|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Guzzijeep
Cadet
Joined: Jun 02, 2004
Posts: 3
Location: USA
|
 Posted: Fri Jun 04, 2004 3:00 pm Post subject: Doing Battle With Hijackers and Searchbars: HJT Log |
|
|
I have been doing battle with various hijackers and recently got a searchbar entity on the bottom of the screen, along with a hijack. I am using Windows 95.
I ran CWS Shredder, Adaware and Spybot S&D. I got rid of the hijack and the toolbar, I think, but now I cannot access the internet using IE. I still get email, and can do things such as MIRC Chat. I just can't view any sites. Also, I cannot change my settings as I get an error message.
I need a plan of attack and your help. I ran Hijack This and here are the results: Enjoy, and thanks in advance!!!
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIASCAPE\HP ONE-TOUCH KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\MEDIASCAPE\HP ONE-TOUCH KEYBOARD\MMKEYBD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customi....yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F1 - win.ini: load=C:\HP\REGISTER\remind.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BillMinder] C:\QWSE\BILLMIND.EXE
O4 - HKLM\..\Run: [Keyboard Manager] C:\PROGRA~1\MEDIAS~1\HPONE-~1\KEYBDMGR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\McAfee\VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [NomdCheck] C:\RealTime\Setup\naudiort\None\nomdchek.exe
O4 - HKLM\..\Run: [SystemWizard Sniffer] C:\Program Files\Common Files\SystemSoft\sniffer.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [5lsk5imli0] C:\WINDOWS\MN45E3OU35.EXE
O4 - HKLM\..\Run: [Windows System Object] C:\WINDOWS\system32\winsysrun.vbe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Fgpho9w.exe] C:\WINDOWS\TEMP\FGPHO9W.EXE
O4 - HKLM\..\Run: [Eubdar.exe] C:\WINDOWS\TEMP\EUBDAR.EXE
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\McAfee\VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\system.exe
O4 - HKCU\..\Run: [sr64] C:\WINDOWS\SYSTEM\SR64\KKNMELLJ.EXE
O4 - HKCU\..\Run: [Windows System Object] C:\WINDOWS\system32\winsysrun.vbe
O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe
O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe
O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exe
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Microsoft Office Find Fast Indexer.lnk = C:\MSOffice\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Startup: MSN Quick View.lnk = C:\Program Files\ONMSN\MSNDC.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: ScanDisk.lnk = C:\WINDOWS\SCANDSKW.EXE
O4 - Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003...scan53.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c...st0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c...pi_416.dll
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe |
|
| Back to top |
|
 |
Mosaic1
Site Moderator
Joined: Jan 15, 2004
Posts: 4758
Location: USA
|
| Posted: Sat Jun 05, 2004 2:08 am Post subject: |
|
|
| Quote: |
| Also, I cannot change my settings as I get an error message |
Which settings and What are the errors. Exact wording please.
If you have IE 5 or above See if an IE repair helps. Go to Control Panel>Add Remove Programs. Find the Internet Explorer entry and click Remove. Three options will appear. Choose Repair. See if that gets you back.
-----------------
If you still can't and have installed the Winsock2 Update you can use the lspfix to try and regain internet access.
http://www.cexx.org/lspfix.zip
Run it and press the finish button to do the repair.
-------------------
If you get on the internet then Go for free online Virus scans here:
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/
Allow them to clean
----------------
Looking at your log you have some problems.
Select these items and press fix checked:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [5lsk5imli0] C:\WINDOWS\MN45E3OU35.EXE
O4 - HKLM\..\Run: [Windows System Object] C:\WINDOWS\system32\winsysrun.vbe
O4 - HKLM\..\Run: [Fgpho9w.exe] C:\WINDOWS\TEMP\FGPHO9W.EXE
O4 - HKLM\..\Run: [Eubdar.exe] C:\WINDOWS\TEMP\EUBDAR.EXE
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\system.exe
O4 - HKCU\..\Run: [sr64] C:\WINDOWS\SYSTEM\SR64\KKNMELLJ.EXE
O4 - HKCU\..\Run: [Windows System Object] C:\WINDOWS\system32\winsysrun.vbe
O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe
O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe
O4 - Startup: Microsoft Office Find Fast Indexer.lnk = C:\MSOffice\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
Restart the computer.
