1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT Log and I'm sleepy

Discussion in 'Virus & Other Malware Removal' started by Infidel_Kastro, Feb 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Infidel_Kastro

    Infidel_Kastro Thread Starter

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    hola everyone,
    helping a friend with a dial up connection so Adaware and spybot will take forever to load. I will return at a later date with the programs on a cd-rom, but in the meantime, can someone do a quick scan of the log and tell me what i can remove with HJT.
    Thanks,
    AndrewLogfile of HijackThis v1.97.7
    Scan saved at 1:38:27 AM, on 2/21/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE
    C:\PROGRAM FILES\NORTON CRASHGUARD\CGMENU.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\SYSTEM\E_S0HIC1.EXE
    C:\WINDOWS\SYSTEM\E_S10IC2.EXE
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0\AOLTRAY.EXE
    C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\PRODINET\BIN\PIAXORB.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NORTON CRASHGUARD\CG16EH.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\WX75FA2U\HIJACKTHIS[1].EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allcybersearch.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allcybersearch.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allcybersearch.com/ie/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = I-Lookup.com ? ARE YOU OVER 18
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allcybersearch.com/ie/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.prodigy.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allcybersearch.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.prodigy.net/"); (C:\Program Files\Netscape\Users\RENEE1999\prefs.js)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE026.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] systray.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE"
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON CRASHGUARD\CGMenu.EXE"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
    O4 - HKLM\..\Run: [EPSON Stylus Photo 925] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P22 "EPSON Stylus Photo 925" /O7 "EPUSB1:" /M "Stylus Photo 925"
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
    O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: SideStep (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .pcm: C:\PROGRA~1\INTERN~1\PLUGINS\NpCurMem.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.prodigy.net
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://download.sidestep.com/get/k00719/sb01f.cab
    O16 - DPF: {F72A7B0E-0DD8-11D1-BD6E-00AA00B92AF1} (IE Active Setup Control) - http://www.microsoft.com/windows/ie/ie40/download/cdf/setupctl.cab
    O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
    O16 - DPF: {5D39201D-1CCA-4E05-A380-110B0E21650B} (PrintX Control) - http://www.fototime.com/ftweb/activeX/WebPrintControl.cab
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    52,089
    Andrew

    Fix all these
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allcybersearch.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allcybersearch.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allcybersearch.com/ie/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = I-Lookup.com ? ARE YOU OVER 18
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allcybersearch.com/ie/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allcybersearch.com/ie/
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE026.DLL
    O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://download.sidestep.com/get/k00719/sb01f.cab

    O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/205507