Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I would very much appreciate help with this HT log. I have a popup that won't go away. I have run CW Shredder, Spyware Blaster, Spybot S&D, and AdAware. I ran them 24 hours ago, and popup just returned. I ran them all again, rebooted, and did a HT log just now. Thank you in advance,
laurat
Logfile of HijackThis v1.97.7
Scan saved at 1:38:03 PM, on 12/11/2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.exe
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.exe
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.exe
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.exe
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.exe
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.exe
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\EFAX\DLLCMD32.exe
C:\PROGRAM FILES\WINTV\IR.exe
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.exe
C:\PROGRAM FILES\COMMON FILES\EFAX\HOTTRAY.exe
C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.exe
C:\SMARTDSK\FLASH\SDSTAT.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PALM\HOTSYNC.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\DESKTOP\LAURA\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.exe /autorun
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.exe -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Startup: AutoStart IR.lnk = C:\Program Files\WinTV\ir.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Startup: FlashPath Status.lnk = C:\SMARTDSK\FLASH\SDSTAT.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Netnews (HKCU)
O12 - Plugin for .eid: C:\PROGRA~1\INTERN~1\PLUGINS\NPIPRT32.DLL
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {B534D8C5-72CE-11D3-80A2-0050DA1AB5D6} (Shutterfly.com Uploader Control) - http://web1.shutterfly.com/assets/downloads/Uploader.cab
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {C7ADE150-743D-11D4-8141-00E029626F6A} - http://207.99.21.221/al/kernell32.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37964.7697222222
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {B5ED2DB1-5728-4355-94F0-4A1C856B88F2} (GUNID.UNID) - http://www.anywebcam.com/awc/GUNID.CAB
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
hey LAURAT,
RUNNING PROCESSES
1) I don't see anything really offensive in your running processes... however, these lines I wonder about:This entry may be related to NetPal/Prize Popper. I say MIGHT:
'C:\WINDOWS\SYSTEM\KERNEL32.DLL'
don't know about this:
'C:\WINDOWS\SYSTEM\SPOOL32.EXE'
(i think this is a legitimate process in win98, but i am not certain as the process:
'MS SPOOL32.EXE' is related to the ASSASSIN Virus. don't remove this unless somebody else can confirm that its a threat)OTHER:
2) If you don't recognize this entry:
'O9 - Extra button: Netnews (HKCU)'
get rid of it.3) this entry is NetPal/Prize Popper:
'O16 - DPF: {C7ADE150-743D-11D4-8141-00E029626F6A} - http://207.99.21.221/al/kernell32.cab'
FIX IT.4)this entry is related to Edise Malware
'O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -'
FIX IT.YOu have many entries in here that I am not familar with. What's more important is that YOU are familiar with them (like the Ofoto and Shutterfly entries).
In addition, there may be removal tools that I am not familiar with for the problematic entries mentioned.
Run Hijack this and fix the specified entries, or search the forums for the named items.
Perhaps more info is already available.
GOOD LUCK!
AOSCLAY
0 
 |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
