Hijack this log

Computing.Net > Forums > Windows 95/98 > Hijack this log

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Hijack this log

Name: sdlutz
Date: January 3, 2004 at 13:45:05 Pacific
OS: Windows 2000
CPU/Ram: P4 2.0Gb/512 RAM

Comment:

Can someone please help with my this? My comp has been running very slow lately and I keep deleting spyware, but here is my log file from HT, I need as much removed as possible. Thank
Logfile of HijackThis v1.97.7
Scan saved at 4:40:34 PM, on 1/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Winamp\Winampa.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\r3proxy.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\windows\cdt_bbi8016.com
C:\WINDOWS\System32\tbctray.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\windows\winstart32.exe
C:\Documents and Settings\Shane Lutz\Application Data\crms.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AproposClient\Apropos.exe
C:\Documents and Settings\Shane Lutz\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\program files\Adobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {28B1A443-2058-4D18-B3EE-20D1E4A1A003} - C:\WINDOWS\system32\aqbleiw.dll
O2 - BHO: (no name) - {5920FC94-2D83-4977-80D5-70B18AF767BA} - C:\WINDOWS\system32\moz030715s.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {A69C51BB-61CC-46ED-B03E-884AC542C170} - C:\WINDOWS\System32\dplajy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - (no file)
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Fellowes Proxy] C:\WINDOWS\System32\r3proxy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [cdt_bbi8016] C:\windows\cdt_bbi8016.com
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Winstart] C:\windows\winstart32.exe
O4 - HKCU\..\Run: [Dits] C:\Documents and Settings\Shane Lutz\Application Data\crms.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\RunServices: [Winstart] C:\windows\winstart32.exe
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = C:\Documents and Settings\Shane Lutz\Local Settings\Temp\ins4.tmp\dlgli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37741.0373032407
O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://traffichog.com/toolbar/bmeb.cab

Sponsored Link

Ads by Google

Response Number 1

Name: Abnormal
Date: January 3, 2004 at 14:59:48 Pacific

Reply:

Share a file, share a virus.

Put a checkmark next to these, and have
hijackthis fix them.

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {28B1A443-2058-4D18-B3EE-20D1E4A1A003} - C:\WINDOWS\system32\aqbleiw.dll
O2 - BHO: (no name) - {5920FC94-2D83-4977-80D5-70B18AF767BA} - C:\WINDOWS\system32\moz030715s.dll
O2 - BHO: (no name) - {A69C51BB-61CC-46ED-B03E-884AC542C170} - C:\WINDOWS\System32\dplajy.dll
O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - (no file)
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O4 - HKLM\..\Run: [cdt_bbi8016] C:\windows\cdt_bbi8016.com
O4 - HKCU\..\Run: [Winstart] C:\windows\winstart32.exe
http://www.symantec.com/avcenter/venc/data/w32.hllw.purol.html
O4 - HKCU\..\RunServices: [Winstart] C:\windows\winstart32.exe
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab
http://www.kephyr.com/spywarescanner/library/coderdialer/index.phtml
Reboot and
remove this folder: AproposClient
Uninstall Coder Dialer from "Add/Remove Programs" in the Windows� Control Panel
Do an
online scan, remove what it finds.
http://www.ravantivirus.com/scan/
Good luck

abnormal

Response Number 2

Name: Bekka
Date: January 3, 2004 at 17:25:28 Pacific

Reply:

