Hijack This Log File.....this PC is FUBAR!!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

K.V. Collucci

Thread Starter
Joined
Feb 5, 2004
Messages
84
Thanks in advance for any help you can give me on this. :)


Logfile of HijackThis v1.99.1
Scan saved at 10:23:11 PM, on 6/24/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\ADDBM32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SPYCATCHER\DELETESATELLITE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SPYCATCHER\SCHEDULER DAEMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vrysv.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vrysv.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vrysv.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vrysv.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vrysv.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vrysv.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vrysv.dll/sp.html#12047
R3 - Default URLSearchHook is missing
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINDOWS\GDS.DLL
O2 - BHO: Class - {B93A6A3D-9B7D-4B3D-F50A-8450933B13E9} - C:\WINDOWS\D3XB32.DLL
O2 - BHO: Class - {19899FD2-72DC-ADED-A735-6279FA695369} - C:\WINDOWS\JAVADY.DLL
O2 - BHO: Class - {32587655-ECC2-9311-95C4-B841B07B7A99} - C:\WINDOWS\SYSLT.DLL
O2 - BHO: Class - {7DFD21F8-4B4D-675B-FE83-32146EE67DBD} - C:\WINDOWS\SYSTEM\NTYI.DLL
O2 - BHO: Class - {DC41EADE-B0AE-18F2-91E8-4FC88F487406} - C:\WINDOWS\SYSTEM\APPLC.DLL
O2 - BHO: Class - {12279319-F31A-C38D-DA45-167674E3992B} - C:\WINDOWS\SYSTEM\WINTR.DLL
O2 - BHO: Class - {1270AA6C-EE66-FDEB-E0CE-C19876F44A68} - C:\WINDOWS\SYSTEM\SYSNX32.DLL (file missing)
O2 - BHO: Class - {85DBF71E-8CAF-095A-27E3-3BCD81BEDA0B} - C:\WINDOWS\SYSTEM\SDKSZ.DLL
O2 - BHO: Class - {CC45A0FE-CF49-E741-F7AE-B1F4A6487586} - C:\WINDOWS\ADDNI.DLL
O2 - BHO: Class - {7B61A44B-C8DE-8A2F-B354-D2C3D1FB42C1} - C:\WINDOWS\IECP.DLL
O2 - BHO: Class - {350532CD-75B4-6538-D634-37371144B27B} - C:\WINDOWS\SYSTEM\SDKPS32.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Zoom\Adsl\dslagent.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [MSMA.EXE] C:\WINDOWS\SYSTEM\MSMA.EXE
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\PROGRAM FILES\SPYCATCHER\DeleteSatellite.exe"
O4 - HKLM\..\RunServices: [ADDBM32.EXE] C:\WINDOWS\ADDBM32.EXE /s
O4 - HKLM\..\RunServices: [NTXI32.EXE] C:\WINDOWS\SYSTEM\NTXI32.EXE /s
O4 - HKLM\..\RunServices: [APPZR.EXE] C:\WINDOWS\SYSTEM\APPZR.EXE /s
O4 - HKLM\..\RunServices: [MFCWP.EXE] C:\WINDOWS\MFCWP.EXE /s
O4 - HKLM\..\RunServices: [NTJR32.EXE] C:\WINDOWS\NTJR32.EXE /s
O4 - HKLM\..\RunServices: [MFCZF32.EXE] C:\WINDOWS\MFCZF32.EXE /s
O4 - HKLM\..\RunServices: [CRTX.EXE] C:\WINDOWS\CRTX.EXE /s
O4 - HKLM\..\RunServices: [NTAY32.EXE] C:\WINDOWS\SYSTEM\NTAY32.EXE /s
O4 - HKLM\..\RunServices: [ATLAU.EXE] C:\WINDOWS\ATLAU.EXE /s
O4 - HKLM\..\RunServices: [CRFN32.EXE] C:\WINDOWS\CRFN32.EXE /s
O4 - HKLM\..\RunServices: [IPKX32.EXE] C:\WINDOWS\IPKX32.EXE /s
O4 - HKLM\..\RunServices: [IEYM.EXE] C:\WINDOWS\IEYM.EXE /s
O4 - HKLM\..\RunServices: [D3EX32.EXE] C:\WINDOWS\D3EX32.EXE /s
O4 - HKLM\..\RunServices: [IPFY32.EXE] C:\WINDOWS\SYSTEM\IPFY32.EXE /s
O4 - HKLM\..\RunServices: [NETSQ32.EXE] C:\WINDOWS\NETSQ32.EXE /s
O4 - HKLM\..\RunServices: [ADDYS.EXE] C:\WINDOWS\SYSTEM\ADDYS.EXE /s
O4 - HKLM\..\RunServices: [IEQQ.EXE] C:\WINDOWS\IEQQ.EXE /s
O4 - HKLM\..\RunServices: [NETBY.EXE] C:\WINDOWS\NETBY.EXE /s
O4 - HKLM\..\RunServices: [APPJR32.EXE] C:\WINDOWS\SYSTEM\APPJR32.EXE /s
O4 - HKLM\..\RunServices: [ADDQW32.EXE] C:\WINDOWS\ADDQW32.EXE /s
O4 - HKLM\..\RunServices: [WINRX.EXE] C:\WINDOWS\SYSTEM\WINRX.EXE /s
O4 - HKLM\..\RunServices: [SYSYT.EXE] C:\WINDOWS\SYSTEM\SYSYT.EXE /s
O4 - HKLM\..\RunServices: [CRLO.EXE] C:\WINDOWS\CRLO.EXE /s
O4 - HKLM\..\RunServices: [ATLEW32.EXE] C:\WINDOWS\SYSTEM\ATLEW32.EXE /s
O4 - HKLM\..\RunServices: [SDKCP32.EXE] C:\WINDOWS\SYSTEM\SDKCP32.EXE /s
O4 - HKLM\..\RunServices: [CRAJ.EXE] C:\WINDOWS\SYSTEM\CRAJ.EXE /s
O4 - HKLM\..\RunServices: [SDKID32.EXE] C:\WINDOWS\SYSTEM\SDKID32.EXE /s
O4 - HKLM\..\RunServices: [NETVJ.EXE] C:\WINDOWS\NETVJ.EXE /s
O4 - HKLM\..\RunServices: [ATLWE.EXE] C:\WINDOWS\ATLWE.EXE /s
O4 - HKLM\..\RunServices: [D3RS.EXE] C:\WINDOWS\SYSTEM\D3RS.EXE /s
O4 - HKLM\..\RunServices: [NTVW32.EXE] C:\WINDOWS\SYSTEM\NTVW32.EXE /s
O4 - HKLM\..\RunServices: [ATLXV.EXE] C:\WINDOWS\SYSTEM\ATLXV.EXE /s
O4 - HKLM\..\RunServices: [CROB.EXE] C:\WINDOWS\CROB.EXE /s
O4 - HKLM\..\RunServices: [WINLL32.EXE] C:\WINDOWS\WINLL32.EXE /s
O4 - HKLM\..\RunServices: [MFCBC32.EXE] C:\WINDOWS\MFCBC32.EXE /s
O4 - HKLM\..\RunServices: [NETMR.EXE] C:\WINDOWS\SYSTEM\NETMR.EXE /s
O4 - HKLM\..\RunServices: [ADDAP.EXE] C:\WINDOWS\ADDAP.EXE /s
O4 - HKLM\..\RunServices: [APPGM32.EXE] C:\WINDOWS\SYSTEM\APPGM32.EXE /s
O4 - HKLM\..\RunServices: [ATLYT32.EXE] C:\WINDOWS\SYSTEM\ATLYT32.EXE /s
O4 - HKLM\..\RunServices: [APPVZ.EXE] C:\WINDOWS\SYSTEM\APPVZ.EXE /s
O4 - HKLM\..\RunServices: [MFCGG.EXE] C:\WINDOWS\MFCGG.EXE /s
O4 - HKLM\..\RunServices: [IPRH.EXE] C:\WINDOWS\SYSTEM\IPRH.EXE /s
O4 - HKLM\..\RunServices: [MFCUG.EXE] C:\WINDOWS\MFCUG.EXE /s
O4 - HKLM\..\RunServices: [ATLOL.EXE] C:\WINDOWS\ATLOL.EXE /s
O4 - HKLM\..\RunServices: [NETLD.EXE] C:\WINDOWS\NETLD.EXE /s
O4 - HKLM\..\RunServices: [CRGD.EXE] C:\WINDOWS\SYSTEM\CRGD.EXE /s
O4 - HKLM\..\RunServices: [SDKNK32.EXE] C:\WINDOWS\SDKNK32.EXE /s
O4 - HKLM\..\RunServices: [JAVANS32.EXE] C:\WINDOWS\JAVANS32.EXE /s
O4 - HKLM\..\RunServices: [SDKZI.EXE] C:\WINDOWS\SDKZI.EXE /s
O4 - HKLM\..\RunServices: [JAVACD32.EXE] C:\WINDOWS\JAVACD32.EXE /s
O4 - HKLM\..\RunServices: [SYSMV32.EXE] C:\WINDOWS\SYSMV32.EXE /s
O4 - HKLM\..\RunServices: [JAVAJF.EXE] C:\WINDOWS\SYSTEM\JAVAJF.EXE /s
O4 - HKLM\..\RunServices: [IPFW32.EXE] C:\WINDOWS\SYSTEM\IPFW32.EXE /s
O4 - HKLM\..\RunServices: [SDKSV32.EXE] C:\WINDOWS\SDKSV32.EXE /s
O4 - HKLM\..\RunServices: [NETZH32.EXE] C:\WINDOWS\SYSTEM\NETZH32.EXE /s
