MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: mypoiskovic
September 18, 2019, 10:52:42 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
September 18, 2019, 10:52:42 PM

Login with username, password and session length
 
News
12th Anniversary Celebrating 12 Years! (1997 - 2009) 12th Anniversary
Thanks to ALL that make this site what it is!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: mypoiskovic  (Read 1638 times)
eman_10021
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« on: July 17, 2004, 06:42:53 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: windows 98  i.e. 6.0
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



ive tried reading other posts, but hoping someone can help me get rid of mypoiskovik.com since i can't!  thanks in advance for your help:

Logfile of HijackThis v1.97.7
Scan saved at 2:28:23 PM, on 7/17/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\winmodem.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\CVCHOST.EXE
C:\WIN32APP\MSOFFICE\OFFICE\MSOFFICE.EXE
C:\QUICKENW\QWDLLS.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mypoiskovik.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM\Scandisk.exe
O2 - BHO: (no name) - {CF6459E3-342C-22A0-5E9C-61A1B8A3752E} - C:\WINDOWS\SYSTEM\zojnbzlo.dll
O2 - BHO: (no name) - {903D90E4-AD32-42D8-A2A3-29D2F8F10A2D} - C:\WINDOWS\SYSTEM\ipxzaujp.dll
O2 - BHO: (no name) - {A2A329D2-F8F1-0A2D-646A-E9C15AE8490B} - C:\WINDOWS\SYSTEM\ahwrzjna.dll
O2 - BHO: (no name) - {BF45253D-6411-9A2A-237C-C92B559C3A90} - C:\WINDOWS\SYSTEM\fagopnee.dll
O2 - BHO: (no name) - {E9385AF9-3A40-C66F-630F-406A76A213F3} - C:\WINDOWS\SYSTEM\yhfpuvze.dll
O2 - BHO: (no name) - {26989614-8B13-CB39-4F34-0E2D38D88873} - C:\WINDOWS\SYSTEM\czaggppf.dll
O2 - BHO: (no name) - {28762B39-2CD8-7005-5150-DABA9ADA2C24} - C:\WINDOWS\SYSTEM\ddahgjzs.dll
O2 - BHO: (no name) - {676335FA-89D2-97A1-A501-07F2A4A3B90A} - C:\WINDOWS\SYSTEM\mdckepbb.dll
O2 - BHO: (no name) - {679B5EA1-E78D-0926-50FE-AA729CB87686} - C:\WINDOWS\SYSTEM\gqoabory.dll
O2 - BHO: (no name) - {2BD4405E-4C20-1550-D3ED-A7487C5CCFD3} - C:\WINDOWS\SYSTEM\dgabyckg.dll
O2 - BHO: (no name) - {6D361C12-4962-7608-D5D4-919A44BE6016} - C:\WINDOWS\SYSTEM\hcgolupu.dll
O2 - BHO: (no name) - {B3FA9B06-1EDF-78E4-5CEE-0284B6646F2C} - C:\WINDOWS\SYSTEM\ssxbqdrw.dll
O2 - BHO: (no name) - {F5CCC809-5616-3FA5-3451-3455EDF17AE5} - C:\WINDOWS\SYSTEM\igsdoaql.dll
O2 - BHO: (no name) - {76AD6DA6-4BFD-8837-5E48-C450CC46EED5} - C:\WINDOWS\SYSTEM\izgwucyv.dll
O2 - BHO: (no name) - {B6A18684-E16D-2BAB-348E-AA9322D1565F} - C:\WINDOWS\SYSTEM\zjtntynf.dll
O2 - BHO: (no name) - {BA16D776-FF35-E547-E145-68AC5E6A5A3C} - C:\WINDOWS\SYSTEM\tdxphsxk.dll
O2 - BHO: (no name) - {FC678678-B7EA-AC08-3A27-1B7D14F66575} - C:\WINDOWS\SYSTEM\kzkzghoh.dll
O2 - BHO: (no name) - {BE7AFBB7-D8F1-856B-E5F6-EE450A2DD810} - C:\WINDOWS\SYSTEM\aqiozimz.dll
O2 - BHO: (no name) - {FD96908B-878E-FEED-3B36-C08446F7F68D} - C:\WINDOWS\SYSTEM\mmipvpjg.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\SYSTEM\NDRV.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Service Manager] C:\WINDOWS\SYSTEM\SERVICEMGR.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [COM Service] C:\WINDOWS\command\mslbxv.com
O4 - HKLM\..\RunServices: [Winmodem] C:\WINDOWS\SYSTEM\WINMODEM.101\winmodem.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [COM Service] C:\WINDOWS\command\mslbxv.com
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\win32app\MSOffice\Office\MSOFFICE.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Macromedia Shockwave Director Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.104/31057e25614bcc808f05/netzip/RdxIE.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38022.6654976852
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 17, 2004, 07:14:57 PM »