Alright, after reading this, I'm hoping someone can help me. I know absolutely nothing about computers. I wasn't interested in being computer savvy until a week ago when i recieved a phone bill from AT&T charging me close to $100 for a 2 minute call to "gui-bissau" . After some investigation, I was informed that this is do to a porn pop-up and i could get rid of it by using hijacker.exe. Needless to say, I was grateful for the advice....until I looked at the hijackthis.exe log... *Insert look of massive confusion* Anyway, back to my original question: could anyone tell me what I should delete? Logfile of HijackThis v1.97.7
Scan saved at 7:57:53 PM, on 1/3/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\OFFICE51\SOINTGR.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\ATICWD32.exe
C:\WINDOWS\SYSTEM\ATITASK.exe
C:\PROGRAM FILES\ESOFT\EBOARD\EBOARD.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\LAUNCHER.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\WINDOWS\SYSTEM\MSHTA.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.exe
C:\PROGRAM FILES\INSTANT MESSENGER\AIM.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\PROGRAM FILES\MINDSPRING 4.0\MID4.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\DOWNLOAD\HOLYPICKLE22\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.jetseeker.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.jetseeker.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://193.125.201.50
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.jetseeker.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jetseeker.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.mindspring.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MindSpring Internet Services
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://193.125.201.50
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50024
R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\PROGRAM FILES\COMMON FILES\OE\SEARCH.DLL
O1 - Hosts: 193.125.201.50 ie.search.msn.com
O1 - Hosts: 193.125.201.50 sitefinder.verisign.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\CNBABE.DLL (file missing)
O2 - BHO: (no name) - {C0F13D5A-DD66-C419-F9E8-4FC9638AD5F4} - C:\windows\system\kppbugfs.dll
O2 - BHO: (no name) - {B5A3A82A-525E-E259-2891-C37EC2EA99A2} - C:\windows\system\grxudzmk.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\SYSTEM\SSURF022.DLL
O2 - BHO: (no name) - {D319662B-D5BF-4538-ADF3-8D3E36362608} - C:\WINDOWS\ALL USERS\APPLICATION DATA\X0FF\X0FF.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.exe /l
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.exe
O4 - HKLM\..\Run: [eMachine eBoard] C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.exe -startgui
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\SYSTEM\Launcher.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [mjfhbkcp] C:\WINDOWS\wmgbligq.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\SYSTEM\SSUpdate.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.exe /AUTORUN
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\INSTANT MESSENGER\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00052\4600981.exe -remove
O4 - HKCU\..\Run: [SPYKILLER] C:\PROGRAM FILES\SPYWARE KILLER\SPYWAREKILLER.exe /BOOT
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O9 - Extra button: MindSpring (HKCU)
O11 - Options group: [CommonName] CommonName
O14 - IERESET.INF: START_PAGE_URL=http://start.mindspring.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Control) - http://communities.msn.com/scr/MsnPUpld.cab
O16 - DPF: GraphicalChat Application - http://www.onchat.com/ChatWorld/chat-signed-ie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37699.7710763889
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O19 - User stylesheet: c:\windows\my.css

This is a shared computer, so I don't know what's what, what DOES what, and who downloaded what... Could someone help me, please? lol.

Response Number 3

Name: Abnormal
Date: January 3, 2004 at 18:41:57 Pacific

Reply:

Hi Bekka, you have a mess there.
Let's do this in steps.
Run Ad-Aware and cwshredder,
Download Ad-Aware and update it.
http://www.lavasoftusa.com/support/download/
From lavasoft faqs.
Use the Custom Scan with Memory and Both registry scans ON for your first scan.
I keep it at that setting.
Also.... make sure that you activate IN-DEPTH scanning before you proceed.
Actually you should always use IN-DEPTH scanning whichever mode you choose.
This will be made a default setting in Ad-aware 6.2 when released.
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
"Unload recognized processes during scanning."
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
"Let Windows remove files in use after reboot."
Next...
Run Ad-aware 6
fix everything it finds.
Run cwshredder also, click fix and let it do it's job.
cwshredder.zip

cwshredder.exe
Post a new log after you do this.

abnormal

Response Number 4

Name: Abnormal
Date: January 3, 2004 at 21:11:00 Pacific

Reply:

By the way, this is your dialer.
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00052\4600981.exe -remove
http://securityresponse.symantec.com/avcenter/venc/data/dialer.haldex.html

Response Number 5

Name: Bekka
Date: January 3, 2004 at 21:12:25 Pacific

Reply:

