1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Need some help (please)

Discussion in 'Security and Privacy' started by Tank70, 2004/06/30.

Thread Status:
Not open for further replies.
  1. 2004/06/30
    Tank70

    Tank70 Inactive Thread Starter

    Joined:
    2003/02/13
    Messages:
    3
    Likes Received:
    0
    Ran Hijackthis. log IS below
    Thanks a ton


    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\APIAN32.EXE
    C:\WINDOWS\APIQF32.EXE
    C:\WINDOWS\SYSTEM\NETNO32.EXE
    C:\WINDOWS\SYSTEM\NTHN.EXE
    C:\WINDOWS\CRXU.EXE
    C:\WINDOWS\SYSTEM\CRKB32.EXE
    C:\WINDOWS\SYSTEM\ATLIC.EXE
    C:\WINDOWS\SYSTEM\ATLZK32.EXE
    C:\WINDOWS\SYSTEM\APILC32.EXE
    C:\WINDOWS\SYSTEM\SDKXJ32.EXE
    C:\WINDOWS\SYSTEM\APPCS32.EXE
    C:\WINDOWS\NTAN.EXE
    C:\WINDOWS\SYSTEM\JAVAXL.EXE
    C:\WINDOWS\SYSTEM\SDKQU.EXE
    C:\WINDOWS\WINYE32.EXE
    C:\WINDOWS\SYSTEM\D3NQ32.EXE
    C:\WINDOWS\APPZT.EXE
    C:\WINDOWS\SYSTEM\NTHH.EXE
    C:\WINDOWS\ADDKC32.EXE
    C:\WINDOWS\SYSTEM\NETWH32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\NTPY32.EXE
    C:\WINDOWS\CRAY.EXE
    C:\WINDOWS\IPNJ.EXE
    C:\WINDOWS\IEGI.EXE
    C:\WINDOWS\NETSJ.EXE
    C:\WINDOWS\SYSTEM\WINVR.EXE
    C:\WINDOWS\SYSTEM\APPNI.EXE
    C:\WINDOWS\SYSTEM\WINGS.EXE
    C:\WINDOWS\SYSTEM\JAVAXL.EXE
    C:\WINDOWS\SYSEF.EXE
    C:\WINDOWS\SYSTEM\ADDIV32.EXE
    C:\WINDOWS\IPOM.EXE
    C:\WINDOWS\APIDB.EXE
    C:\WINDOWS\SYSES.EXE
    C:\WINDOWS\SYSTEM\APPVS32.EXE
    C:\WINDOWS\SYSTEM\IEYQ32.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\D3QZ.EXE
    C:\WINDOWS\JAVAUM.EXE
    C:\WINDOWS\CRPY.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\IEGI.EXE
    C:\WINDOWS\SYSTEM\APITU.EXE
    C:\WINDOWS\IEGI.EXE
    C:\WINDOWS\SDKWU.EXE
    C:\WINDOWS\WINYE32.EXE
    C:\WINDOWS\SYSTEM\WINML32.EXE
    C:\WINDOWS\SYSTEM\WINML32.EXE
    C:\WINDOWS\SYSTEM\WINCJ32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\CRAY.EXE
    C:\WINDOWS\SDKZC.EXE
    C:\WINDOWS\SDKZC.EXE
    C:\WINDOWS\SYSTEM\APPVS32.EXE
    C:\WINDOWS\SYSTEM\NETEJ.EXE
    C:\WINDOWS\SYSTEM\NETEJ.EXE
    C:\WINDOWS\SYSTEM\APIKZ.EXE
    C:\WINDOWS\SYSTEM\ATLZK32.EXE
    C:\WINDOWS\NETFV32.EXE
    C:\WINDOWS\NETFV32.EXE
    C:\WINDOWS\SYSTEM\ADDHE.EXE
    C:\WINDOWS\CRAY.EXE
    C:\WINDOWS\SYSDU.EXE
    C:\WINDOWS\SYSDU.EXE
    C:\WINDOWS\SYSTEM\ATLZK32.EXE
    C:\WINDOWS\JAVAPQ.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://dubolom.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gkruz.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/redir.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/redir.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.132/redir.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gkruz.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.132/redir.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gkruz.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dubolom.com/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/redir.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.132/redir.php
    O2 - BHO: (no name) - {EA7F9A52-0A05-11D2-98C5-00104B7229C2} - C:\PROGRAM FILES\WAVETOP\BIN\WAVEIE.DLL (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL (file missing)
    O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
    O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\APPLICATION DATA\IEMS\IEMS32.DLL (file missing)
    O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\IEMS\ADVGC32.DLL (file missing)
    O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\APPLICATION DATA\IEMS\APIAU.DLL (file missing)
    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\PROGRAM FILES\SUBMIT\SUBMITHOOK.DLL
    O2 - BHO: (no name) - {8AF1C8F8-5F05-34F3-4344-BC61A74FCC50} - C:\WINDOWS\SYSTEM\MFCHH32.DLL
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\BRIDGE.DLL (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - Data - (no file)
