0

Hello people!
My business PC is infected with HS and i really cannot remove it! I had the same problem with my home PC and it was successfully removed, but i use the Windows XP there and 98 version here.

I'm posting the HiJack This log! Please help-me!

PS: Sorry for my bad english.

Logfile of HijackThis v1.99.1
Scan saved at 10:19:35, on 08/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\ADDFU32.EXE
C:\ARQUIVOS DE PROGRAMAS\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\ARQUIVOS DE PROGRAMAS\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\PT-BR\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\D3MY.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\idwam.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\idwam.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\idwam.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\idwam.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\idwam.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\idwam.dll/sp.html#17702
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\idwam.dll/sp.html#17702
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\PT-BR\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\SYSTEM\SCPSSSH2.DLL
O2 - BHO: Class - {0F8EB263-D23D-B227-0B4D-E0CDFED83FF4} - C:\WINDOWS\SYSTEM\MSUE32.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\PT-BR\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [avast! Web Scanner] C:\ARQUIV~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ADDFU32.EXE] C:\WINDOWS\ADDFU32.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\ARQUIV~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [D3MY.EXE] C:\WINDOWS\D3MY.EXE /s
O4 - Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARQUIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adsl
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.160.145.2,200.160.145.3

2
Contributors
1
Reply
2
Views
12 Years
Discussion Span
Last Post by DMR
0

1. Download About:Buster

- unzip/extract the downloaded zip file into its own folder.
- Open AboutBuster.exe, click "Update" to download the latest updates, and then close the program. Do not actually run the program yet.


2. Download Sp.html-Se.dll Hijack Fix for Win 98.

- unzip/extract the downloaded zip file into its own folder.


3. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

- Run AboutBuster and click on "Begin Removal". Allow it to perform its scan/removal and then close the program.

- Run Sp.html-Se.dll Hijack Fix and click "Start Disinfection". Close the program when the scan has completed.


4. Reboot normally, run HijackThis again, and post the new log.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.