|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
||||
|
||||
Ie not working (Hijack Log inside)
Can you guys check this log for a friend of mine
![]() Logfile of HijackThis v1.97.7 Scan saved at 4:07:26 PM, on 3/31/04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v4.72 SP1 (4.72.3110.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE C:\WINDOWS\MWSVM.EXE C:\PROGRAM FILES\ISO LONG SEEK\BIBSHIMPLAN.EXE C:\SYS_AI_CLIENT_LOADER.EXE C:\PROGRAM FILES\PRECPOP2\PRECPOP2.EXE C:\WINDOWS\WAST.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\AIM95\AIM.EXE C:\MY DOCUMENTS\DOWNLOAD\CRAZEDDEPPFAN\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/index.html?http://msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = metrocom R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Team Thunk Global - {BCA79C61-E08C-C7CA-4F2E-5BE2D55306D8} - C:\PROGRAM FILES\PLUS BYTE\README32.DLL O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file) O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\ADROAR.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe O4 - HKLM\..\Run: [precpop2] "C:\Program Files\Precpop2\starter.exe" O4 - HKLM\..\Run: [Messplatform] C:\PROGRA~1\iso long seek\Bibshimplan.exe O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE O4 - HKLM\..\Run: [AutoLoadermsvcp60] "C:\SYS_AI_CLIENT_LOADER.EXE" O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST O4 - HKLM\..\Run: [PGStub.exe] C:\DP-B23011805.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O11 - Options group: [TB] Toolbar O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/IAicm.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/flash.cab O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_40/QDow.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/payload2.cab O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab |
#2
|
||||
|
||||
Hi Enat - Firstly, download, unzip and run LSPFix.exe from here and remove inetadpt.dll from the winsock layers. In order to do this, click the "I know what I'm doing" checkbox and check all instances of inetadpt.dll (and nothing else). Then move all checked files to the "Remove" pane and click Finish and reboot.
There is a load of junk that log. Ad-Aware should get rid of a lot of it. Download the latest version of Ad-Aware from here (if you already have Ad-Aware installed, make sure that it is the latest version and always go online and update it before you run it). After installing AAW, and before running the program, you must FIRST update the reference file following these instructions. (and you must always do this before you run the program at any later date). Now do the following: Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine: check: "Unload recognized processes during scanning." Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine: Check: "Let Windows remove files in use after reboot." Press "Scan Now" - Check option "Use Custom scanning options" - Check option "Activate In-Depth Scan" - Press "Select drives\folders to scan" - Select the active partition which is usually C: Now press "Next" to let Ad-aware scan your drives. It will find a number of spyware files and registry keys. Right-click in that pane and choose "select all" Now press "Next" again. It will ask you whether you'd like to remove all checked items. Click OK. Finally, close Ad-Aware, and reboot. Run Hijack This again and post back a new log. |
#3
|
||||
|
||||
Alright thanks, I had her run spybot before the log but I didn't have her update it. I'll tell her to do that stuff and then I'll get back to you, thanks
![]() |
#4
|
||||
|
||||
You are welcome enat but try Ad-Aware instead of Spybot this time.
|
#5
|
||||
|
||||
Sorry it took so long AM
![]() She also mentioned something about ad-aware said it couldn't remove: c:windows/system/msg121.dll and she said that something gives her an error about that at startup. She said that IE still doesn't work but that it takes a lot less time to start up her computer...looks like we are on the right track. Logfile of HijackThis v1.97.7 Scan saved at 10:27:47 PM, on 4/14/04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v4.72 SP1 (4.72.3110.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\AIM95\AIM.EXE C:\MY DOCUMENTS\DOWNLOAD\CRAZEDDEPPFAN\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = metrocom R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O11 - Options group: [TB] Toolbar O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: |
#6
|
||||
|
||||
Hi enat - Close IE and all open windows and run Hijack This again. Check the below entries and click on Fix Checked.
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe O11 - Options group: [TB] Toolbar When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts), make sure that you can view view hidden files and folders and run a search for and delete the below folders/files in bold. C:\WINDOWS\mwsvm.exe C:\WINDOWS\frsk.exe Reboot again. Now when you say IE doesnt work, I cannot say that I am surprised. I have just realised that your friend is running Internet Explorer 4.01 ![]() When you have done this, post back a new log and let us know if she still cannot connect. Removing msg121.dll requires special handling. Will you be there to help her? |
#7
|
||||
|
||||
Alright thanks, I'll have her do the things when I get a chance. I also just realised she was running 4.01, I'll burn IE to a disk for her and have her install it. I don't know if I can be there to help her remove msg121.dll. She's a new friend of mine and I don't know her all that well yet.
Thanks once again ![]() |
#8
|
||||
|
||||
No problem enat. If she can get online after installing IE6, tell her to go here and download and run Killbox (not the beta).
Unzip to a new folder and doubleclick on KillBox.exe to run the program. Check all three Options: Create a backup before deleting file. Create a Killbox Session Log. Enable msg121.dll option. Next, go to "Find" and select "Find msg[].dll. When the list appears, click on "File" > "Create Log" and copy and paste it back in this thread. Do not make any changes without advice. To do so, could cripple her OS. |
#9
|
||||
|
||||
Thanks again AM, but there is another problem, I asked her to tell me how much space is on her harddrive. There is like a hundred megabytes left in the C and only 600megs in the D drive. I'll assume the windows files are on the C drive. Is there a way to install IE so it's on the D drive when the windows files are on the C? I typed out instructions for her to remove the mwsvm.exe & frsk.exe, hopefully that will help her get online without having to upgrade to 6.0. If I were there, I'd give her my 8gig harddrive, but there's not a chance she could install it on her own.
|
#10
|
||||
|
||||
Hi enat, she is going to have to clean up her C drive. I dont know what size her drive is but 100MB's of free space only is asking for trouble if she runs Defrag.
Has she run Disk Cleanup? If not tell her to do so and uninstall any unused programs. If she has saved large music files, they can be stored on her D drive. |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
please help get rid of trojan virus. hijack this inside | youngmonc | Malware Removal | 10 | May 21st, 2006 05:25 AM |
Need help with virus, hijack inside | kakakakey | Malware Removal | 1 | May 12th, 2006 10:53 PM |
Help - My computer keeps getting infected - Hijack This log inside | 4 Yawkey Way | Malware Removal | 0 | December 11th, 2005 04:57 PM |
What the GIF is wrong??? HiJack Inside | Lusive | Internet / Browsers | 3 | October 21st, 2004 07:40 PM |
Help with Sysai and other spyware...hijack this logfile inside | blrredreality | Malware Removal | 6 | April 27th, 2004 05:13 AM |
All times are GMT +1. The time now is 04:27 AM.