|
Logfile of HijackThis v1.99.1 - sumit
Reference: SE.dll; WEBDLG32.dll; RPCSS.exe; WMIEXE.exe; MSGSRV32.exe
Please remember NOT to run hijackthis.exe inside the zip file. Unzip (extract) it to your desktop then double click on "HijackThis.exe" icon in this way a backup for the removed key will be created on your desktop (useful if you remove them wrongly).
Here is what you should do.
Remove these search keys:
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = res: / / C: \ WINDOWS \ TEMP \ se.dll / spage.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = about:blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Default_Search_URL = website: red.clientapps.yahoo.com / customize / ie / defaults / su / ymsgr6 / *website: yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = res: / / C: \ WINDOWS \ TEMP \ se.dll / spage.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = about:blank
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant = about:blank
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant = about:blank
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL,(Default) = website: red.clientapps.yahoo.com / customize / ie / defaults / su / ymsgr6 / *website: yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,HomeOldSP = about:blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,HomeOldSP = about:blank
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C: \ WINDOWS \ WEBDLG32.DLL
Remove these additional browser plug-in keys (O2...O4):
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C: \ PROGRA~1 \ BPK \ BPKWB.DLL
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - C: \ WINDOWS \ DOWNLO~1 \ IPREG32.DLL
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C: \ WINDOWS \ WEBDLG32.DLL
O2 - BHO: (no name) - {44E592C1-ACBE-11D9-A247-00C191B2D15B} - C: \ WINDOWS \ SYSTEM \ BJCB.DLL
O4 - HKLM \ .. \ Run: [sp] rundll32 C: \ WINDOWS \ TEMP \ SE.DLL,DllInstall
Remove these extra items in IE menu (O8...O9):
O9 - Extra ´Tools´ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm (file missing)
Remove these extra protocols and protocol hijackers (O18):
O18 - Filter: text / html - {44E592C0-ACBE-11D9-A247-00C1FEFE74C0} - C: \ WINDOWS \ SYSTEM \ BJCB.DLL
O18 - Filter: text / plain - {44E592C0-ACBE-11D9-A247-00C1FEFE74C0} - C: \ WINDOWS \ SYSTEM \ BJCB.DLL
Reboot the computer and put it to safe mode. Then delete these files from your C: drive.
C: \ WINDOWS \ TEMP \ se.dll
C: \ WINDOWS \ DOWNLO~1 \ IPREG32.DLL
C: \ WINDOWS \ WEBDLG32.DL
Original log.
Scan saved at 10:35:16 AM, on 4 / 14 / 05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C: \ WINDOWS \ SYSTEM \ KERNEL32.DLL
C: \ WINDOWS \ SYSTEM \ MSGSRV32.EXE
C: \ WINDOWS \ SYSTEM \ MPREXE.EXE
C: \ WINDOWS \ SYSTEM \ MSTASK.EXE
C: \ PROGRAM FILES \ ALWIL SOFTWARE \ AVAST4 \ ASHSERV.EXE
C: \ WINDOWS \ EXPLORER.EXE
C: \ WINDOWS \ TASKMON.EXE
C: \ WINDOWS \ SYSTEM \ SYSTRAY.EXE
C: \ WINDOWS \ SYSTEM \ IGFXTRAY.EXE
C: \ WINDOWS \ LOADQM.EXE
C: \ PROGRAM FILES \ COMMON FILES \ REAL \ UPDATE_OB \ REALSCHED.EXE
C: \ WINDOWS \ RUNDLL32.EXE
C: \ PROGRAM FILES \ PERFECT KEYLOGGER LITE \ BPK.EXE
C: \ WINDOWS \ SYSTEM \ CTFMON.EXE
C: \ WINDOWS \ SYSTEM \ DDHELP.EXE
C: \ WINDOWS \ SYSTEM \ RPCSS.EXE
C: \ WINDOWS \ SYSTEM \ WMIEXE.EXE
C: \ PROGRAM FILES \ COMMON FILES \ MICROSOFT SHARED \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ SYSTEM \ PSTORES.EXE
C: \ PROGRAM FILES \ INTERNET EXPLORER \ IEXPLORE.EXE
C: \ PROGRAM FILES \ INTERNET EXPLORER \ IEXPLORE.EXE
C: \ PROGRAM FILES \ INTERNET EXPLORER \ IEXPLORE.EXE
C: \ PROGRAM FILES \ WINZIP \ WINZIP32.EXE
C: \ WINDOWS \ TEMP \ HIJACKTHIS.EXE
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = res: / / C: \ WINDOWS \ TEMP \ se.dll / spage.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = about:blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Default_Search_URL = website: red.clientapps.yahoo.com / customize / ie / defaults / su / ymsgr6 / *website: yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = res: / / C: \ WINDOWS \ TEMP \ se.dll / spage.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = about:blank
