hijack this help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by sossy111, Jun 2, 2004.

  1. sossy111

    sossy111 Private E-2

    I have crazy pop ups when I am online. can someone help me with the hijack this read out. i'm kinda computer stupid.

    Logfile of HijackThis v1.97.7Scan saved at 1:00:57 PMPlatform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\PROGRAM FILES\VERIZONONLINEDSL\VISUAL IP INSIGHT\ARUPLD32.EXEC:\PROGRAM FILES\VERIZONONLINEDSL\VISUAL IP INSIGHT\ARMON32A.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\LOADQM.EXEC:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXEC:\PROGRAM FILES\VERIZONONLINEDSL\WINPOET\WINPPPOVERETHERNET.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\TEMP\IYG.EXEC:\WINDOWS\SYSTEM\IEHOST.EXEC:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXEC:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\COKX5.EXEC:\WINDOWS\SYSTEM\BLUC239.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\VERIZONONLINEDSL\VISUAL IP INSIGHT\ARUPLD32.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\WINZIP\WINZIP32.EXEC:\WINDOWS\TEMP\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\MainR0 - HKCU\Software\Microsoft\Internet Explorer\MainR0 - HKLM\Software\Microsoft\Internet Explorer\MainR1 - HKLM\Software\Microsoft\Internet Explorer\MainR1 - HKLM\Software\Microsoft\Internet Explorer\MainR1 - HKLM\Software\Microsoft\Internet Explorer\MainR0 - HKLM\Software\Microsoft\Internet Explorer\SearchR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsR0 - HKCU\Software\Microsoft\Internet Explorer\ToolbarN1 - Netscape 4: user_pref("browser.startup.homepage"N3 - Netscape 7: user_pref("browser.startup.homepage"N3 - Netscape 7: user_pref("browser.search.defaultengine"O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\SYSTEM\INETDCTR.DLLO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLLO2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorunO4 - HKLM\..\Run: [SystemTray] SysTray.ExeO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXEO4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonOnlineDSL\WinPoET\WinPPPoverEthernet.exeO4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exeO4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\Run: [EasyMessage] C:\PROGRAM FILES\EASY MESSAGE\EM2.EXEO4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exeO4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\SYSTEM\idctup20.exeO4 - HKLM\..\Run: [Iyg] C:\WINDOWS\TEMP\IYG.EXEO4 - HKLM\..\Run: [47MSJ2W3J7PQJE] C:\WINDOWS\SYSTEM\Dqk5Z.exeO4 - HKLM\..\Run: [Bakra] C:\WINDOWS\SYSTEM\IEHost.exeO4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exeO4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXEO4 - HKLM\..\Run: [IFIL400O] C:\WINDOWS\SYSTEM\IFIL400O.exeO4 - HKLM\..\Run: [] C:\WINDOWS\SYSTEM\O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\VERIZONONLINEDSL\VISUAL IP INSIGHT\ARUpld32.exe" -lO4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\VERIZONONLINEDSL\VISUAL IP INSIGHT\ARMon32a.exe"O4 - HKCU\..\Run: [GetAnonymous] C:\Program Files\GetAnonymous 1.2\GetAnonymous.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\RunServices: [GetAnonymous] C:\Program Files\GetAnonymous 1.2\GetAnonymous.exeO4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - Startup: Verizon Online DSL.LNK = C:\Program Files\VerizonOnlineDSL\WinPoET\WrDialer.exeO4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exeO4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exeO4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\prln.exeO8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.htmlO8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.htmlO8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.htmlO8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.htmlO9 - Extra button: AIM (HKLM)O9 - Extra button: GetAnonymous (HKLM)O9 - Extra 'Tools' menuitem: GetAnonymous (HKLM)O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...le.com/qt502/us/win/QuickTimeInstaller.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cabO16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABO16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cabO16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1
     
  2. sossy111

    sossy111 Private E-2

    this is easier 2 read, right?