Hi eman, you have  some nasties on your computer, but your running an old
version of hijackthis---delete your copy from the desktop

Important---Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
download from
HERE or HERE

But first:
Download and extract to desktop CWShredder
http://www.majorgeeks.com/download4086.html
Disconnect from the net
With CWShredder open and ALL other windows closed let it FIX
all problems
RESTART your computer

Download and Install the free version of Ad-Aware

CHECK FOR UPDATES---Disconnect from NET
Additional settings for a custom scan
click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

RESTART your computer and then post back with a Fresh Hijackthis log
Logged

 
eman_10021
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #2 on: July 18, 2004, 03:35:42 PM »

thanks for your help.  I did what you suggested and here is new hijack printout:

Logfile of HijackThis v1.98.0
Scan saved at 11:29:12 AM, on 7/18/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\winmodem.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\CVCHOST.EXE
C:\WIN32APP\MSOFFICE\OFFICE\MSOFFICE.EXE
C:\QUICKENW\QWDLLS.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mypoiskovik.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CF6459E3-342C-22A0-5E9C-61A1B8A3752E} - C:\WINDOWS\SYSTEM\zojnbzlo.dll
O2 - BHO: (no name) - {903D90E4-AD32-42D8-A2A3-29D2F8F10A2D} - C:\WINDOWS\SYSTEM\ipxzaujp.dll
O2 - BHO: (no name) - {A2A329D2-F8F1-0A2D-646A-E9C15AE8490B} - C:\WINDOWS\SYSTEM\ahwrzjna.dll
O2 - BHO: (no name) - {BF45253D-6411-9A2A-237C-C92B559C3A90} - C:\WINDOWS\SYSTEM\fagopnee.dll
O2 - BHO: (no name) - {E9385AF9-3A40-C66F-630F-406A76A213F3} - C:\WINDOWS\SYSTEM\yhfpuvze.dll
O2 - BHO: (no name) - {26989614-8B13-CB39-4F34-0E2D38D88873} - C:\WINDOWS\SYSTEM\czaggppf.dll
O2 - BHO: (no name) - {28762B39-2CD8-7005-5150-DABA9ADA2C24} - C:\WINDOWS\SYSTEM\ddahgjzs.dll
O2 - BHO: (no name) - {676335FA-89D2-97A1-A501-07F2A4A3B90A} - C:\WINDOWS\SYSTEM\mdckepbb.dll
O2 - BHO: (no name) - {679B5EA1-E78D-0926-50FE-AA729CB87686} - C:\WINDOWS\SYSTEM\gqoabory.dll
O2 - BHO: (no name) - {2BD4405E-4C20-1550-D3ED-A7487C5CCFD3} - C:\WINDOWS\SYSTEM\dgabyckg.dll
O2 - BHO: (no name) - {6D361C12-4962-7608-D5D4-919A44BE6016} - C:\WINDOWS\SYSTEM\hcgolupu.dll
O2 - BHO: (no name) - {B3FA9B06-1EDF-78E4-5CEE-0284B6646F2C} - C:\WINDOWS\SYSTEM\ssxbqdrw.dll
O2 - BHO: (no name) - {F5CCC809-5616-3FA5-3451-3455EDF17AE5} - C:\WINDOWS\SYSTEM\igsdoaql.dll
O2 - BHO: (no name) - {76AD6DA6-4BFD-8837-5E48-C450CC46EED5} - C:\WINDOWS\SYSTEM\izgwucyv.dll
O2 - BHO: (no name) - {B6A18684-E16D-2BAB-348E-AA9322D1565F} - C:\WINDOWS\SYSTEM\zjtntynf.dll
O2 - BHO: (no name) - {BA16D776-FF35-E547-E145-68AC5E6A5A3C} - C:\WINDOWS\SYSTEM\tdxphsxk.dll
O2 - BHO: (no name) - {FC678678-B7EA-AC08-3A27-1B7D14F66575} - C:\WINDOWS\SYSTEM\kzkzghoh.dll
O2 - BHO: (no name) - {BE7AFBB7-D8F1-856B-E5F6-EE450A2DD810} - C:\WINDOWS\SYSTEM\aqiozimz.dll
O2 - BHO: (no name) - {FD96908B-878E-FEED-3B36-C08446F7F68D} - C:\WINDOWS\SYSTEM\mmipvpjg.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\SYSTEM\NDRV.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Service Manager] C:\WINDOWS\SYSTEM\SERVICEMGR.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [COM Service] C:\WINDOWS\command\mslbxv.com
O4 - HKLM\..\RunServices: [Winmodem] C:\WINDOWS\SYSTEM\WINMODEM.101\winmodem.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [COM Service] C:\WINDOWS\command\mslbxv.com
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\win32app\MSOffice\Office\MSOFFICE.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.104/31057e25614bcc808f05/netzip/RdxIE.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - (no file)

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: July 18, 2004, 05:04:33 PM »

Next round:
We should get most of it this time
Set windows to show hidden files
* Open My Computer.
    * Select the View menu and click Folder Options.
    * Select the View Tab.
    * In the Hidden files section select Show all files.
    * Click OK.

