Ie not working (Hijack Log inside)

[enat66]

Can you guys check this log for a friend of mine Thanks
Logfile of HijackThis v1.97.7
Scan saved at 4:07:26 PM, on 3/31/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v4.72 SP1 (4.72.3110.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\PROGRAM FILES\ISO LONG SEEK\BIBSHIMPLAN.EXE
C:\SYS_AI_CLIENT_LOADER.EXE
C:\PROGRAM FILES\PRECPOP2\PRECPOP2.EXE
C:\WINDOWS\WAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\MY DOCUMENTS\DOWNLOAD\CRAZEDDEPPFAN\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://allaboutsearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://allaboutsearching.com/passthrough/index.html?http://msn.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://allaboutsearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://allaboutsearching.com/searchbar.html
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = metrocom
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -
{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Team Thunk Global -
{BCA79C61-E08C-C7CA-4F2E-5BE2D55306D8} - C:\PROGRAM
FILES\PLUS BYTE\README32.DLL
O3 - Toolbar: (no name) -
{57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O3 - Toolbar: Band Class -
{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} -
C:\WINDOWS\ADROAR.DLL
O4 - HKLM\..\Run: [ScanRegistry]
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task]
"C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common
Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKLM\..\Run: [precpop2] "C:\Program
Files\Precpop2\starter.exe"
O4 - HKLM\..\Run: [Messplatform] C:\PROGRA~1\iso long
seek\Bibshimplan.exe
O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW
ACTIVE\WINACTIVE.EXE
O4 - HKLM\..\Run: [AutoLoadermsvcp60]
"C:\SYS_AI_CLIENT_LOADER.EXE"
O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
O4 - HKLM\..\Run: [PGStub.exe] C:\DP-B23011805.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile]
Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O11 - Options group: [TB] Toolbar
O16 - DPF: Win32 Classes -
file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://www.netpaloffers.net/NetpalOffers/DMO1/IAicm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498}
(Yahoo! Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73}
(Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abetterinternet.com/download/cabs/FIX19105/flash.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -
http://dst.trafficsyndicate.com/Dnl/T_40/QDow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
http://www.whenusearch.com/WUInstSECS.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} -
http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abetterinternet.com/download/cabs/FIX19105/payload2.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
http://www.bundleware.com/activeX/DS3/DS3.cab

[AnnMarie]

Hi Enat - Firstly, download, unzip and run LSPFix.exe from here and remove inetadpt.dll from the winsock layers. In order to do this, click the "I know what I'm doing" checkbox and check all instances of inetadpt.dll (and nothing else). Then move all checked files to the "Remove" pane and click Finish and reboot.

There is a load of junk that log. Ad-Aware should get rid of a lot of it. Download the latest version of Ad-Aware from here (if you already have Ad-Aware installed, make sure that it is the latest version and always go online and update it before you run it).


After installing AAW, and before running the program, you must FIRST update the reference file following these instructions. (and you must always do this before you run the program at any later date).


Now do the following:

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives. It will find a number of spyware files and registry keys. Right-click in that pane and choose "select all"

Now press "Next" again. It will ask you whether you'd like to remove all checked items. Click OK.

Finally, close Ad-Aware, and reboot.

Run Hijack This again and post back a new log.

[enat66]

Alright thanks, I had her run spybot before the log but I didn't have her update it. I'll tell her to do that stuff and then I'll get back to you, thanks

[AnnMarie]

You are welcome enat but try Ad-Aware instead of Spybot this time.

[enat66]

Sorry it took so long AM Thanks

She also mentioned something about ad-aware said it couldn't remove: c:windows/system/msg121.dll and she said that something gives her an error about that at startup.

She said that IE still doesn't work but that it takes a lot less time to start up her computer...looks like we are on the right track.

Logfile of HijackThis v1.97.7
Scan saved at 10:27:47 PM, on 4/14/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v4.72 SP1 (4.72.3110.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\MY DOCUMENTS\DOWNLOAD\CRAZEDDEPPFAN\HIJACKTHIS.EXE

R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = metrocom
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = ;<local>
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry]
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task]
"C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile]
Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O11 - Options group: [TB] Toolbar
O16 - DPF: Win32 Classes -
file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498}
(Yahoo! Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73}
(Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF:

[AnnMarie]

Hi enat - Close IE and all open windows and run Hijack This again. Check the below entries and click on Fix Checked.


O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe

O11 - Options group: [TB] Toolbar

When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts), make sure that you can view view hidden files and folders and run a search for and delete the below folders/files in bold.

C:\WINDOWS\mwsvm.exe
C:\WINDOWS\frsk.exe

Reboot again.

Now when you say IE doesnt work, I cannot say that I am surprised. I have just realised that your friend is running Internet Explorer 4.01 (the internal name is v4.72). Enat can you please burn IE 6 to a CD for her and install it. You can download it from here (ie60.exe). Once you have done this, take a trip to Windows Updates and install all critical updates.

When you have done this, post back a new log and let us know if she still cannot connect. Removing msg121.dll requires special handling. Will you be there to help her?

[enat66]

Alright thanks, I'll have her do the things when I get a chance. I also just realised she was running 4.01, I'll burn IE to a disk for her and have her install it. I don't know if I can be there to help her remove msg121.dll. She's a new friend of mine and I don't know her all that well yet.

Thanks once again

[AnnMarie]

No problem enat. If she can get online after installing IE6, tell her to go here and download and run Killbox (not the beta).

Unzip to a new folder and doubleclick on KillBox.exe to run the program. Check all three Options:

Create a backup before deleting file.
Create a Killbox Session Log.
Enable msg121.dll option.

Next, go to "Find" and select "Find msg[].dll. When the list appears, click on "File" > "Create Log" and copy and paste it back in this thread. Do not make any changes without advice. To do so, could cripple her OS.

[enat66]

Thanks again AM, but there is another problem, I asked her to tell me how much space is on her harddrive. There is like a hundred megabytes left in the C and only 600megs in the D drive. I'll assume the windows files are on the C drive. Is there a way to install IE so it's on the D drive when the windows files are on the C? I typed out instructions for her to remove the mwsvm.exe & frsk.exe, hopefully that will help her get online without having to upgrade to 6.0. If I were there, I'd give her my 8gig harddrive, but there's not a chance she could install it on her own.

[AnnMarie]

Hi enat, she is going to have to clean up her C drive. I dont know what size her drive is but 100MB's of free space only is asking for trouble if she runs Defrag.

Has she run Disk Cleanup? If not tell her to do so and uninstall any unused programs. If she has saved large music files, they can be stored on her D drive.