O4 - HKLM\..\RunServices: [IEZR32.EXE] C:\WINDOWS\SYSTEM\IEZR32.EXE /s
O4 - HKLM\..\RunServices: [D3SR.EXE] C:\WINDOWS\SYSTEM\D3SR.EXE /s
O4 - HKLM\..\RunServices: [ADDVP32.EXE] C:\WINDOWS\SYSTEM\ADDVP32.EXE /s
O4 - HKLM\..\RunServices: [IPWX32.EXE] C:\WINDOWS\SYSTEM\IPWX32.EXE /s
O4 - HKLM\..\RunServices: [APIAH32.EXE] C:\WINDOWS\APIAH32.EXE /s
O4 - HKLM\..\RunServices: [IPDM.EXE] C:\WINDOWS\SYSTEM\IPDM.EXE /s
O4 - HKLM\..\RunServices: [NTAV32.EXE] C:\WINDOWS\NTAV32.EXE /s
O4 - HKLM\..\RunServices: [IESB.EXE] C:\WINDOWS\SYSTEM\IESB.EXE /s
O4 - HKLM\..\RunServices: [MFCZV.EXE] C:\WINDOWS\SYSTEM\MFCZV.EXE /s
O4 - HKLM\..\RunServices: [IPEC.EXE] C:\WINDOWS\IPEC.EXE /s
O4 - HKLM\..\RunServices: [ATLRM32.EXE] C:\WINDOWS\ATLRM32.EXE /s
O4 - HKLM\..\RunServices: [JAVAIK.EXE] C:\WINDOWS\SYSTEM\JAVAIK.EXE /s
O4 - HKLM\..\RunServices: [APPCU.EXE] C:\WINDOWS\APPCU.EXE /s
O4 - HKLM\..\RunServices: [APPHP32.EXE] C:\WINDOWS\APPHP32.EXE /s
O4 - HKLM\..\RunServices: [SYSQL32.EXE] C:\WINDOWS\SYSQL32.EXE /s
O4 - HKLM\..\RunServices: [IPHS.EXE] C:\WINDOWS\IPHS.EXE /s
O4 - HKLM\..\RunServices: [ATLYN.EXE] C:\WINDOWS\ATLYN.EXE /s
O4 - HKLM\..\RunServices: [D3PR.EXE] C:\WINDOWS\SYSTEM\D3PR.EXE /s
O4 - HKLM\..\RunServices: [D3WE32.EXE] C:\WINDOWS\D3WE32.EXE /s
O4 - HKLM\..\RunServices: [ATLRQ.EXE] C:\WINDOWS\SYSTEM\ATLRQ.EXE /s
O4 - HKLM\..\RunServices: [WINBG32.EXE] C:\WINDOWS\WINBG32.EXE /s
O4 - HKLM\..\RunServices: [IPXY.EXE] C:\WINDOWS\IPXY.EXE /s
O4 - HKLM\..\RunServices: [NETQG.EXE] C:\WINDOWS\NETQG.EXE /s
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\PROGRAM FILES\SPYCATCHER\DeleteSatellite.exe" nowait
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O21 - SSODL: systemie - {7EC2D020-33C5-11D8-82CC-444553540000} - sysie.dll (file missing)
O21 - SSODL: systemp - {16D94B00-8F29-11D8-82CC-444553540000} - systemp.dll (file missing)
 
Joined
Jun 3, 2005
Messages
319
Well.......I was going to help you, but then I realized you are a Flyers fan. Sorry.

Just kidding. You've got a nasty infection my friend. There will be multiple steps to remove this infection. First, download Ad-Aware Se Personal and Spybot S&D. You can get both of them below my signature at the bottom of this message. Download, install, update, and run a scan with each of them. Let them fix everything they find. Then reboot, and re-run HJT and post a new log. I can assure you that there will still be work to do, but this will help clean some of it.

Also.....you need to move HijackThis to a permanent directory before you run it again. If you want, you can get a self extracting install for it in my signature. It will install to C:\Program Files\HijackThis
 

blues_harp28

Moderator
Joined
Jan 9, 2005
Messages
19,313
Hi..you have too many entries in your start up list 04..
In 98se all you need at start..
1.Scan Registry..
2.System Tray..
3.Anti virus program..
4.Firewall........Wait until a log expert cleans your log before changing..
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top