• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Flame060

HJT Log. Bett be answerd.

6 posts in this topic

Tell me what to remove plz!

I'm begging you!

My computer goes at the speed of nothing!

 

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:40:20 PM, on 6/14/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

D:\NET BATTLE\POKEBATTLE.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\NETBATTLE\FF\POKEBATTLE.EXE

D:\NET BATTLE\POKEBATTLE.EXE

D:\HIKACKTHIS\HIJACKTHIS.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com

F1 - win.ini: run=hpfsched

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\COMMON FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {C7262CFC-76A6-31B0-8F87-55F9541939BE} - C:\PROGRAM FILES\BAIT BOWS\DOWNLOAD MPEG.DLL (file missing)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\HIKACK~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [dlder] C:\WINDOWS\explorer\Explorer.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE

O4 - HKLM\..\Run: [sysUpd] C:\WINDOWS\SYSUPD.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKCU\..\Run: [spywatch] C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\SpyWatch.exe /STARTUP

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: Windows Media PowerPoint Helper.lnk = D:\Midea\Tools\nsppthlp.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .PDF: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vaxxine.com

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.5.212.5

Share this post


Link to post
Share on other sites

This is my friend's log, I've helped him all I can with it, but Im certain it needs more. His computer is horridly slow, and spyware just makes it worse. Bump it up.

Share this post


Link to post
Share on other sites

Hi there

Please place a check in the following entries and ensure all IE browsers and windows explorers are closed, then have hijack fix them:

O2 - BHO: (no name) - {C7262CFC-76A6-31B0-8F87-55F9541939BE} - C:\PROGRAM FILES\BAIT BOWS\DOWNLOAD MPEG.DLL (file missing)

 

O4 - HKLM\..\Run: [dlder] C:\WINDOWS\explorer\Explorer.exe

O4 - HKLM\..\Run: [sysUpd] C:\WINDOWS\SYSUPD.EXE

O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKCU\..\Run: [spywatch] C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\SpyWatch.exe /STARTUP

 

Note: To avoid the risk of any files not being found due to some files being hidden, see Showing hidden files if needed.

Restart in Safe mode and

Select Start-> Settings-> Control panel-> add/remove and select and remove the following programs if present:

-bullet proof software spyware remover. It's a pirated rip off of adaware and causes more harm than good.

-MessengerPlus2

 

While still in safe mode, find and delete the following files/folders if they still exist:

 

:alarm: C:\WINDOWS\explorer\ Explorer.exe <--delete only this file

WARNING: only delete explorer.exe from the location specified

 

C:\WINDOWS\ SYSUPD.EXE <--delete only this file

C:\Program Files\Messenger Plus! 2 <--delete only this folder

C:\PROGRAM FILES\ BULLETPROOFSOFT.COM <--delete only this folder

 

Restart your system and do an online virus scan and delete anything it finds:

http://housecall.trendmicro.com/housecall/start_corp.asp

 

or/and Panda active scan

or/and etrust antivirus web scanner

 

Repost here with a new log from hijack.

Edited by pfofit

Share this post


Link to post
Share on other sites

Hey! Thanks Dude!

Nothing showed up at all while scanning!

And, IE seems to be running more smoothly, and acctually getting connected to the interent, thats going faster too! (for dial-up that is)

 

If you still wish for an updated HJT log, here ya go:

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 2:38:42 AM, on 6/15/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

D:\HIKACKTHIS\HIJACKTHIS.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com

F1 - win.ini: run=hpfsched

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\COMMON FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\HIKACK~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: Windows Media PowerPoint Helper.lnk = D:\Midea\Tools\nsppthlp.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .PDF: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vaxxine.com

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.5.212.5

Share this post


Link to post
Share on other sites

Ok flame

Things look better now.

Below is my standard speech and I will add that you are in need of a visit to windows updates. Go there and install all critical updates, especially SP1. You may need a couple of trips. Go back again and again until there are no more critical updates. It's the way MS does the updates.

 

I know that you are on dialup and the update is large, but without it you are vulnerable to more attacks.

 

You can order a free update disk from MS that covers up till february2004. Microsoft says it can take 2-4 weeks, however a lot can happen in that time. , or perhaps you know someone that already has it.

 

Also I do not see an Antivirus running in your processes. A free one from Grisoft is listed below.

--------------------------------------------------------------------------------------------------------------

Please read through the recommended ideas and free software listed below that will help to keep your computer from being reinfected

  • Do not let any site install anything if you do not know what it is.
     
     
  • Ensure that an Antivirus is updated weekly and running. AVG antivirus from Grisoft is a very good FREE antivirus program if you do not have one already.
     
     
  • Make sure you have the latest critical updates from windows update.
     
     
  • SpywareBlaster will prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
     
     
  • IE-SPYAD puts over 4000 known 'bad' sites into your IE restricted zone so that they cannot install malware on your PC.
     
     
  • Google toolbar has a very good built in popup blocker with a nice search bar. To provide privacy, select disable advanced features when installing.
     
     
  • Check your system for latest virus definitions with an online virus scan
    Check your system for latest trojan definitions with an Online trojan scan
     
     
  • Spybot S&D 1.3 and/or Ad-aware 6 Free are excellent removal tools are are updated often.
     
     
  • And also see this link for additional security information.
    So how did I get infected in the first place?

pfofit

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0