1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

remote host?virus?

Discussion in 'Virus & Other Malware Removal' started by KATHYNIMCHES, Sep 18, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    I would look through the forum and read every post but I'm scared and think I'm running out of time, my friend was on the computer last nite and it got all weired out and crashes she said it did it on her own and was in safe mode before i knew it I went to control panel and there was question marks on the device controller one said unknown device it had a x on it and neither one of my communication ports would work they too had been unabled well i ran the viral report and went to bed, by the way i couldnt get on-line all my ports were busy the display was huge and it looked funny colors, then I get up this morning and ran the spybot I got from here the other nite, it has 155 red explanation marks and i have read the help file but I'm slow and since my computer has shown the illegal explorer's box today i think I'm in trouble i am afraid to do anything what should i do?
     
  2. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    THERE IS A MOBIMSGR.EXE FILE ON DESKTOP SAYS APPLICATION AND WAS CREATED AUG 23 2003 WHAT IS THAT?
     
  3. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    Hmmmm. The MOBIMSGR.EXE is "MobiMessenger is the easy-to-use software for broadcasting Text and Flash messages to cell phones, PDA's and mobile handsets. Use it as a powerful direct marketing tool or to send instant messages to friends, customers and colleagues" Does that sound familiar?

    About your various problems, I think a HijackThis log would help sort things out. You will want go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.Press that, save the log as a .txt file, and copy and paste its contents into your next post.

    I'm not a HJT log expert but there are folks here who are. You will probably want to "fix" all the stuff Spybot S & D found.
     
  4. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
    mobimsgr, The ultimate tool for global SMS messaging, straight from your computer. It's the easiest way to send your personal text messages to your friends, family, clients and colleagues globally! (well according to the advertising blurb!!)


    Anything in red is spyware so you can have spybot fix all of them

    I would suggest that you post a hijack this log


    Go to this page, and download 'Hijack This!'.

    Unzip it, launch Hijack This, then press Scan, and press Save Log

    This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

    open that file
    Go to Edit | Select all
    Now click Edit | copy to copy it
    Come back to TSG, Right Click and paste its contents here
     
  5. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    thankyou I will go to the above link and get back with the log asap thanks
     
  6. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    and thanks for letting me know what that file was it scarred me because it was exe i will be back soon with log
     
  7. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    dont know what I did wrong maybe its the zip thingie but I opened the prog and it went to adobe and said it couldnt be
    opened in that format I never chose the always open with button for this hijack thingie the spybot worked okay what did i do wrong was i suppose to click the open it from this location instead of the save it to disk one ? sorry
     
  8. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    dog gone it it i downloaded it and clicked run from current location and then I see on my desktop it is a adobe format one again, whats up with that? my spybot is still minimized on taskbar because I didnt want to close it yet why is hyjack wanting to use the adobe to open it?
     
  9. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    I will be back guess ill close the spybot and not fix any of the red exclamation points some of them look scarrey to me I printed them 6 pages.
     
  10. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    Logfile of HijackThis v1.97.2
    Scan saved at 1:20:36 AM, on 9/19/03
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSGLOOP.EXE
    C:\WINDOWS\SYSTEM\MSG32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\WINDOWS\SYSTEM\INFWIN.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
    C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\DAP\DAP.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0A\WAOL.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchassistant.iwon.com/srchlft.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchassistant.iwon.com/srchlft.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchassistant.iwon.com/srchlft.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
    O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL
    O2 - BHO: iWon Search Assistant BHO - {08E1C8E1-E565-44fc-A766-C9539BB3ABB7} - C:\PROGRAM FILES\IWON\SRCHASTT\1.BIN\I1SRCHAS.DLL
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_20.dll
    O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM214.DLL
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\wizard.exe c:\windows\SYSTEM
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [infwin] c:\windows\system\infwin.exe /noconnect
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE /NOSPLASH
    O4 - HKLM\..\RunServices: [TweakIco] c:\hp\support\tweakico.exe
    O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKLM\..\RunOnce: [hhctrl.ocx] c:\windows\SYSTEM\regsvr32 /s c:\windows\SYSTEM\hhctrl.ocx
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: DLHelperEXE.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O15 - Trusted Zone: *.freeaolservices.com
    O15 - Trusted Zone: *.freegoggleservices.com
    O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.super-direct-downloads.de/freemp3z.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/EGHTMLDialer.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F} (AInst Class) - http://209.47.15.72/inst/activeinstaller.dll
    O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://download.iwon.com/ct/pm3/iwonpm_5_1,0,2,5.cab
    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
    O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} (iWon Installer Start) - http://i1img.com/images/nocache/copilot/i1initialsetup1.0.0.5.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/211/webolr/OCX/FlashAX.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
    O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDistIO.CAB

    hope I did it right finally
     
  11. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
    First things first, Go to Start | Settings | Control Panel | add/remove Programs

