Windows 95

Discussion in 'adware, spyware & hijack cleaning' started by jkassabian, Jun 14, 2004.

Thread Status:
Not open for further replies.
  1. jkassabian

    jkassabian Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    15
    I'm having multiple problems with browser hijacks on a machine running windows 95. I downloaded Ad-aware and Hijack this. However Ad-aware will not open and HijackThis returns a missing MSVBVM6.DLL file. Is this because of 95? Are there any other options?
    thanks
    Jay
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. jkassabian

    jkassabian Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    15
    I'd appreciate your review of the following HijackThis log.
    I have already run Spybot and deleted the problem files. Thank you in advance.
    Jay

    Logfile of HijackThis v1.97.7
    Scan saved at 11:19:26 PM, on 6/17/04
    Platform: Windows 95 a (Win9x 4.00.1212)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\SYSTEM\LOADWC.EXE
    C:\PROGRAM FILES\NCASE\MSBB.EXE
    C:\WINDOWS\RunDLL.EXE
    C:\PROGRAM FILES\OUTLOOK\OFFICE\OSA.EXE
    C:\PROGRAM FILES\OUTLOOK\OFFICE\FINDFAST.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
    C:\WINDOWS\DESKTOP\SPYWARE\HIJACK\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
    O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\NCASE\MSBB.EXE
    O4 - HKLM\..\Run: [cjuzonef] C:\WINDOWS\cjuzonef.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: Office Startup.lnk = C:\Program Files\outlook\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\outlook\Office\FINDFAST.EXE
    O4 - Startup: GapSDR.lnk = C:\Gap Kids\Gap Snow Day\GapSDR.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
    O13 - WWW. Prefix: http://
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} - http://ax.180solutions.com/Installer/180SAInstaller.cab
     
  4. jkassabian

    jkassabian Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    15
    Please review this Log

    Please review the previously submitted log.
    thank you
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi jkassabian,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup.exe

    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
    O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\NCASE\MSBB.EXE
    O4 - HKLM\..\Run: [cjuzonef] C:\WINDOWS\cjuzonef.exe

    O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} - http://ax.180solutions.com/Installer/180SAInstaller.cab

    Then reboot and delete:
    C:\WINDOWS\SYSTEM\stcloader.exe
    C:\PROGRAM FILES\NCASE <= entire folder
    C:\WINDOWS\cjuzonef.exe

    Too bad all the cr@pware runs on 95 and most of the good protection doesn't.
    Try safe surfing:
    Why did I get infected in the first place

    Regards,

    Pieter
     
  6. jkassabian

    jkassabian Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    15
    Pieter-
    As usual, thanks for your help.

    Jay
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.