    Logfile of HijackThis v1.97.7Scan saved at 1:00:57 PM on 6/2/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\PROGRAM FILES\VERIZONONLINEDSL\VISUAL IP INSIGHT\ARUPLD32.EXEC:\PROGRAM FILES\VERIZONONLINEDSL\VISUAL IP INSIGHT\ARMON32A.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\LOADQM.EXEC:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXEC:\PROGRAM FILES\VERIZONONLINEDSL\WINPOET\WINPPPOVERETHERNET.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\TEMP\IYG.EXEC:\WINDOWS\SYSTEM\IEHOST.EXEC:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXEC:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\COKX5.EXEC:\WINDOWS\SYSTEM\BLUC239.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\VERIZONONLINEDSL\VISUAL IP INSIGHT\ARUPLD32.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\WINZIP\WINZIP32.EXEC:\WINDOWS\TEMP\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\MainSearch Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htmR0 - HKCU\Software\Microsoft\Internet Explorer\MainStart Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\MainStart Page = http://default-homepage-network.com/start.cgi?new-hklmR1 - HKLM\Software\Microsoft\Internet Explorer\MainSearch Page = res://mshp.dll/sp.html#22776R1 - HKLM\Software\Microsoft\Internet Explorer\MainDefault_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\MainDefault_Search_URL = res://mshp.dll/sp.html#22776R0 - HKLM\Software\Microsoft\Internet Explorer\SearchCustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer = 127.0.0.1:8080R0 - HKCU\Software\Microsoft\Internet Explorer\ToolbarLinksFolderName = N1 - Netscape 4: user_pref("browser.startup.homepage" "http://store.yahoo.com/gifts89/ind.html"); (C:\Program Files\Netscape\Users\d\prefs.js)N3 - Netscape 7: user_pref("browser.startup.homepage" "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\3phz0g3u.slt\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine" "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\3phz0g3u.slt\prefs.js)O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\SYSTEM\INETDCTR.DLLO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLLO2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorunO4 - HKLM\..\Run: [SystemTray] SysTray.ExeO4 - HKLM\..\Run: [LoadQM] loadqm.exeO4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXEO4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonOnlineDSL\WinPoET\WinPPPoverEthernet.exeO4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exeO4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\Run: [EasyMessage] C:\PROGRAM FILES\EASY MESSAGE\EM2.EXEO4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exeO4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\SYSTEM\idctup20.exeO4 - HKLM\..\Run: [Iyg] C:\WINDOWS\TEMP\IYG.EXEO4 - HKLM\..\Run: [47MSJ2W3J7PQJE] C:\WINDOWS\SYSTEM\Dqk5Z.exeO4 - HKLM\..\Run: [Bakra] C:\WINDOWS\SYSTEM\IEHost.exeO4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exeO4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXEO4 - HKLM\..\Run: [IFIL400O] C:\WINDOWS\SYSTEM\IFIL400O.exeO4 - HKLM\..\Run: [] C:\WINDOWS\SYSTEM\O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\VERIZONONLINEDSL\VISUAL IP INSIGHT\ARUpld32.exe" -lO4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\VERIZONONLINEDSL\VISUAL IP INSIGHT\ARMon32a.exe"O4 - HKCU\..\Run: [GetAnonymous] C:\Program Files\GetAnonymous 1.2\GetAnonymous.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\RunServices: [GetAnonymous] C:\Program Files\GetAnonymous 1.2\GetAnonymous.exeO4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - Startup: Verizon Online DSL.LNK = C:\Program Files\VerizonOnlineDSL\WinPoET\WrDialer.exeO4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exeO4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exeO4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\prln.exeO8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.htmlO8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.htmlO8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.htmlO8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.htmlO9 - Extra button: AIM (HKLM)O9 - Extra button: GetAnonymous (HKLM)O9 - Extra 'Tools' menuitem: GetAnonymous (HKLM)O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...le.com/qt502/us/win/QuickTimeInstaller.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cabO16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABO16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cabO16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1504359/mcfscan.cab
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We cannnot help you if you cannot post it correctly. Exactly how are you doing this. You seem to be missing the LF/CR pairs.

    In addition you need to first follow the steps here: http://www.majorgeeks.com/vb/showthread.php?t=26149

    to run Ad-aware and SpyBot S&D first.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds