Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91679 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack


  • Please log in to reply
6 replies to this topic

#1 Bading

Bading

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 08 June 2004 - 06:39 PM

can someone tell me wat to take off of this list?

Logfile of HijackThis v1.97.7
Scan saved at 5:30:12 PM, on 6/8/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\df\local settings\temp\psj9X.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Belkin\11Mbps Wireless Network\Config.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
C:\WINDOWS\system32\sgsm32m.exe
C:\WINDOWS\system32\Nfw8fU8C.exe
C:\WINDOWS\system32\Wwe1X.exe
C:\DOCUME~1\df\LOCALS~1\Temp\msbb.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\df\Local Settings\Temporary Internet Files\Content.IE5\HLI57RS6\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - (no file)
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\system32\bridge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [psj9X] C:\documents and settings\df\local settings\temp\psj9X.exe
O4 - HKLM\..\Run: [4AQFXSZ3EKCRMX] C:\WINDOWS\system32\Erl6Z.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\system32\bridge.dll",Load
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msbb] c:\docume~1\df\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [wtyf] C:\WINDOWS\wtyf.exe
O4 - HKLM\..\Run: [sgsm32m] C:\WINDOWS\system32\sgsm32m.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\system32\msmc.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\Belkin\11Mbps Wireless Network\Config.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Guide (HKLM)
O9 - Extra button: PeoplePC (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Wallet (HKLM)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} - http://infinity.zang...b?productid=542
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...37886.778275463
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab

    Advertisements

Register to Remove


#2 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 08 June 2004 - 09:17 PM

Greetings and welcome to TomCoyote.com!

May your day be blessed by those you love and those you love be blessed by HIM. - Coyote


Please make a permanent folder (not on the desktop) for Hijack This! (suggest "C:\HJT\"), and MOVE it into that folder.

You have a Peper Trojan, among other things.

Please download the Peper Uninstaller from the link in my signature.

You have to remain online to run it.

Run it.

Reboot.

Run it again.

Reboot.

Have Hijack This! fix these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R3 - Default URLSearchHook is missing

O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - (no file)

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\system32\bridge.dll

O4 - HKLM\..\Run: [psj9X] C:\documents and settings\df\local settings\temp\psj9X.exe

O4 - HKLM\..\Run: [4AQFXSZ3EKCRMX] C:\WINDOWS\system32\Erl6Z.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\system32\bridge.dll",Load

O4 - HKLM\..\Run: [msbb] c:\docume~1\df\locals~1\temp\msbb.exe

O4 - HKLM\..\Run: [wtyf] C:\WINDOWS\wtyf.exe

O4 - HKLM\..\Run: [sgsm32m] C:\WINDOWS\system32\sgsm32m.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\system32\msmc.exe

Reboot.

Find and delete these files (if they still exist):

C:\WINDOWS\system32\SearchBar.htm
C:\WINDOWS\SYSTEM\blank.htm
C:\WINDOWS\system32\bridge.dll
C:\documents and settings\df\local settings\temp\psj9X.exe
C:\WINDOWS\system32\Erl6Z.exe
c:\docume~1\df\locals~1\temp\msbb.exe
C:\WINDOWS\wtyf.exe
C:\WINDOWS\system32\sgsm32m.exe
C:\WINDOWS\system32\msmc.exe

They may be "hidden". Use the link in my signature to tell you how to show "hidden" files if necessary.

Reboot and post a new log file into this thread. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#3 Bading

Bading

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 09 June 2004 - 11:23 PM

k thx! :D

#4 Bading

Bading

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 10 June 2004 - 05:33 PM

the peper uninstaller wont work it gos halfway installing then fails is there soemthing wrong?

#5 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 10 June 2004 - 05:48 PM

Please try this Peper fix:

http://downloads.sub...rg/PeperFix.exe

Using this one you don't have to remain online to run. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#6 Bading

Bading

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 13 June 2004 - 11:52 PM

yay it works thank you Michah

#7 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 14 June 2004 - 04:04 AM

Great!!! Please post another log file so we can be sure you have gotten all the "bugs" out of your machine. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users