Windows 95

Discussion in 'adware, spyware & hijack cleaning' started by jkassabian, Jun 14, 2004.

Thread Status:
Not open for further replies.
  1. jkassabian

    jkassabian Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    15
    I'm having multiple problems with browser hijacks on a machine running windows 95. I downloaded Ad-aware and Hijack this. However Ad-aware will not open and HijackThis returns a missing MSVBVM6.DLL file. Is this because of 95? Are there any other options?
    thanks
    Jay
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. jkassabian

    jkassabian Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    15
    I'd appreciate your review of the following HijackThis log.
    I have already run Spybot and deleted the problem files. Thank you in advance.
    Jay

    Logfile of HijackThis v1.97.7
    Scan saved at 11:19:26 PM, on 6/17/04
    Platform: Windows 95 a (Win9x 4.00.1212)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\SYSTEM\LOADWC.EXE
    C:\PROGRAM FILES\NCASE\MSBB.EXE
    C:\WINDOWS\RunDLL.EXE
    C:\PROGRAM FILES\OUTLOOK\OFFICE\OSA.EXE
    C:\PROGRAM FILES\OUTLOOK\OFFICE\FINDFAST.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
    C:\WINDOWS\DESKTOP\SPYWARE\HIJACK\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
    O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\NCASE\MSBB.EXE
    O4 - HKLM\..\Run: [cjuzonef] C:\WINDOWS\cjuzonef.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: Office Startup.lnk = C:\Program Files\outlook\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\outlook\Office\FINDFAST.EXE
    O4 - Startup: GapSDR.lnk = C:\Gap Kids\Gap Snow Day\GapSDR.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
    O13 - WWW. Prefix: http://
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} - http://ax.180solutions.com/Installer/180SAInstaller.cab
     
  4. jkassabian

    jkassabian Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    15
    Please review this Log

    Please review the previously submitted log.
    thank you
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi jkassabian,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup.exe

    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
    O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\NCASE\MSBB.EXE
    O4 - HKLM\..\Run: [cjuzonef] C:\WINDOWS\cjuzonef.exe

    O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} - http://ax.180solutions.com/Installer/180SAInstaller.cab

    Then reboot and delete:
    C:\WINDOWS\SYSTEM\stcloader.exe
    C:\PROGRAM FILES\NCASE <= entire folder
    C:\WINDOWS\cjuzonef.exe

    Too bad all the cr@pware runs on 95 and most of the good protection doesn't.
    Try safe surfing:
    Why did I get infected in the first place

    Regards,

    Pieter
     
  6. jkassabian

    jkassabian Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    15
    Pieter-
    As usual, thanks for your help.

    Jay
     
Thread Status:
Not open for further replies.