Please look at our Log! Thanks

Discussion in 'adware, spyware & hijack cleaning' started by bandonisp, Mar 4, 2004.

Thread Status:
Not open for further replies.
  1. bandonisp

    bandonisp Registered Member

    Joined:
    Feb 24, 2004
    Posts:
    53
    Location:
    Bandon, Oregon
    We have run adware , SpyBot and we had a lot of spyware with Pop ups. Here is the Log.


    Logfile of HijackThis v1.97.7
    Scan saved at 8:12:47 PM, on 3/4/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\CBA\PDS.EXE
    C:\WINDOWS\SYSTEM\CBA\XFR.EXE
    C:\WINDOWS\SYSTEM\MSGSYS.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\BIGSPEED ZIPPER\BSZIPPER.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://3rs.homestead.com/onramp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
    O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
    O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [svcp71m] C:\WINDOWS\SYSTEM\svcp71m.exe
    O4 - HKLM\..\RunServices: [Intel PDS] C:\WINDOWS\system\cba\pds.exe
    O4 - HKLM\..\RunServices: [Intel File Transfer] C:\WINDOWS\system\cba\xfr.exe
    O4 - HKLM\..\RunServices: [TMA Distribution] C:\WINDOWS\system\cba\lcfinst.exe
    O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi bandonisp,

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
    O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL

    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

    O4 - HKLM\..\Run: [svcp71m] C:\WINDOWS\SYSTEM\svcp71m.exe

    Then download, unzip and run
    CWShredder
    Use the Fix button and follow the instructions you will receive.

    Then reboot and go to windows update before you get reinfected again.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.