Dan Posted October 11, 2004 Report Share Posted October 11, 2004 Hey Everyone.... Here is my HJT log, and I was just infected w/ some spyware and was wondering if there is still something left: Logfile of HijackThis v1.98.2Scan saved at 2:07:42 PM, on 10/11/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\WINDOWS\SYSTEM\3DLDEMON.EXEC:\WINDOWS\SYSTEM\INTERNAT.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\RunDLL.exeC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://av.yahoo.com/bin/search?p=%sO2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL (file missing)O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorunO4 - HKLM\..\Run: [3DLabsHelperDemon] 3dldemon.exe nowakeupO4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -offO4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [internat.exe] internat.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUPO4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exeO4 - HKLM\..\RunServices: [KPF4] C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exeO4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRYO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htmO8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htmO8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htmO8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htmO8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htmO8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htmO8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htmO8 - Extra context menu item: Download with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEExt.htmO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXEO9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)O10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missingO16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.totalvelocity.com/MemoryMeterbb.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ldc.upenn.eduO17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.91.2.13,128.91.254.1,128.91.254.4 Link to post Share on other sites
therock247uk Posted October 11, 2004 Report Share Posted October 11, 2004 Ok please follow these instructions carefully.1. Go to Start, Setttings, Control Panel, Add/Remove programs and Uninstall the following items New.NetWebhancer2. Then reboot and post a new Hijackthis log here in a reply. Link to post Share on other sites
Dan Posted October 12, 2004 Author Report Share Posted October 12, 2004 I'll try to get it on a floppy soon..... Link to post Share on other sites
therock247uk Posted October 12, 2004 Report Share Posted October 12, 2004 Ok Link to post Share on other sites
Dan Posted October 14, 2004 Author Report Share Posted October 14, 2004 finally got it to work againLogfile of HijackThis v1.98.2Scan saved at 1:26:50 PM, on 10/14/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\WINDOWS\SYSTEM\3DLDEMON.EXEC:\WINDOWS\SYSTEM\INTERNAT.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\RunDLL.exeC:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXEC:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\PROGRAM FILES\ICECHAT5\ICECHAT5.EXEC:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://av.yahoo.com/bin/search?p=%sO2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorunO4 - HKLM\..\Run: [3DLabsHelperDemon] 3dldemon.exe nowakeupO4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -offO4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [internat.exe] internat.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUPO4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exeO4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRYO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htmO8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htmO8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htmO8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htmO8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htmO8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htmO8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htmO8 - Extra context menu item: Download with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEExt.htmO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXEO9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ldc.upenn.eduO17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.91.2.13,128.91.254.1,128.91.254.4 Link to post Share on other sites
Recommended Posts