1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Please help, trying to figure out hijack

Discussion in 'Virus & Other Malware Removal' started by jspencer1985, Jan 13, 2019.

Thread Status:
Not open for further replies.
  1. jspencer1985

    jspencer1985 Thread Starter

    Joined:
    Jan 13, 2019
    Messages:
    1
    I recently had to use my recovery disk as I have had major problems with missing components. Now I don't have enough drive space so something is wrong, any help would be appreciated. Thanks to any help given. I am not to familiar with computer stuff, just use it mainly for pc games. Looks like some sites that shouldn't be there and wonder how they got there.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:31:06 AM, on 5/1/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\SYSTEM\USBMMKBD.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\938HON4F\HIJACKTHIS[1].EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/windsor
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com
    O1 - Hosts: 64.237.57.170 www.fomenko.ru #n?À[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.170 fomenko.ru #EDivByZero?Ø[email protected]Ø[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.170 www.qwe.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.170 qwe.ru # [email protected] [email protected]@ . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.170 www.killer.ru #EMathError?À[email protected] À[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.170 killer.ru #EMathError?À[email protected] À[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.170 www.girlfriend.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.170 girlfriend.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.170 www.lovers.ru #EOverflow?À¤[email protected] ¤[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.170 lovers.ru #EUnderflow?ð[email protected] ð[email protected] . [email protected]
    O1 - Hosts: 64.237.57.170 www.bum.ru #EConvertError?Àà[email protected] à[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.170 bum.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ .EStackOverflow?Ð[email protected]
    O1 - Hosts: 64.237.57.170 www.pupsik.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ .EStackOverflow?Ð[email protected]
    O1 - Hosts: 64.237.57.170 pupsik.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ .EStackOverflow?Ð[email protected]
    O1 - Hosts: 64.237.57.170 www.devil.ru[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EControlC?À[email protected]
    O1 - Hosts: 64.237.57.170 devil.ru #Ð[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EControlC?À[email protected]
    O1 - Hosts: 64.237.57.170 www.persik.ru[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@EControlC?À[email protected]
    O1 - Hosts: 64.237.57.171 persik.ru # Ð[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@EControlC?À[email protected]
    O1 - Hosts: 64.237.57.171 www.etop.ru #[email protected] 4)@ <)@ t(@ ?(@ °(@[email protected]@@[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EIntEr
    O1 - Hosts: 64.237.57.171 etop.ru #[email protected] 4)@ <)@ t(@ ?(@ °(@[email protected]@@[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EIntEr
    O1 - Hosts: 64.237.57.171 omen.ru #EConvertError?Àà[email protected] à[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 www.omen.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 www.uxi.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 uxi.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 www.pornushka.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 pornushka.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 www.isex.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 isex.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 www.sexymafia.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 sexymafia.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 www.erotica.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 erotica.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 www.porno.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.171 porno.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.172 seksfoto.net #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.172 www.seksfoto.net #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.172 erophoto.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.172 www.erophoto.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.172 youngteensfuck.com #EOverflow?À¤[email protected] ¤[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.172 www.youngteensfuck.com #EOverflow?À¤[email protected] ¤[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.172 adult-top.ru #[email protected] 4)@ <)@ t(@ ?(@ °(@[email protected]@@[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EIntEr
    O1 - Hosts: 64.237.57.172 www.adult-top.ru #[email protected] 4)@ <)@ t(@ ?(@ °(@[email protected]@@[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@ EIntEr
    O1 - Hosts: 64.237.57.172 maxtop.ru #EConvertError?Àà[email protected] à[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.172 www.maxtop.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.172 www.teens-trade.com #EConvertError?Àà[email protected] à[email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 64.237.57.172 teens-trade.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 207.176.39.177 mail.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O1 - Hosts: 207.176.39.177 www.mail.ru #[email protected] [email protected] . [email protected] 4)@ <)@ t(@ ?(@ °(@
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN4\YCOMP5_3_16_0.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN4\YCOMP5_3_16_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IncredimailDownloader] C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\IMLOADER.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] c:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] c:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRAM FILES\INCREDIMAIL\BIN\IncMail.exe /c
    O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: Updates from HP.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
    O4 - Startup: HP Internet Center.lnk = C:\HP Internet\Surfboard\Surfbrd.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: RealGuide (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4353/mcfscan.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38105.6263657407
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi jspencer 1985,

    There is NO chance that a machine with windows 98 can be fixed, or made safe.
    There are lots of reasons for this, almost all having to do with the age of the system.

    Right now, you should get this machine OFFLINE (unplug the internet cable).
    Anyone who feels like it could discover all your internet business from such an old, unprotected system.
    Going forward , you should change every password for every account you have used while on this machine.

    I don't know your personal situation, so I can't make any suggestion about how to proceed otherwise.

    askey127
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1221828

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice