0

Hey, great work people… my comp is stuffed has been for ages, the main problem I have these days is the slowness an the internet lag… not restricted to being on the net though… always so slow, Rundll32 starts at start up an causes the “work offline” internet box to appear continously an wen on the net there are two rundll32 present, scared of undeletable thread from registry OBYPHB.exe too infected with amaena and drivecleaner, systemdoctor etc for sure but vundofix didn’t find them umm an a bunch of other crap that ruins everything possible… please help me start rectify my computer an internet.. coz it aint worth the 20 odd cents to dial up… thanks so much…

Logfile of HijackThis v1.99.1
Scan saved at 1:19:24, on 15/07/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\OBYPHB.EXE
C:\WINDOWS\SYSTEM\REGRUNCHK.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKYANAN\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://193.125.201.50
F1 - win.ini: load=REGRUNCHK.EXE
F1 - win.ini: run=REGRUNCHK.EXE
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-AU\MSNTB.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [RegRunChk] C:\WINDOWS\SYSTEM\REGRUNCHK.EXE
O4 - HKLM\..\Run: [Windows Recycler] OBYPHB.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegRunChk] C:\WINDOWS\SYSTEM\REGRUNCHK.EXE
O4 - HKLM\..\RunServices: [System32] System32.exe
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O4 - HKLM\..\RunServices: [Windows Recycler] OBYPHB.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PartyGaming\PartyPoker\RunApp.exe (file missing)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.117:8094/Java/cs4ms090.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/au/games4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

2
Contributors
5
Replies
6
Views
11 Years
Discussion Span
Last Post by kylethedarkn
0

Run HJT and check the following.
F1 - win.ini: load=REGRUNCHK.EXE
F1 - win.ini: run=REGRUNCHK.EXE
O4 - HKLM\..\Run: [Windows Recycler] OBYPHB.EXE
O4 - HKLM\..\RunServices: [RegRunChk] C:\WINDOWS\SYSTEM\REGRUNCHK.EXE
O4 - HKLM\..\RunServices: [System32] System32.exe
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O4 - HKLM\..\RunServices: [Windows Recycler] OBYPHB.EXE
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnview95.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.117:8094/Java/cs4ms090.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/au/games4.cab
Close all other windows and click fix checked.

Plz download LSPFix from here. Put it in its own folder and run it. check the box that says "i know what i am doing" and put any of the following dlls to the remove section webhdll.dll, wbhshare.dll, whiehlpr.dll, whieshm.dll, whAgent.exe. Then click finish.

Please download and install ewido anti-spyware tool

  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
  • This in very important to get updates
  • When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

  • Open Ewido
  • Click on scanner top of Ewido sceen
  • Click on Settings
  • Under How to Act click on Recommended Action choose Quarantine
  • Under How to scan all boxes should be selected
  • Under Possibly unwanted software all boxes should be selected
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file
  • Click On scan Tab
  • Click on Complete system scan
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished At bottom of screen click Apply all Actions
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop
  • Click Save
  • Exit ewido

While still in safe mode delete the following files and folders if present using My Computer.
C:\PROGRAM FILES\GO!ZILLA\
C:\WINDOWS\SYSTEM\REGRUNCHK.EXE
Now search for the following files using the search option in My Computer.(They are most likely in the Windows Folder so search there first)
mscvrt32.exe
System32.exe
When you find them delete them.

Reboot back to normal mode.
Post a new HJT log with a new Ewido log.
Still having problems?

0

first off thanks so much for ya time, help an all, some queries though... using fix check on hijackthis the OBYPBH.exe stayed but in safe mode was deletable, webdll was removed successfully too... hopefully for good, the regrunchk.exe i deleted in safe too (an on startup told me it was missing but load up was normal) an mscvrt.exe deleted too...but couldnt find System32.exe anywhere... the main problem is ewido requires windows 2000 or later to install so i havent been able to use it running win98... regardless thanks so much coz all the problems i listed are now gone, except the internet still has a huge lag, not sure the cause... say for example is google, i type a search an click 'go' it takes 10-20secs to actually register the click, during this period the site freezes up then initiates the action after the 20 secs or so... my bytes sent are only 200,000 an 800,000 received after being on the net for 10 minutes with a 56kb modem... it used to be alot more... well any help is appreciated, cheers jack

new log...

Logfile of HijackThis v1.99.1
Scan saved at 1:45:32, on 16/07/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKYANAN\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://193.125.201.50
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-AU\MSNTB.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PartyGaming\PartyPoker\RunApp.exe (file missing)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

0

Did you run Lspfix because i forgot the link. Here is the link I forgot.
I want you to run it and do the steps i posted above if you didn't already. Also right down all of the dlls that lspfix lists.

Also I recommend Downloading and using the Mozilla Firefox Browser. It has better security and it has tabs so you can have more than one website open in the same window. You can download Firefox from here.

0

yeah used it an removed webdll thanks... rnr20... msafd... rsvpsp are the dll's running, thanks for ya help mate peace

0

Everything looks clean so i would recommend switch to the Mozilla Firefox browser and see if things are going any faster.


PS: I know a friend with windows 98 and a Dsl modem and his internet still takes almost as long as yours does. So Im thinking its just the Windows 98 computer with the current day internet. But try Mozilla and see if it gets better.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.