MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Hijackthis log for an inst.exe problem
August 19, 2019, 05:11:31 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
August 19, 2019, 05:11:31 PM

Login with username, password and session length
 
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Hijackthis log for an inst.exe problem  (Read 2331 times)
oryanyo
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« on: October 12, 2004, 04:14:16 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows Me
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



I tried using previous replies concerning dialeradmin to remedy my problem, and the topic "Dialeradmin related problem, HJT log inside, Help" posted by Dorktron9000 was very useful but not enough.

I have AdAware, updated. I also use ZoneAlarm. Lately I've been getting DOS dialoge boxes with the name "inst" popping up that direct me to a dialeradmin page. "http://www.dialeradmin.com/cgi-bin/err4.cgi?prog=ldr&ver=4.000&code=9&info=&aid=124782&skid=sk001&langid=&winver=Win+9x+4.90;3000;6.0.2800.1106&ci=1-51", that says "There seems to be a problem preventing you from proceeding at this time. The error that occured was: Download error #9 Please try again later."

The inst.exe is in (C:) and there is another suspicious file called "124782.exe" with an icon of a woman's face. I deleted them, but after restart the computer they are there again. There is also a folder "WebSiteViewer" in (C:Program Files/) that I can
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: October 12, 2004, 08:36:45 AM »

Hi
Close any browser windows and run hjt in safe mode and remove these items from your log.Any files and folders that have been highlighted will also need to be removed from your hard drive.Still in safe mode run "SpyBot S&D" and fix all it finds.Please post a new log when finished.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = Borre esta entrada
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = Borre esta entrada
O2 - BHO: (no name) - {9FDA8741-F681-BF38-B5E2-2333F58D217E} - Borre esta entrada (file missing)
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - Borre esta entrada (file missing)
O2 - BHO: flyqatun - {9FC87DFB-57C0-C7C2-3E0C-A94E2103E829} - C:\WINDOWS\SYSTEM\FLYQATUN.DLL (file missing)
O4 - HKLM\..\Run: [OELoader] C:\WINDOWS\Downloaded Program Files\OELoader.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/218abcbee7618708b605/netzip/RdxIE601_es.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht!http://www.alarm-works.com/tx.chm::/ai.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {EAAB55CB-9D6E-457A-A10B-4AAEC8317CFC} -
O16 - DPF: {D7B3E460-9968-4191-BD6F-BEED1BC18482} (Loader Class) - http://www.orbitexplorer.com/OELoader.cab


Logged

An Australian Member of

EDDY
oryanyo
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #2 on: October 13, 2004, 05:58:59 AM »

Hi

Thank you for the support. I made just what you told me.
The Spybot S&D found 555 objects and fixed them all, but there was only one diference between the HJT log after I delete what you told me and the HJT log after running the Spybot. Is that important?
This are the three processes that didn
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: October 13, 2004, 06:20:40 AM »

Your log is now ok.We will leave it as it is.There is nothing to harm you.
Yes Inmunize with Spybot and keep it updated.Also get "Adaware" and update and run it on a regular basis."SpywareBlaster" is good as it will run all the time and help prevent spyware from being installed.Again,keep it updated.
Logged

An Australian Member of

EDDY
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: October 14, 2004, 01:28:07 AM »

Hi oryanyo and Pancake, can you please have hijackthis fix these entries.
The "no file" entries to Corel Network look like leftovers, but they are related to a hijack, I just can't find the link right now that explains it Grin

O3 - Toolbar: (no name) - {265EAE8A-20B0-0B97-9ADC-36F6B725BF75} - Borre esta entrada (file missing)

O9 - Extra button: Corel Network monitor worker - {6004579A-BD5D-45A9-ADEF-415085F70516} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {6004579A-BD5D-45A9-ADEF-415085F70516} - (no file)
O9 - Extra button: Corel Network monitor worker - {6004579A-BD5D-45A9-ADEF-415085F70516} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {6004579A-BD5D-45A9-ADEF-415085F70516} - (no file) (HKCU)

O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} (CQD2Loader Object) - http://smartdownloader.com/installer.dll


RESTART your computer and post one more fresh log
Logged

 
oryanyo
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #5 on: October 14, 2004, 02:37:41 AM »

Hi
Thanks for your help benditup.
Here is the new logfile:

Logfile of HijackThis v1.98.2
Scan saved at 23:33:28, on 13-10-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\ARCHIVOS DE PROGRAMA\WINPOET BROADBAND CONNECTION\WINPPPOVERETHERNET.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCAPP.EXE
C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.EXE
C:\ARCHIVOS DE PROGRAMA\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\ARCHIVOS DE PROGRAMA\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\ARCHIVOS DE PROGRAMA\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\ARCHIVOS DE PROGRAMA\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\ARCHIVOS DE PROGRAMA\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\ARCHIVOS DE PROGRAMA\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARCHIVOS DE PROGRAMA\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://correo.uai.cl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://correo.uai.cl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://correo.uai.cl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://correo.uai.cl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://correo.uai.cl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://correo.uai.cl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://correo.uai.cl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
Logged

 
lazkyr
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1


Bookmark and Share

View Profile
« Reply #6 on: November 09, 2004, 10:42:59 AM »

I am having the same problem with inst.exe.I will follow the instructions to solve it, but for now I want to ask something about it. How dangerous is this program? Is this a trojan dialer? Can it redirect an active dialup connection to pay sites or it dials up connections when you dont want it?
Thanks in advance
Logged

 
Red Sox Rebel
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #7 on: January 16, 2005, 06:57:18 PM »

the same thing is happening with me http://www.dialeradmin.com/cgi-bin/err4.cgi?prog=ldr&ver=4.000&code=2&info=0,2ee7&aid=125710&skid=&langid=&winver=Windows+NT+5.1;2600;6.0.2800.1106&ci=1-12 but it is erorr #2 and im not a wiz kid with computers so i need some help.  it opens atomaticlly and i can't play Half life 2 or Joint ops but i can play Call Of Duty but it pops up every ten minutes or so and i really need some simple instructions please help,
thanks
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #8 on: January 16, 2005, 07:26:26 PM »

Ok first START your own Thread .. here:
http://www.mytechsupport.ca/support/forum.asp?FORUM_ID=27



Then..Download Hijackthis
---Important---Create a permanent folder
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
Download from here
http://aumha.org/downloads/hijackthis.exe

Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
in YOUR new Thread in the Security & Virus Forum... Don't try and fix anything yet----most entries are harmless and needed.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page October 29, 2018, 03:42:41 AM