In Progress Please help, trying to figure out hijack

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jspencer1985

Thread Starter
Joined
Jan 13, 2019
Messages
1
I recently had to use my recovery disk as I have had major problems with missing components. Now I don't have enough drive space so something is wrong, any help would be appreciated. Thanks to any help given. I am not to familiar with computer stuff, just use it mainly for pc games. Looks like some sites that shouldn't be there and wonder how they got there.

Logfile of HijackThis v1.97.7
Scan saved at 12:31:06 AM, on 5/1/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\938HON4F\HIJACKTHIS[1].EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/windsor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com
O1 - Hosts: 64.237.57.170 www.fomenko.ru #n?À[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.170 fomenko.ru #EDivByZero?Ø[email protected]Ø[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.170 www.qwe.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.170 qwe.ru # [email protected] [email protected]@ . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.170 www.killer.ru #EMathError?À[email protected] À[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.170 killer.ru #EMathError?À[email protected] À[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.170 www.girlfriend.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.170 girlfriend.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.170 www.lovers.ru #EOverflow?À¤[email protected] ¤[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.170 lovers.ru #EUnderflow?ð[email protected] ð[email protected] . [email protected]
O1 - Hosts: 64.237.57.170 www.bum.ru #EConvertError?Àà[email protected] à[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.170 bum.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ .EStackOverflow?Ð[email protected]
O1 - Hosts: 64.237.57.170 www.pupsik.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ .EStackOverflow?Ð[email protected]
O1 - Hosts: 64.237.57.170 pupsik.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ .EStackOverflow?Ð[email protected]
O1 - Hosts: 64.237.57.170 www.devil.ru[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EControlC?À[email protected]
O1 - Hosts: 64.237.57.170 devil.ru #Ð[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EControlC?À[email protected]
O1 - Hosts: 64.237.57.170 www.persik.ru[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@EControlC?À[email protected]
O1 - Hosts: 64.237.57.171 persik.ru # Ð[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@EControlC?À[email protected]
O1 - Hosts: 64.237.57.171 www.etop.ru #[email protected] 4)@ <)@ t(@ ?(@ °(@[email protected]@@[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EIntEr
O1 - Hosts: 64.237.57.171 etop.ru #[email protected] 4)@ <)@ t(@ ?(@ °(@[email protected]@@[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EIntEr
O1 - Hosts: 64.237.57.171 omen.ru #EConvertError?Àà[email protected] à[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 www.omen.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 www.uxi.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 uxi.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 www.pornushka.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 pornushka.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 www.isex.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 isex.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 www.sexymafia.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 sexymafia.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 www.erotica.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 erotica.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 www.porno.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.171 porno.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.172 seksfoto.net #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.172 www.seksfoto.net #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.172 erophoto.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.172 www.erophoto.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.172 youngteensfuck.com #EOverflow?À¤[email protected] ¤[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.172 www.youngteensfuck.com #EOverflow?À¤[email protected] ¤[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.172 adult-top.ru #[email protected] 4)@ <)@ t(@ ?(@ °(@[email protected]@@[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EIntEr
O1 - Hosts: 64.237.57.172 www.adult-top.ru #[email protected] 4)@ <)@ t(@ ?(@ °(@[email protected]@@[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EIntEr
O1 - Hosts: 64.237.57.172 maxtop.ru #EConvertError?Àà[email protected] à[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.172 www.maxtop.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.172 www.teens-trade.com #EConvertError?Àà[email protected] à[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 64.237.57.172 teens-trade.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 207.176.39.177 mail.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O1 - Hosts: 207.176.39.177 www.mail.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN4\YCOMP5_3_16_0.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN4\YCOMP5_3_16_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IncredimailDownloader] C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\IMLOADER.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] c:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] c:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRAM FILES\INCREDIMAIL\BIN\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Updates from HP.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: HP Internet Center.lnk = C:\HP Internet\Surfboard\Surfbrd.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: RealGuide (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4353/mcfscan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38105.6263657407
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Hi jspencer 1985,

There is NO chance that a machine with windows 98 can be fixed, or made safe.
There are lots of reasons for this, almost all having to do with the age of the system.

Right now, you should get this machine OFFLINE (unplug the internet cable).
Anyone who feels like it could discover all your internet business from such an old, unprotected system.
Going forward , you should change every password for every account you have used while on this machine.

I don't know your personal situation, so I can't make any suggestion about how to proceed otherwise.

askey127
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top