Could someone look at this hijackthis log?

  1. 26-08-2004  #1
    Purplepirate99
    Purplepirate99 is offline Newbie

    Could someone look at this hijackthis log?

    My husband is having major issues with his pc. He has pop-ups occur all the time. His computer locks up all the time. He cannot even check his yahoo mail. He has ran ad-aware, spybot and spysweeper, but nothing is helping so far. He tried to run Housecall online virus scan, but it caused an IE illegal operation. Could someone please help us?

    TIA
    Heather

    Logfile of HijackThis v1.97.7
    Scan saved at 8:13:28 AM, on 8/24/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
    C:\WINDOWS\SYSTEM\MSDTCW.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
    C:\WINDOWS\SYSTEM\THOTKEY.EXE
    C:\WINDOWS\SYSTEM\PWRTRAY.EXE
    C:\WINDOWS\SYSTEM\PSPCCARD.EXE
    C:\TOSHIBA\IVP\ISM\PINGER.EXE
    C:\PROGRAM FILES\TIOGA\CLIENT\BIN\TGCMD.EXE
    C:\PROGRAM FILES\MOUSE\4DMAIN.EXE
    C:\PROGRAM FILES\DEFENDER\DEFENDER PRO ANTI-VIRUS\AVPM.EXE
    C:\PROGRAM FILES\THE CLEANER\TCM.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
    C:\WINDOWS\SYSTEM\MMSYSTEM481U.EXE
    C:\PROGRAM FILES\DEFENDER\DEFENDER PRO ANTI-VIRUS\AVPM.EXE
    C:\PROGRAM FILES\VBOUNCER\VIRTUALBOUNCER.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\BDQG.EXE
    C:\WINDOWS\SYSTEM\AZK4OX3S.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM/left.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?ydtfs (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)
    R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
    F1 - win.ini: run=C:\WINDOWS\fntldr.exe;c:\windows\fntldr.exe;c: \windows\COMMAND\fntldr.exe;C:\DOS\fntldr.exe;C:\P ROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\fntldr.exe;C:\WINDOWS\SYSTEM\ fntldr.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL (file missing)
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
    O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
    O4 - HKLM\..\Run: [THotkey] THotkey.exe
    O4 - HKLM\..\Run: [TDspOff] TDspOff.Exe B
    O4 - HKLM\..\Run: [PowerTray] PwrTray.EXE
    O4 - HKLM\..\Run: [PsPCCard] PsPCCard.EXE
    O4 - HKLM\..\Run: [TEscKey] TEscKey.exe
    O4 - HKLM\..\Run: [TFunckey] TFuncKey.exe
    O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
    O4 - HKLM\..\Run: [TgAddServer] "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.answerteam.com/global"
    O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\tioga\Client\bin\tgcmd.exe" /nosystray
    O4 - HKLM\..\Run: [tgsetsite] "C:\Program Files\tioga\Client\bin\tgfix.exe" /i /f "C:\Program Files\tioga\client\bin\toshibasup.dna"
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\4dmain.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
    O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
    O4 - HKLM\..\Run: [ToshibaGLDocMon] "C:\PROGRAM FILES\TOSHIBA\TOSHIBA E-STUDIO CLIENT\GLDocMon.exe"
    O4 - HKLM\..\Run: [Z] C:\WINDOWS\TEMP\Z.EXE
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain
    O4 - HKLM\..\Run: [5LJ6J8#2B@K8FR] C:\WINDOWS\SYSTEM\Dyf0o5.exe
    O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\SYSTEM\INETP60.DLL,DllRunServer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
    O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
    O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V11\SE.EXE" /H
    O4 - HKLM\..\Run: [iafftva] C:\WINDOWS\SYSTEM\udcsuqv\iafftva.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
    O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [RNAUI752t.exe] "C:\WINDOWS\SYSTEM\RNAUI752t.exe"
    O4 - HKCU\..\Run: [wmdmps750i.exe] "C:\WINDOWS\SYSTEM\wmdmps750i.exe"
    O4 - HKCU\..\Run: [MMSYSTEM481u.exe] "C:\WINDOWS\SYSTEM\MMSYSTEM481u.exe"
    O4 - HKCU\..\Run: [MSR2C323l1049g.exe] "C:\WINDOWS\SYSTEM\MSR2C323l1049g.exe"
    O4 - HKCU\..\Run: [isign32836t.exe] "C:\WINDOWS\SYSTEM\isign32836t.exe"
    O4 - HKCU\..\Run: [GL2P6K329p.exe] "C:\WINDOWS\SYSTEM\GL2P6K329p.exe"
    O4 - HKCU\..\Run: [jgmd400337c.exe] "C:\WINDOWS\SYSTEM\jgmd400337c.exe"
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
    O9 - Extra button: Locators.com Search Bar (HKLM)
    O9 - Extra 'Tools' menuitem: Locators.com Search Bar (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...880.3037962963
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
    O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - http://chat.1800flowers.com/netagent/objects/emagic.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O19 - User stylesheet: C:\WINDOWS\Web\tips.ini (file missing)
    O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
  2. 26-08-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Update your version of Hijack This from http://hjt.isecureit.co.uk and then reboot and post a fresh log
+ Reply to Thread
« about:blank in IE on Win98 | Virus Scans »