Navigate to this file, I suspect it to be a nasty
Just want to be sure
C:\WINDOWS\command\mslbxv.com <---this file

Right click on it----left click properties---version
What it is related too?
Please submit it to Kapersky for a free virus scan
http://www.kaspersky.com/scanforvirus
Simply navigate to it by clicking the "browse" button
Right click---select--- then "Submit"
I'll assume it is bad for now

RESTART your computer in Safe Mode

Find and delete these files
C:\WINDOWS\command\mslbxv.com <---this file if unknown or bad
c:\windows\cvchost.exe <---this file

While still in safe mode
Do another Scan with Hijackthis and put a check next to these entries and then FIX CHECKED when ALL other windows are closed

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mypoiskovik.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {CF6459E3-342C-22A0-5E9C-61A1B8A3752E} - C:\WINDOWS\SYSTEM\zojnbzlo.dll
O2 - BHO: (no name) - {903D90E4-AD32-42D8-A2A3-29D2F8F10A2D} - C:\WINDOWS\SYSTEM\ipxzaujp.dll
O2 - BHO: (no name) - {A2A329D2-F8F1-0A2D-646A-E9C15AE8490B} - C:\WINDOWS\SYSTEM\ahwrzjna.dll
O2 - BHO: (no name) - {BF45253D-6411-9A2A-237C-C92B559C3A90} - C:\WINDOWS\SYSTEM\fagopnee.dll
O2 - BHO: (no name) - {E9385AF9-3A40-C66F-630F-406A76A213F3} - C:\WINDOWS\SYSTEM\yhfpuvze.dll
O2 - BHO: (no name) - {26989614-8B13-CB39-4F34-0E2D38D88873} - C:\WINDOWS\SYSTEM\czaggppf.dll
O2 - BHO: (no name) - {28762B39-2CD8-7005-5150-DABA9ADA2C24} - C:\WINDOWS\SYSTEM\ddahgjzs.dll
O2 - BHO: (no name) - {676335FA-89D2-97A1-A501-07F2A4A3B90A} - C:\WINDOWS\SYSTEM\mdckepbb.dll
O2 - BHO: (no name) - {679B5EA1-E78D-0926-50FE-AA729CB87686} - C:\WINDOWS\SYSTEM\gqoabory.dll
O2 - BHO: (no name) - {2BD4405E-4C20-1550-D3ED-A7487C5CCFD3} - C:\WINDOWS\SYSTEM\dgabyckg.dll
O2 - BHO: (no name) - {6D361C12-4962-7608-D5D4-919A44BE6016} - C:\WINDOWS\SYSTEM\hcgolupu.dll
O2 - BHO: (no name) - {B3FA9B06-1EDF-78E4-5CEE-0284B6646F2C} - C:\WINDOWS\SYSTEM\ssxbqdrw.dll
O2 - BHO: (no name) - {F5CCC809-5616-3FA5-3451-3455EDF17AE5} - C:\WINDOWS\SYSTEM\igsdoaql.dll
O2 - BHO: (no name) - {76AD6DA6-4BFD-8837-5E48-C450CC46EED5} - C:\WINDOWS\SYSTEM\izgwucyv.dll
O2 - BHO: (no name) - {B6A18684-E16D-2BAB-348E-AA9322D1565F} - C:\WINDOWS\SYSTEM\zjtntynf.dll
O2 - BHO: (no name) - {BA16D776-FF35-E547-E145-68AC5E6A5A3C} - C:\WINDOWS\SYSTEM\tdxphsxk.dll
O2 - BHO: (no name) - {FC678678-B7EA-AC08-3A27-1B7D14F66575} - C:\WINDOWS\SYSTEM\kzkzghoh.dll
O2 - BHO: (no name) - {BE7AFBB7-D8F1-856B-E5F6-EE450A2DD810} - C:\WINDOWS\SYSTEM\aqiozimz.dll
O2 - BHO: (no name) - {FD96908B-878E-FEED-3B36-C08446F7F68D} - C:\WINDOWS\SYSTEM\mmipvpjg.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\SYSTEM\NDRV.DLL

O4 - HKLM\..\Run: [COM Service] C:\WINDOWS\command\mslbxv.com

O4 - HKCU\..\Run: [COM Service] C:\WINDOWS\command\mslbxv.com
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O13 - WWW. Prefix: http://

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.104/31057e25614bcc808f05/netzip/RdxIE.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab

O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - (no file)

Next: while still in safe mode run CWShredder again and let it FIX
all problems

RESTART your computer in Normal mode
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back with a Fresh hijackthis log
Logged

 
eman_10021
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #4 on: July 18, 2004, 05:56:09 PM »

thanks again..here is latest hijack report

Logfile of HijackThis v1.98.0
Scan saved at 1:51:45 PM, on 7/18/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\winmodem.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WIN32APP\MSOFFICE\OFFICE\MSOFFICE.EXE
C:\QUICKENW\QWDLLS.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Service Manager] C:\WINDOWS\SYSTEM\SERVICEMGR.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [COM Service] C:\WINDOWS\command\mslbxv.com
O4 - HKLM\..\RunServices: [Winmodem] C:\WINDOWS\SYSTEM\WINMODEM.101\winmodem.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\win32app\MSOffice\Office\MSOFFICE.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - (no file)

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: July 18, 2004, 06:23:46 PM »

What did Kapersky say about that file?
Can you run this one through it too, thanx
C:\WINDOWS\SYSTEM\SERVICEMGR.EXE <---this file

Find out what it's related too

Have hijackthis fix these entries and let me know about the above
O4 - HKLM\..\Run: [COM Service] C:\WINDOWS\command\mslbxv.com

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - (no file)
RESTART afterwards

This one is considered optional, but I would have hijackthis fix it
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

After restart delete the Limeshop folder
C:\Program Files\LimeShop <---this folder

Post back with a fresh hijackthis log, let me know how your doing
Logged

 
eman_10021
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #6 on: July 18, 2004, 06:39:17 PM »

1)it said mslbxv.com was a virus..as u suspected

2)i cant find the servicemgr.exe file u want me to check

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #7 on: July 18, 2004, 06:55:00 PM »

Can you fix those entries I suggested before you posted back but
include this one too.
O4 - HKLM\..\Run: [Service Manager] C:\WINDOWS\SYSTEM\SERVICEMGR.EXE

RESTART and post back a fresh hijackthis log
Logged

 
eman_10021
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #8 on: July 18, 2004, 07:34:08 PM »

below is revised hijack. also when i reboot i get 2 mesages that i neglected to mention before


1) computer can't find c;\windows\system\scandisk.exe
2) win32 kernel core has received broadcast packett from remote machine..should computer allow access?  [i always say no]


Logfile of HijackThis v1.98.0
Scan saved at 3:27:49 PM, on 7/18/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\winmodem.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WIN32APP\MSOFFICE\OFFICE\MSOFFICE.EXE
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunServices: [Winmodem] C:\WINDOWS\SYSTEM\WINMODEM.101\winmodem.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\win32app\MSOffice\Office\MSOFFICE.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - (no file)

Logged

 
eman_10021
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #9 on: July 18, 2004, 08:07:53 PM »

also, fogot to tell you that my home page no longer defaults to that annoying website that i assume was part of my virus
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #10 on: July 18, 2004, 09:16:33 PM »

I seen this entry in your first log,
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM\Scandisk.exe
but not your next---hmmmm
It may of been of been cleaned by Ad-Aware and allowing that error on startup

Let's try this
With windows showing hidden files

Navigate to this directory
C:\WINDOWS\SYSTEM\Scandisk.exe <---this file if it exists

It's not in the right place, if it's there can you send it to the recycle bin

Post back, let me know how it's going
The prompt at startup regarding this----win32 kernel
is probably from sygate firewall--put a check in always remember next
time you say no.... See if it disappears
« Last Edit: July 18, 2004, 09:18:25 PM by benditup » Logged

 
eman_10021
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #11 on: July 19, 2004, 10:55:21 PM »

thanks again...i think the problem has been solved..but just in case, here is hijack

Logfile of HijackThis v1.98.0
Scan saved at 6:52:29 PM, on 7/19/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\winmodem.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WIN32APP\MSOFFICE\OFFICE\MSOFFICE.EXE
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MOBSYNC.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunServices: [Winmodem] C:\WINDOWS\SYSTEM\WINMODEM.101\winmodem.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\win32app\MSOffice\Office\MSOFFICE.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - (no file)

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #12 on: July 19, 2004, 11:19:30 PM »

Looks good eman

You can have hijackthis fix this entry too
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - (no file)

You should install these 2 apps., they add extra security while
silently protecting you without running in the background
 
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
http://www.bleepingcomputer.com/forums/index.php?showtutorial=53

With both---Check for updates every couple of weeks

READ THIS
How did I get Infected

Benditup Smiley
Logged

 
eman_10021
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #13 on: July 19, 2004, 11:28:27 PM »

will do ..and thanks again
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #14 on: July 19, 2004, 11:40:18 PM »

I'll lock this topic then, If you need it reopened PM a Mod
Supply a link to this thread
benditup
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 03, 2018, 02:19:05 PM