    Highlight New.net and click remove

    Do the same for DAP

    Now restart Hijack this and check the following:
    (note some may no longer there as a result of removing DAP and new.net)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchassistant.iwon.com/srchlft.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchassistant.iwon.com/srchlft.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchassistant.iwon.com/srchlft.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
    O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL
    O2 - BHO: iWon Search Assistant BHO - {08E1C8E1-E565-44fc-A766-C9539BB3ABB7} - C:\PROGRAM FILES\IWON\SRCHASTT\1.BIN\I1SRCHAS.DLL
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_20.dll
    O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM214.DLL
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
    O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - Startup: DLHelperEXE.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Run DAP (HKLM)
    O15 - Trusted Zone: *.freeaolservices.com
    O15 - Trusted Zone: *.freegoggleservices.com
    O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.ne...GHTMLDialer.cab
    O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://download.iwon.com/ct/pm3/iwonpm_5_1,0,2,5.cab
    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download...ptdmgainads.cab
    O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} (iWon Installer Start) - http://i1img.com/images/nocache/cop...etup1.0.0.5.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhe...n7/dlhelper.cab
    O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDistIO.CAB

    Click Fix checked

    Rerun Spybot and remove all in red, I asssure that you won't want those on your system
     
  12. normmork

    normmork

    Joined:
    Oct 4, 2002
    Messages:
    76
  13. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    UNDLL32 caused a general protection fault
    in module SETUPX.DLL at 0002:00007c15.
    Registers:
    EAX=00008168 CS=1a27 EIP=00007c15 EFLGS=00000246
    EBX=00637000 SS=5917 ESP=00008160 EBP=00008192
    ECX=0000000a DS=69df ESI=000045ef FS=45ef
    EDX=00020000 ES=0167 EDI=00000167 GS=0000
    Bytes at CS:EIP:
    9a 4c 72 9f 5b 8b f0 89 56 fe 0b d0 74 27 66 83
    Stack dump:
    59178168 45ef1b8f 00000026 00000000 017b69df 00000000 00000510 88020511 12fc1a27 bff769df bff713e2 0000015f 81a641ed 1bc7020b 58ff0000 1bc701b2
    THIS IS WHAT CAME UP WHEN I WENT TO OPEN CONTROL PANEL
     
  14. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    EXPLORER caused an invalid page fault in
    module KERNEL32.DLL at 015f:bff7b997.
    Registers:
    EAX=00000000 CS=015f EIP=bff7b997 EFLGS=00000246
    EBX=012a9198 SS=0167 ESP=012a8f2c EBP=012a8f3c
    ECX=012a8f8c DS=0167 ESI=0202d978 FS=2c5f
    EDX=012a8f94 ES=0167 EDI=0213f070 GS=0000
    Bytes at CS:EIP:
    ff 76 04 e8 26 89 ff ff 5e c2 04 00 56 8b 74 24
    Stack dump:
    0202d978 020266d5 0202d978 0202d348 012a8fb4 0202310f 012a8f8c 00000000 00000004 00000000 00000007 0202d350 012a8f64 012a8fa4 012a9158 012a9148
    and now this one when i got rid of dap
     
  15. KATHYNIMCHES

    KATHYNIMCHES Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    16
    and here is Logfile of HijackThis v1.97.2
    Scan saved at 5:08:18 PM, on 9/19/03
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSGLOOP.EXE
    C:\WINDOWS\SYSTEM\MSG32.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\WINDOWS\SYSTEM\INFWIN.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
    C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\PROGRAM FILES\AMERICA ONLINE 7.0A\WAOL.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM214.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\wizard.exe c:\windows\SYSTEM
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [infwin] c:\windows\system\infwin.exe /noconnect
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE /NOSPLASH
    O4 - HKLM\..\RunServices: [TweakIco] c:\hp\support\tweakico.exe
    O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.super-direct-downloads.de/freemp3z.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F} (AInst Class) - http://209.47.15.72/inst/activeinstaller.dll
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/211/webolr/OCX/FlashAX.cab

    my latest hijack this
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165739

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice