hjt log

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Moof13

Thread Starter
Joined
Dec 19, 2005
Messages
12
Logfile of HijackThis v1.99.1
Scan saved at 1:40:52 PM, on 12/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\UBOTIL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.255\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ubotil] c:\windows\system\ubotil.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\SYSTEM\pshwr.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ComcastHSI - {4DD38920-73B3-11DA-9D42-00159A124699} - http://www.comcast.net/ (file missing) (HKCU)
O9 - Extra button: Help - {4DD38921-73B3-11DA-9D42-00159A124699} - http://online.comcast.net/help/ (file missing) (HKCU)
O9 - Extra button: Support - {4DD38922-73B3-11DA-9D42-00159A124699} - http://www.comcastsupport.com/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
 

Moof13

Thread Starter
Joined
Dec 19, 2005
Messages
12
COME ON PEOPLE!!!!!!!!! lol j/k umm here is new hj log


Logfile of HijackThis v1.99.1
Scan saved at 2:48:28 PM, on 12/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\UBOTIL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\POOBRFE.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.624\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\SYSTEM\IRASJXEA.DLL
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\PROGRAM FILES\TBONAS\TBONLCHR.DLL
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\PROGRAM FILES\TBONAS\TBONLCHR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ubotil] c:\windows\system\ubotil.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [POOBRFE] C:\WINDOWS\POOBRFE.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\SYSTEM\pshwr.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\SYSTEM\irasyncd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ComcastHSI - {4DD38920-73B3-11DA-9D42-00159A124699} - http://www.comcast.net/ (file missing) (HKCU)
O9 - Extra button: Help - {4DD38921-73B3-11DA-9D42-00159A124699} - http://online.comcast.net/help/ (file missing) (HKCU)
O9 - Extra button: Support - {4DD38922-73B3-11DA-9D42-00159A124699} - http://www.comcastsupport.com/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\PROGRAM FILES\CMSYSTEM\PLUGIN.DLL
 
Joined
Sep 7, 2004
Messages
49,014
What do you mean come on - this is not real time TS and it is the holidays!!!!!

Move HiJack from that temp location

Get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there

Download CW-Shredder at the link below:
http://www.intermute.com/spysubtract/cwshredder_download.html


Download http://www.derbilk.de/SpSeHjfix109.zip to the desktop and then
right click a blank part of desktop & select new folder, call it spfix
unzip the file into that folder

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Now run the Shredder - Hit The FIX button!

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.
 
Joined
Feb 15, 2004
Messages
12,302
IMPORTANT! Move Hijack this from the Temp, or from the zip folder to it's own folder!


Make a new folder in C:\ and call it Hijack this, and Save hijack this to
this folder so that it runs properly and can make back ups. Click scan,
then save the log and post it here so we can take a look at it for you.


you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!


Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710


Alos download this anti virus programme as you don't appear to have one of these either, download it, install it, update it and run a full system scan!


Anti-vir

http://www.free-av.com/



download Cwshredder from

http://www.soft32.com/download_19014.html


Download 'SpSeHjfix'. to the desktop and then
right click a blank part of desktop & select new folder, call it spfix
unzip the file into that folder


http://www.derbilk.de/404.html

http://www.majorgeeks.com/downloads31.html

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Warning Note: On a few occasions it has been reported that after using the
SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control
Panel >Internet Options >Programs & press reset web settings, then you can
set your home page to what you want on the general tab.


Now run CWShredder - Hit The FIX button!



Now do these instructions!



Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php


* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam



* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:



have hijack this fix these entries. close all browsers and programmes before
clicking FIX.


Note: some of these files might be missing, just continue on with the rest if they are!


O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\SYSTEM\IRASJXEA.DLL
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\PROGRAM FILES\TBONAS\TBONLCHR.DLL
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\PROGRAM FILES\TBONAS\TBONLCHR.DLL
O4 - HKLM\..\Run: [ubotil] c:\windows\system\ubotil.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [POOBRFE] C:\WINDOWS\POOBRFE.exe
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\SYSTEM\pshwr.exe
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\SYSTEM\irasyncd.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm



Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.



Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.


C:\WINDOWS\CERES.DLL
C:\WINDOWS\SYSTEM\IRASJXEA.DLL
C:\PROGRAM FILES\TBONAS\TBONLCHR.DLL
C:\PROGRAM FILES\TBONAS\TBONLCHR.DLL
c:\windows\system\ubotil.exe
C:\WINDOWS\TEMP\SE.DLL
C:\WINDOWS\POOBRFE.exe
C:\WINDOWS\SYSTEM\pshwr.exe
C:\WINDOWS\SYSTEM\irasyncd.exe



reboot and download and run these tools!



*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html



* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
*run clean up



go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk
entries". Click next to start the scan. Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.

reboot again


All tools can be downloaded at the link below and found on that page!


. SpyBot search and destroy
. AdAware SE personal


http://www.majorgeeks.com/downloads31.html



Run ActiveScan online virus scan here

http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!



post a fresh HJT log and the log that was created by 'SpSeHjfix'.
and the panda log scan
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top