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant = about:blank
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant = about:blank
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL,(Default) = website: red.clientapps.yahoo.com / customize / ie / defaults / su / ymsgr6 / *website: yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,HomeOldSP = about:blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,HomeOldSP = about:blank
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C: \ WINDOWS \ WEBDLG32.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C: \ PROGRAM FILES \ YAHOO! \ COMPANION \ INSTALLS \ CPN \ YCOMP5_3_12_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ PROGRAM FILES \ ADOBE \ ACROBAT 6.0 \ READER \ ACTIVEX \ ACROIEHELPER.DLL
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C: \ PROGRA~1 \ BPK \ BPKWB.DLL
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - C: \ WINDOWS \ DOWNLO~1 \ IPREG32.DLL
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C: \ WINDOWS \ WEBDLG32.DLL
O2 - BHO: (no name) - {44E592C1-ACBE-11D9-A247-00C191B2D15B} - C: \ WINDOWS \ SYSTEM \ BJCB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \ WINDOWS \ SYSTEM \ MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C: \ PROGRAM FILES \ YAHOO! \ COMPANION \ INSTALLS \ CPN \ YCOMP5_3_12_0.DLL
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C: \ WINDOWS \ WEBDLG32.DLL
O4 - HKLM \ .. \ Run: [ScanRegistry] C: \ WINDOWS \ scanregw.exe / autorun
O4 - HKLM \ .. \ Run: [TaskMonitor] C: \ WINDOWS \ taskmon.exe
O4 - HKLM \ .. \ Run: [SystemTray] SysTray.Exe
O4 - HKLM \ .. \ Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ SYSTEM \ igfxtray.exe
O4 - HKLM \ .. \ Run: [LoadQM] loadqm.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" -osboot
O4 - HKLM \ .. \ Run: [sp] rundll32 C: \ WINDOWS \ TEMP \ SE.DLL,DllInstall
O4 - HKLM \ .. \ RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM \ .. \ RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM \ .. \ RunServices: [avast!] C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O4 - HKCU \ .. \ Run: [BPK] C: \ PROGRAM FILES \ PERFECT KEYLOGGER LITE \ BPK.EXE
O4 - HKCU \ .. \ Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ PROGRAM FILES \ MSN MESSENGER \ MSNMSGR.EXE" / background
O4 - Startup: WordWeb.lnk = C: \ Program Files \ WordWeb \ wweb32.exe
O4 - Startup: MyVitalAgent.lnk = C: \ Program Files \ INS \ VitalAgent \ Program \ VtlAgent.exe
O8 - Extra context menu item: &Yahoo! Search - file: / / / C: \ Program Files \ Yahoo! \ Common / ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file: / / / C: \ Program Files \ Yahoo! \ Common / ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file: / / / C: \ Program Files \ Yahoo! \ Common / ycdict.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res: / / C: \ PROGRA~1 \ MICROS~1 \ OFFICE10 \ EXCEL.EXE / 3000
O8 - Extra context menu item: &WordWeb... - res: / / C: \ WINDOWS \ wweb32.dll / lookup.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm (file missing)
O9 - Extra ´Tools´ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C: \ PROGRAM FILES \ YAHOO! \ MESSENGER \ YHEXBMES0521.DLL
O9 - Extra ´Tools´ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C: \ PROGRAM FILES \ YAHOO! \ MESSENGER \ YHEXBMES0521.DLL
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C: \ Program Files \ IrfanView \ Ebay \ Ebay.htm
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - website: us.dl1.yimg.com / download.yahoo.com / dl / installs / suite / yautocomplete.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - website: akamai.downloadv3.com / binaries / IA / svcsysnet32_EN.cab
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: Domain = eth.net
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: NameServer = 202.9.145.6,202.9.145.7
O18 - Filter: text / html - {44E592C0-ACBE-11D9-A247-00C1FEFE74C0} - C: \ WINDOWS \ SYSTEM \ BJCB.DLL
O18 - Filter: text / plain - {44E592C0-ACBE-11D9-A247-00C1FEFE74C0} - C: \ WINDOWS \ SYSTEM \ BJCB.DLL
|
Post your comment