Jump to content


Photo

Cleaning up this computer


  • This topic is locked This topic is locked
1 reply to this topic

#1 mullemx

mullemx

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 09 July 2004 - 06:13 PM

Helping a friend with their laptop. Internet Explorer wouldnt load webpages, but I got that fixed putting Norton AV, Spybot S&D, and the newest CWShredder on her computer and running them. No viruses found, but CWS found some stuff and spybot found a whole lot of stuff.

Anyways, wanted to run this log by ya'll to see if there is anything else that needs to be done before I return her laptop. Ya'll were a great help to me ridding myself of I believe it was nimda before.

Logfile of HijackThis v1.98.0
Scan saved at 6:05:48 PM, on 7/9/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\PHOENIX TECHNOLOGIES\BAYSWAP\BAYSWAP.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.terra.es/...mer/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomenet.net/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet...ernet-0,00.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomenet.net/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomenet.net/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet...ernet-0,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.terra.es/...mer/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet...ernet-0,00.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.awesomenet.net/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Total Internet 2000
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
F1 - win.ini: run=hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {AA8EC302-11BF-6F9C-D8DE-BF8B52E6DCB3} - C:\windows\system\dtemuydk.dll
O2 - BHO: CHungryBHO Object - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
O2 - BHO: (no name) - {C5941EE5-6DFA-11D8-86B0-0002441A9695} - C:\WINDOWS\3_0_1browserhelper3.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\CLEARS~1\CSIE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BaySwap] C:\Program Files\Phoenix Technologies\BaySwap\BaySwap.exe
O4 - HKLM\..\Run: [BaySwap2] C:\Program Files\Phoenix Technologies\BaySwap\TbUpdate.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [rb32 1l0112] "c:\program files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [<H] c:\WINDOWS\System\<HEAD>
O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>
O4 - HKLM\..\Run: [</H] c:\WINDOWS\System\</HTML>
O4 - HKLM\..\Run: [<B] c:\WINDOWS\System\<BODY>
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net...net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net...net/">GANDI</A> then parked.
O4 - HKLM\..\Run: [</B] c:\WINDOWS\System\</BODY>
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [vptray] c:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [rtvscn95] c:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] c:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Total Internet] C:\PROGRAM FILES\AWESOMENET\FPTOOL.EXE
O4 - HKCU\..\Run: [<H] c:\WINDOWS\System\<HEAD>
O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>
O4 - HKCU\..\Run: [</H] c:\WINDOWS\System\</HTML>
O4 - HKCU\..\Run: [<B] c:\WINDOWS\System\<BODY>
O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from
O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net...net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net...net/">GANDI</A> then parked.
O4 - HKCU\..\Run: [</B] c:\WINDOWS\System\</BODY>
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://totalinternet.snap.com
O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} - http://directplugin....lers/109446.exe
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin....ugin/109446.exe

#2 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 22 November 2005 - 10:08 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button