    O2 - BHO: C:\WINDOWS\SYSTEM\MFCHH32.DLL - InprocServer32 - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [MFCHP32.EXE] C:\WINDOWS\SYSTEM\MFCHP32.EXE
    O4 - HKLM\..\Run: [NTMU32.EXE] C:\WINDOWS\SYSTEM\NTMU32.EXE
    O4 - HKLM\..\Run: [MSWY32.EXE] C:\WINDOWS\SYSTEM\MSWY32.EXE
    O4 - HKLM\..\Run: [MSMR.EXE] C:\WINDOWS\SYSTEM\MSMR.EXE
    O4 - HKLM\..\Run: [SYSAS.EXE] C:\WINDOWS\SYSTEM\SYSAS.EXE
    O4 - HKLM\..\Run: [ATLTR.EXE] C:\WINDOWS\SYSTEM\ATLTR.EXE
    O4 - HKLM\..\Run: [NTHE32.EXE] C:\WINDOWS\SYSTEM\NTHE32.EXE
    O4 - HKLM\..\Run: [WINZN.EXE] C:\WINDOWS\SYSTEM\WINZN.EXE
    O4 - HKLM\..\Run: [CRKI.EXE] C:\WINDOWS\SYSTEM\CRKI.EXE
    O4 - HKLM\..\Run: [MSNY.EXE] C:\WINDOWS\SYSTEM\MSNY.EXE
    O4 - HKLM\..\Run: [APIKZ.EXE] C:\WINDOWS\SYSTEM\APIKZ.EXE
    O4 - HKLM\..\RunServices: [SDKQU.EXE] C:\WINDOWS\SYSTEM\SDKQU.EXE
    O4 - HKLM\..\RunServices: [ATLZK32.EXE] C:\WINDOWS\SYSTEM\ATLZK32.EXE
    O4 - HKLM\..\RunServices: [CRKB32.EXE] C:\WINDOWS\SYSTEM\CRKB32.EXE
    O4 - HKLM\..\RunServices: [NETNO32.EXE] C:\WINDOWS\SYSTEM\NETNO32.EXE
    O4 - HKLM\..\RunServices: [JAVAXL.EXE] C:\WINDOWS\SYSTEM\JAVAXL.EXE
    O4 - HKLM\..\RunServices: [NTAN.EXE] C:\WINDOWS\NTAN.EXE
    O4 - HKLM\..\RunServices: [D3NQ32.EXE] C:\WINDOWS\SYSTEM\D3NQ32.EXE
    O4 - HKLM\..\RunServices: [CRXU.EXE] C:\WINDOWS\CRXU.EXE
    O4 - HKLM\..\RunServices: [APIAN32.EXE] C:\WINDOWS\SYSTEM\APIAN32.EXE
    O4 - HKLM\..\RunServices: [APIQF32.EXE] C:\WINDOWS\APIQF32.EXE
    O4 - HKLM\..\RunServices: [APILC32.EXE] C:\WINDOWS\SYSTEM\APILC32.EXE
    O4 - HKLM\..\RunServices: [ATLIC.EXE] C:\WINDOWS\SYSTEM\ATLIC.EXE
    O4 - HKLM\..\RunServices: [APPCS32.EXE] C:\WINDOWS\SYSTEM\APPCS32.EXE
    O4 - HKLM\..\RunServices: [SDKXJ32.EXE] C:\WINDOWS\SYSTEM\SDKXJ32.EXE
    O4 - HKLM\..\RunServices: [NTHN.EXE] C:\WINDOWS\SYSTEM\NTHN.EXE
    O4 - HKLM\..\RunServices: [WINYE32.EXE] C:\WINDOWS\WINYE32.EXE
    O4 - HKLM\..\RunServices: [NTHH.EXE] C:\WINDOWS\SYSTEM\NTHH.EXE
    O4 - HKLM\..\RunServices: [APPZT.EXE] C:\WINDOWS\APPZT.EXE
    O4 - HKLM\..\RunServices: [ADDKC32.EXE] C:\WINDOWS\ADDKC32.EXE
    O4 - HKLM\..\RunServices: [NETWH32.EXE] C:\WINDOWS\SYSTEM\NETWH32.EXE
    O4 - HKLM\..\RunServices: [NTPY32.EXE] C:\WINDOWS\NTPY32.EXE
    O4 - HKLM\..\RunServices: [CRAY.EXE] C:\WINDOWS\CRAY.EXE
    O4 - HKLM\..\RunServices: [APPNI.EXE] C:\WINDOWS\SYSTEM\APPNI.EXE
    O4 - HKLM\..\RunServices: [NETSJ.EXE] C:\WINDOWS\NETSJ.EXE
    O4 - HKLM\..\RunServices: [IPNJ.EXE] C:\WINDOWS\IPNJ.EXE
    O4 - HKLM\..\RunServices: [IEGI.EXE] C:\WINDOWS\IEGI.EXE
    O4 - HKLM\..\RunServices: [WINVR.EXE] C:\WINDOWS\SYSTEM\WINVR.EXE
    O4 - HKLM\..\RunServices: [WINGS.EXE] C:\WINDOWS\SYSTEM\WINGS.EXE
    O4 - HKLM\..\RunServices: [ADDIV32.EXE] C:\WINDOWS\SYSTEM\ADDIV32.EXE
    O4 - HKLM\..\RunServices: [SYSEF.EXE] C:\WINDOWS\SYSEF.EXE
    O4 - HKLM\..\RunServices: [JAVAUM.EXE] C:\WINDOWS\JAVAUM.EXE
    O4 - HKLM\..\RunServices: [IPOM.EXE] C:\WINDOWS\IPOM.EXE
    O4 - HKLM\..\RunServices: [APIDB.EXE] C:\WINDOWS\APIDB.EXE
    O4 - HKLM\..\RunServices: [APPVS32.EXE] C:\WINDOWS\SYSTEM\APPVS32.EXE
    O4 - HKLM\..\RunServices: [SYSES.EXE] C:\WINDOWS\SYSES.EXE
    O4 - HKLM\..\RunServices: [IEYQ32.EXE] C:\WINDOWS\SYSTEM\IEYQ32.EXE
    O4 - HKLM\..\RunServices: [D3QZ.EXE] C:\WINDOWS\D3QZ.EXE
    O4 - HKLM\..\RunServices: [CRPY.EXE] C:\WINDOWS\CRPY.EXE
    O4 - HKLM\..\RunServices: [APITU.EXE] C:\WINDOWS\SYSTEM\APITU.EXE
    O4 - HKLM\..\RunServices: [SDKWU.EXE] C:\WINDOWS\SDKWU.EXE
    O4 - HKLM\..\RunServices: [WINML32.EXE] C:\WINDOWS\SYSTEM\WINML32.EXE
    O4 - HKLM\..\RunServices: [WINCJ32.EXE] C:\WINDOWS\SYSTEM\WINCJ32.EXE
    O4 - HKLM\..\RunServices: [SDKZC.EXE] C:\WINDOWS\SDKZC.EXE
    O4 - HKLM\..\RunServices: [NETEJ.EXE] C:\WINDOWS\SYSTEM\NETEJ.EXE
    O4 - HKLM\..\RunServices: [NETFV32.EXE] C:\WINDOWS\NETFV32.EXE
    O4 - HKLM\..\RunServices: [ADDHE.EXE] C:\WINDOWS\SYSTEM\ADDHE.EXE
    O4 - HKLM\..\RunServices: [SYSDU.EXE] C:\WINDOWS\SYSDU.EXE
    O4 - HKLM\..\RunServices: [JAVAPQ.EXE] C:\WINDOWS\JAVAPQ.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
     
