hijak report need analyze

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rimzan

Thread Starter
Joined
Sep 18, 2003
Messages
121
First Name
Rimzan
hi,
please some one analyze my hjt report coz my spy bot S and D freez in the midle

thanks in advance

rimzan

file of HijackThis v1.97.2
Scan saved at 9:33:43 AM, on 10/11/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MOLCYBERCAFES CLIENT\MOLCC CLIENT.EXE
C:\PROGRAM FILES\INOCULATOR\INOC.EXE
C:\PROGRAM FILES\DAP\DAP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\DXSOUND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS.EXE

R3 - URLSearchHook: CleverHook Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\JEIRED.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YCOMP5_1_6_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\JEIRED.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MOLCyberCafes] C:\PROGRA~1\MOLCYB~1\\MOLCC Client.exe
O4 - HKLM\..\Run: [Inoculator] C:\Program Files\Inoculator\inoc.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_pack.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = cyber land
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 203.115.0.19,203.115.0.1
 
Joined
Oct 5, 2003
Messages
557
Well, you DO have norton, so update it and scan for virsuses.
Also the file C:\WINDOWS\TASKMON.EXE shouldn't be there. It's probably a virus.
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all

browser windows & press fix checked

R3 - URLSearchHook: CleverHook Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\JEIRED.DLL
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\JEIRED.DLL
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binari...TML/EGDHTML.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab

C:\WINDOWS\TASKMON.EXE is a legitimate needed windows file in 98 and SHOULD be there

To cure the spybot problem

http://www.safer-networking.org/index.php?lang=en&page=knowledgebase/faq/faq022

then

download AdAware 6 181
Before you scan with AdAware, check for updates of the reference file by using the

"webupdate".

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within

archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for

banned URL" and "Scan my host-files"

then.........

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized

processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to

unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it.

post a new hijackthis log to check
 
Joined
Jun 19, 2003
Messages
1,241
Hi Rimzan,

Please run a new HJT! Scan, and check to fix the following entries. Next, close all browser windows and click the Fix checked button…

R3 - URLSearchHook: CleverHook Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\JEIRED.DLL

O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\JEIRED.DLL


Then reboot into safe mode, (see here if you don't know how) and delete the following bolded files/folders...

C:\WINDOWS\JEIRED

Then boot back into normal mode and rerun Spybot, making sure to have the latest updates.

Then if you could post a new log afterwards.

Cheers

Liam
 

rimzan

Thread Starter
Joined
Sep 18, 2003
Messages
121
First Name
Rimzan
thank you again u all guyz let me try it again

rimzan
 

rimzan

Thread Starter
Joined
Sep 18, 2003
Messages
121
First Name
Rimzan
hello guyz,

problems are solved now i updated my av and swithed to adaware latest vertion.upgraded the spy bot but problem was there and i had to follow "DVK01" instruction followed the link to spybot cure and and excluded the "C2.lop" from the list and now it want freez when it comes to C2.lop

thanks again all of u guyz

rimzan
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top