Delete these files if they still exist:
C:\WINDOWS\MN45E3OU35.EXE
C:\WINDOWS\system32\winsysrun.vbe
C:\WINDOWS\TEMP\FGPHO9W.EXE
C:\WINDOWS\TEMP\EUBDAR.EXE
C:\WINDOWS\SYSTEM\SR64\KKNMELLJ.EXE
C:\WINDOWS\system32\winsysrun.vbe
C:\WINDOWS\runwin32.exe
C:\WINDOWS\wininet32.exe
C:\WINDOWS\SYSTEM\DP-HIM.EXE
Go to C:\windows\temp
Select all files and delete.
---------------
I have to tell you that Windows95 and the Internet Explorer version it supports are very unsecure.
If you can, you do need to get a newer version of Windows.
As it stands now you are at risk for any number of problems.
I also see you are running both McAfee and AVG.
Two AV's can cause problems and conflicts. Run only one AV at a time.
I don't see a Firewall.
|
|
| Back to top |
|
|
Guzzijeep
Cadet
Joined: Jun 02, 2004
Posts: 3
Location: USA
|
| Posted: Wed Jun 09, 2004 2:01 pm Post subject: |
|
|
Thank You for your prompt initial reply. Lets start with the error: When I go to START>SETTINGS>CONTROL PANEL this opens up fine. If I click on anything in the Control Panel, that is when this error message occurs.
C:\WINDOWS\rundll32.exe is not a valid WIN32 application
So, as you can see, I cannot get to Add/Remove Programs because of this error.
I did not have a chance to shut down McAfee AV. Do I just right click on it and turn it off, or does the program need to be removed to prevent conflicts?
As far as an updated OS, I would like to go to at least Windows 98, if not newer. What info about my computer do I need to decide what I am able to upgrade to without problems?
Thanks again for your help. And now, without further adieu.
The new log looks like this:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\hp\register\REMIND.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIASCAPE\HP ONE-TOUCH KEYBOARD\KEYBDMGR.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEMSOFT\SNIFFER.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RunDLL.EXE
C:\PROGRAM FILES\MEDIASCAPE\HP ONE-TOUCH KEYBOARD\MMKEYBD.EXE
C:\TOOLS_95\IMGICON.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\MSAC-FD1\MSSTAT.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\NETSCAPE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customi....yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F1 - win.ini: load=C:\HP\REGISTER\remind.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BillMinder] C:\QWSE\BILLMIND.EXE
O4 - HKLM\..\Run: [Keyboard Manager] C:\PROGRA~1\MEDIAS~1\HPONE-~1\KEYBDMGR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\McAfee\VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [NomdCheck] C:\RealTime\Setup\naudiort\None\nomdchek.exe
O4 - HKLM\..\Run: [SystemWizard Sniffer] C:\Program Files\Common Files\SystemSoft\sniffer.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\McAfee\VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exe
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: MSN Quick View.lnk = C:\Program Files\ONMSN\MSNDC.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: ScanDisk.lnk = C:\WINDOWS\SCANDSKW.EXE
O4 - Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003...scan53.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c...st0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c...pi_416.dll |
|
| Back to top |
|
|
Guzzijeep
Cadet
Joined: Jun 02, 2004
Posts: 3
Location: USA
|
| Posted: Mon Jun 14, 2004 9:48 am Post subject: |
|
|
| BTTT |
|
| Back to top |
|
|
Mosaic1
Site Moderator
Joined: Jan 15, 2004
Posts: 4758
Location: USA
|
| Posted: Mon Jun 14, 2004 11:40 am Post subject: |
|
|
You need a new copy of rundll32.exe
Do you have your install CD? Or the cabs on the hard drive ?
In the meantime to open Add Remove Programs try this:
Go to Start>Run
Copy and paste in this command and then press enter:
control.exe appwiz.cpl
MS has Minimum Requirements for each OS on their website. Here's the page for 98. I can tell you those are really not enough. The RAM should really be 64 MB.
http://support.microsoft.com/default.aspx?scid=182751 |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
