEx
    »RunServicesOnceEx
    »Files
    »System/Drivers
    »Running Processes
    *FF0FD74F=C:\WINDOWS\SYSTEM\KERNEL32.DLL
    *FFFF80E3=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    *FFFF9793=C:\WINDOWS\SYSTEM\MPREXE.EXE
    *FFFFB72B=C:\WINDOWS\SYSTEM\mmtask.tsk
    *FFFE0593=C:\WINDOWS\SYSTEM\SYSMON.EXE
    *FFFE15FF=C:\WINDOWS\SYSTEM\MSTASK.EXE
    *FFFE87DB=C:\WINDOWS\EXPLORER.EXE
    *FFFD551B=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    *FFFD255F=C:\WINDOWS\SYSTEM\PELMICED.EXE
    *FFFD3EC3=C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
    *FFFD3DEF=C:\WINDOWS\LOADQM.EXE
    *FFFD831B=C:\WINDOWS\SYSTEM\STIMON.EXE
    *FFFD8163=C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
    *FFFC4127=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    *FFFCC3E7=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    *FFFBE1AF=C:\WINDOWS\SYSTEM\WMIEXE.EXE
    *FFFA6F37=C:\WINDOWS\DESKTOP\STARTDRECK.EXE
    »Application specific



    thanx 4 ur help again, i jus have 1 more query though, for some reason (recently) when im opening programs my computer has been very slow, this is also happenin jus in general with the use of the computer, do u have any suggestionso_O
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  5. onesikgypo

    onesikgypo Registered Member

    Joined:
    May 29, 2004
    Posts:
    4
    hey id firstly like 2 say thanx for ur reply, now i did everythin u asked, however when i submitted the file it said it was clean, ill show u the statistics and stuff as well as my new hijackthis log:

    Hijackthis Log

    Logfile of HijackThis v1.97.7
    Scan saved at 8:26:15 PM, on 5/31/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\PELMICED.EXE
    C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\MATT\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Just Say Aptiva From Gdrive] C:\APTADV\JUSTSAY.EXE -auto
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab


    The virus report from that site:

    Scanned file: Sysmon.exe

    Sysmon.exe - OK


    Statistics:
    Known viruses: 90139 Updated: 31.05.2004
    File size (Kb): 80 Scan time: 00:00:01
    Speed (Kb/sec): 81 Virus bodies: 0
    Archives: 0 Packed: 0
    Folders: 0 Files: 1
    Suspicious: 0 Warnings: 0

    there ya go, plz report anythin else wrong.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi onesikgypo,

    Sorry about the probably false alarm. Could you mail the file to the address in my profile, just to make sure.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.