0

Adaware, Spybot, Spywareblaster, Spysweeper, Xcleaner -- plus added Zone Alarm. My computer is still infected. Please somebody review the following Hijack This and advise me. Thanks!!!!!

Logfile of HijackThis v1.97.7
Scan saved at 9:58:40 PM, on 8/4/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\NET\VIRUS\INOC95\REALMON.EXE
C:\PROGRAM FILES\EPSON\INK MONITOR\INKMONITOR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\TEMP\NRJLUSE6.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\N2PSTORE.EXE
C:\WINDOWS\SYSTEM\PQURQE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\CMDVI12N.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DCT.EXE
C:\WINDOWS\SYSTEM\VURZFI.EXE
C:\WINDOWS\SYSTEM\XWIN32M.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\KYJNP.EXE
C:\WINDOWS\SYSTEM\VTHJPA2.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\SPYWARE DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www21.pogo.com/home/home.jsp?sls=2&site=pogo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.eds.com;<local>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL
O2 - BHO: (no name) - {653B0700-E1BF-11D8-9F03-00E02959C800} - C:\WINDOWS\SYSTEM\IVURZ.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [InstallAurealDemos] C:\windows\temp\InstallAurealDemos.js //b
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [InoculateIT Realtime Monitor] C:\NET\VIRUS\INOC95\realmon.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 925] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P22 "EPSON Stylus Photo 925" /O7 "EPUSB1:" /M "Stylus Photo 925"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Ydawxf.exe] C:\WINDOWS\TEMP\YDAWXF.EXE
O4 - HKLM\..\Run: [SRATINGM] C:\WINDOWS\SYSTEM\SRATINGM.exe
O4 - HKLM\..\Run: [4kz4.exe] C:\WINDOWS\TEMP\4KZ4.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nrjluse6.exe] C:\WINDOWS\TEMP\NRJLUSE6.EXE
O4 - HKLM\..\Run: [42HNQFX5S@X5SW] C:\WINDOWS\SYSTEM\Wvs4.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [r24U36S] N2PSTORE.EXE
O4 - HKLM\..\Run: [ivurzc] C:\WINDOWS\SYSTEM\ivurzc.exe
O4 - HKLM\..\Run: [pzudjw] C:\WINDOWS\SYSTEM\pqurqe.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DCT] C:\WINDOWS\SYSTEM\DCT.exe
O4 - HKLM\..\Run: [vurzfi] C:\WINDOWS\SYSTEM\vurzfi.exe
O4 - HKLM\..\Run: [XWIN32M] C:\WINDOWS\SYSTEM\XWIN32M.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [McAfeeAutoInstaller] C:\WINDOWS\mcbin\shared\mcdriz.exe
O4 - HKLM\..\Run: [Cheyenne AutoDownload] C:\NET\VIRUS\INOC95\getbbs95.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [lcfep] "C:\EM\OPT\TIVOLI\LCF\BIN\WIN95\MRT\LCFEP.EXE"
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LogWatch] C:\WINDOWS\LogWat95.exe
O4 - HKLM\..\Run: [InoculateIT Scanning Service] C:\NET\VIRUS\INOC95\isrv95.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [lcfd1] ;"c:\em\opt\Tivoli\lcf\bin\win95\mrt\LCFD.EXE" -C "c:\em\opt\Tivoli\lcf\dat\1"
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Network Drives (Shared Folders)] C:\WINDOWS\SYSTEM\pcssfrrx.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [a1v8RWemh] CMDVI12N.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Updates from HP.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Slideshow all Linked Images (VistaPerfect) - C:\WINDOWS\web\vp_links.htm
O8 - Extra context menu item: Preload Linked Images (VistaPerfect) - C:\WINDOWS\web\vp_scrape.htm
O8 - Extra context menu item: Resize This Image (VistaPerfect) - C:\WINDOWS\web\vp_resize.htm
O8 - Extra context menu item: Open Linked Image (VistaPerfect) - C:\WINDOWS\web\vp_openresize.htm
O8 - Extra context menu item: Dump Linked Images (VistaPerfect) - C:\WINDOWS\web\vp_listimg.htm
O8 - Extra context menu item: Save Linked Images (VistaPerfect) - C:\WINDOWS\web\vp_listimgsave.htm
O9 - Extra button: RealGuide (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O12 - Plugin for .asf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .cfm: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {8C6A9DCC-6603-11D1-9236-00C04FBFD1C2} (VistaPerfect) -
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/084081b3f8e7b18d3c23/netzip/RdxIE601.cab

3
Contributors
3
Replies
4
Views
13 Years
Discussion Span
Last Post by caperjack
0

Hi; I'm not qualified to instruct you regarding your log, so I'm not going to even try, but the first thing a "real tech" is going to suggest is for you to "update hijackthis to version 1.98.1 -- Run your current version of hijackthis & go to *Config\Misc Tools\Check for update on-line. Then remove 1.97 from the folder it is in & replace it with 1.98.1." So you may as well do that and post a new log.

Also, it appears to me that you are infected with the about:blank hijacker; while you're waiting for a tech to review you log, you may want to review some other threads regarding this topic.

Good luck!

0

There are multiple things going on with you computer .get the hijack update .
Then do the following .
.......................................................
you have a Peper infection

Download the removal tool :

http://downloads.subratam.org/PeperFix.exe

Make sure you are connected to the net and run it. If asked by your firewall for permission to access the net, please grant permission.

Reboot and run it a second time while connected to the net.

0

Get and run CWShredded
I know you say you used ad-aware ,but did you have it twweked like it's suggested here .
...................................................
Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.