    Tank70,
    #1
  2. 2004/06/30
    Tank70

    Tank70 Inactive Thread Starter

    Joined:
    2003/02/13
    Messages:
    3
    Likes Received:
    0
    Rest of list here THANX

    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38074.5178240741
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/065cf0dc874bc7684e05/netzip/RdxIE601.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/98ME/ClickYesToContinue/bridge-c14.cab
     
    Tank70,
    #2


  3. to hide this advert.

  4. 2004/06/30
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Whooo Eeee - and wow!!

    This is probably going to take a few different things to effect a cure. I'll leave the tricky details to one of the experts but for now:

    - RAV online virus scanner. Click to continue without subscribing and you want to fix any problems it finds and generate a log.

    - Quicklinks (in my signature) and under the recommended sites, download, update, and run first Ad-aware (removing all it finds) and then Spybot (removing all it pre-selects and immunizing).

    Post the RAV log here along with a fresh Hijackthis log.
     
    Newt,
    #3
  5. 2004/06/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Tank70. :)

    Not knowing what you have yet done, we need to see what all will be removed with the standard tools. Please download CWShredder version 1.59.1 from the link in my signature. Open it, close ALL other windows and click fix.

    Download and install both Spybot version 1.3 and Ad-aware build 6.181 from my sig. also. Install, immediately update and run both. Spybot first. Delete all it finds that is prechecked. Configure Ad-aware for a custom full scan and delete all it finds.

    Reboot and run the RAV scan. Get a report and paste it here along with a new HijackThis log.

    EDIT
    I see I re-iterated most of what Newt said :rolleyes: Important to run CWShredder and configure Ad-aware for full scan!! Just as important to have the latest versions!!
     
    Last edited: 2004/06/30
    noahdfear,
    #4
  6. 2004/06/30
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Dave - if I'd knowed you wuz gonna look in tonight, I'd of left it fur you. ;)
     
    Newt,
    #5
  7. 2004/06/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Can't ya tell Newt? I'm hooked. I'll be checking in every night.....and day.....and morning.......and middle of the night when I get up with the babies.....:rolleyes:
     
    noahdfear,
    #6
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...