Alright, it took a while, but here's the new log

Logfile of HijackThis v1.97.7
Scan saved at 12:05:52 AM, on 1/4/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\OFFICE51\SOINTGR.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\ATICWD32.exe
C:\WINDOWS\SYSTEM\ATITASK.exe
C:\PROGRAM FILES\ESOFT\EBOARD\EBOARD.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\LAUNCHER.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.exe
C:\PROGRAM FILES\INSTANT MESSENGER\AIM.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.exe
C:\DOWNLOAD\HOLYPICKLE22\HIJACKTHIS.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.mindspring.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MindSpring Internet Services
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50024
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C0F13D5A-DD66-C419-F9E8-4FC9638AD5F4} - C:\windows\system\kppbugfs.dll
O2 - BHO: (no name) - {B5A3A82A-525E-E259-2891-C37EC2EA99A2} - C:\windows\system\grxudzmk.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {D319662B-D5BF-4538-ADF3-8D3E36362608} - C:\WINDOWS\ALL USERS\APPLICATION DATA\X0FF\X0FF.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.exe /l
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.exe
O4 - HKLM\..\Run: [eMachine eBoard] C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.exe -startgui
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\SYSTEM\Launcher.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [mjfhbkcp] C:\WINDOWS\wmgbligq.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.exe /AUTORUN
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\INSTANT MESSENGER\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00052\4600981.exe -remove
O4 - HKCU\..\Run: [SPYKILLER] C:\PROGRAM FILES\SPYWARE KILLER\SPYWAREKILLER.exe /BOOT
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.exe" "+b1"
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: MindSpring (HKCU)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.mindspring.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Control) - http://communities.msn.com/scr/MsnPUpld.cab
O16 - DPF: GraphicalChat Application - http://www.onchat.com/ChatWorld/chat-signed-ie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37699.7710763889
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

iphone calendar week view ntds.dit sentry.exe	msn block checker css global navigation email this page link
See More

Response Number 6

Name: Abnormal
Date: January 4, 2004 at 06:56:40 Pacific

Reply:

Hi Bekka, put a checkmark next to these and
reboot.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50024
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C0F13D5A-DD66-C419-F9E8-4FC9638AD5F4} - C:\windows\system\kppbugfs.dll
O2 - BHO: (no name) - {B5A3A82A-525E-E259-2891-C37EC2EA99A2} - C:\windows\system\grxudzmk.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {D319662B-D5BF-4538-ADF3-8D3E36362608} - C:\WINDOWS\ALL USERS\APPLICATION DATA\X0FF\X0FF.DLL
O4 - HKLM\..\Run: [mjfhbkcp] C:\WINDOWS\wmgbligq.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00052\4600981.exe -remove
O4 - HKCU\..\Run: [SPYKILLER] C:\PROGRAM FILES\SPYWARE KILLER\SPYWAREKILLER.exe /BOOT
I may have missed something, but Ad-Aware
cleaned alot.
I don't trust that spywarekiller, not sure
if that's the bad one or fake.
Some killers give you spyware, check the
link under my name for prevention tips.
Good luck

Response Number 7

Name: Bekka
Date: January 4, 2004 at 15:15:48 Pacific

Reply:

Oh, wow. Thanks so much. ^.^

Response Number 8

Name: Abnormal
Date: January 4, 2004 at 15:38:47 Pacific

Reply:

Your welcome, if you have anymore problems,
post in the Security and Spyware forum.
Take care, because we care.

abnormal

Response Number 9

Name: joebobjingo
Date: February 2, 2004 at 18:45:40 Pacific

Reply:

I'm having similar issues with one of my systems...Problems with Tonex00052 attached to my desktop, and my Internet Explorer seems to have been hijacked by a phony search engine...I've tried using several different antivirus programs, but to no avail...I'm not even sure if it in fact is a virus, sounds more like Spyware I guess...Can anyone help me to get rid of this and to prevent it in the future?...Thanks!

Sponsored Link

Ads by Google

Start computer key not wo...

can't read entire line .....

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows 95/98 Forum Home

Sponsored links

Ads by Google

Results for: Hijack this log

Hijack This Log

Summary

www.computing.net/answers/windows-95/hijack-this-log/151673.html

CWShredder and Hijack-this logs

Summary

www.computing.net/answers/windows-95/cwshredder-and-hijackthis-logs/149858.html

hijack this scan results - help!

Summary

www.computing.net/answers/windows-95/hijack-this-scan-results-help/145317.html

From the Geek Dictionary
WOW - Not to be mistaken for an exclamation of surprise, the acronym WOW or WoW i...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
how to delete this virus([AutoRun] open=9b9w)

Backdoor.sdbot trojan

importing mail and favorites files

If strings match insert newline

win.ini changed, I think

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

Guy Quits Job With Error Message

Verizon Takes on Sprint's 3G Network (And Wins)

iPhone Consumes 50% World's Mobile Data Traffic

TV Market to Launch Cross-Platform App Store

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE