TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Guest_Mike_* on March 01, 2005, 08:56:57 PM
-
i spent some time looking at other's posts and noticed you also like to see a MWAV scan, so i have one of those handy if you'd like
Logfile of HijackThis v1.99.1
Scan saved at 8:47:57 PM, on 3/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\TASKMON.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\WUSB11 WLAN MONITOR\WLAN_CFG.EXE
C:\WINDOWS\SYSTEM\KEGBTDVR.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\GOJYCB.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\180SOLUTIONS\SAIS.EXE
C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE
C:\PROGRAM FILES\GRIIWT\ASQDLTV.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TEMP\MWAVSCAN.COM
C:\WINDOWS\TEMP\KAVSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...&LC=0409&c=1c00 (http://\"http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=consumer&LC=0409&c=1c00\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= (http://\"http://websearch.drsnsrch.com/sidesearch.cgi?id=\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= (http://\"http://websearch.drsnsrch.com/sidesearch.cgi?id=\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nationalgeographic.com/ (http://\"http://www.nationalgeographic.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= (http://\"http://websearch.drsnsrch.com/sidesearch.cgi?id=\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= (http://\"http://websearch.drsnsrch.com/sidesearch.cgi?id=\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...ount_id=1002245 (http://\"http://www.couldnotfind.com/search_page.html?&account_id=1002245\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= (http://\"http://websearch.drsnsrch.com/sidesearch.cgi?id=\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= (http://\"http://websearch.drsnsrch.com/sidesearch.cgi?id=\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: NetPal Class - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\SYSTEM\N3TPA1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\MULTIMPP.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\YSB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [WLAN_Cfg.exe] C:\Program Files\WUSB11 WLAN Monitor\WLAN_Cfg.exe
O4 - HKLM\..\Run: [nrmvvwx] C:\WINDOWS\SYSTEM\kegbtdvr.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [RbvE6YA] C:\GOJYCB.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [jgrmnkl] C:\WINDOWS\jgrmnkl.exe
O4 - HKLM\..\Run: [Power Scan] C:\PROGRAM FILES\POWER SCAN\POWERSCAN.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\UGYFVT.exe
O4 - HKLM\..\Run: [¢‰¸ï0�4Ã�4}¤Á��œ�5�]C:\Program Files\ISTsvc\istsvc.exe] C:\GOJYCB.EXE
O4 - HKLM\..\Run: [Mkagc] C:\PROGRAM FILES\GRIIWT\ASQDLTV.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409\") (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409\") (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409\") (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409\") (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409\") (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirec...&c=1c00&lc=0409 (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409\") (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0522.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0522.DLL (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://pv1fd.pav1.Email (http://\"http://pv1fd.pav1.Email\") Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab (http://\"http://fdl.msn.com/zone/Z4/heartbeat.cab\")
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll (http://\"http://dist02.chargitdial.com/chargitplug.dll\")
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.playboy.com/playboy/FlashAX.cab (http://\"https://flashcasino.playboy.com/playboy/FlashAX.cab\")
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab (http://\"http://www29.compaq.com/falco/SysQuery.cab\")
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/aess2.cab (http://\"http://www.netpaloffers.net/NetpalOffers/DMO1/aess2.cab\")
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab (http://\"http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab\")
-
oh, and i don't know much about computers so if you can help - please try to walk me through everything slowly, i had a friend help cut and past the log file
-
To start off with, for now can you download and UNZIP to desktop
LSP fix.zip
http://www.cexx.org/lspfix.htm (http://\"http://www.cexx.org/lspfix.htm\")
We probably won't need it, but in case we need it you have access to it
First, Access your Add/Remove programs and remove if found
any of the below
Active alert
Internet Optimizer
ISTSvc
IstBar
Sidefind
Slotchbar
Software Update Manager
Uninstall 180 Search Assistant or 180 solutions (You must be connected to the internet. Just keep pressing the uninstall button when it prompts).
Viewpoint Media Player
WSEM Update
YourSiteBar
Websearch toolbar
AM Server' and 'POP
I would also remove if not wanted, and most don't prefer
MyWay or MySearch or similiar
Do not reboot until you uninstall each of these items:
Back in Windows
Download and install the Standalone version of CWShredder from this link
http://www.intermute.com/spysubtract/cwshr...r_download.html (http://\"http://www.intermute.com/spysubtract/cwshredder_download.html\")
Wiht all other Windows closed click only the FIX button
Let it fix what it finds and then RESTART your computer again
Post back a fresh Hijackthis log afterwards
If at any time you lose Internet connection
With all browsers closed, open LSP fix that you Unzipped earlier and click only the
Finish button
Restart your computer
Don't use LSP fix unless needed
-
hey my friend helped me get an account so you can private message me if you want- he said that this would help me.
i don't know what that means, or what this spyware kind of stuff really is, but he told me this is a place where people help other people out- i appreciate your help.