Computer problem Spyware

Computer problem Spyware
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Computer problem Spyware gamesstate 04-14-2005
Posted by on April 14, 2005, 1:33 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello,
I have some spyware in my computer that I cant remove with AdAware. I
cant use MS Antispyware cause its win98
This is my Hijack This Log. Hope you can help me
Logfile of HijackThis v1.99.1
Scan saved at 01:30:41 p.m., on 14/04/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\ARCHIVOS DE PROGRAMA\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE
C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SONY HANDHELD\HOTSYNC.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGCC.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARCHIVOS DE PROGRAMA\WINZIP\WINZIP32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\ESCRITORIO\IVAN\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://c:\windows\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Vínculos
N1 - Netscape 4: user_pref("browser.startup.homepage",
"file://C:\ibmtools\ign\atlas1.htm"); (C:\Archivos de
programa\Netscape\Users\default\prefs.js)
O2 - BHO: NAV Helper - -
c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class -
- C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT
5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - -
C:\WINDOWS\SYSTEM\BGJP.DLL
O2 - BHO: Cls - -
C:\WINDOWS\SYSTEM\SPM8274.DLL
O3 - Toolbar: Norton AntiVirus -
- c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] c:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Members area] c:\Program
Files\DiallerProgram5960.exe -r
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [fondosdewindowsgb]
C:\fondosdewindowsgb\FONDOSDEWINDOWSGB[1].EXE -t
O4 - HKLM\..\Run: [MCAgentExe] C:\ARCHIV~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
C:\ARCHIV~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [_AntiSpyware] C:\ARCHIVOS DE PROGRAMA\MCAFEE\MCAFEE
ANTISPYWARE\MssCli.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de
programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe"
-reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot -
Search & Destroy\TeaTimer.exe
O4 - Startup: Office Startup.lnk = C:\Archivos de programa\Microsoft
Office\Office\OSA.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony
Handheld\Hotsync.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check(4).lnk =
C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
O9 - Extra button: Erotic - -
C:\@lesbianas_jp\@lesbianas_jp.exe (file missing)
O9 - Extra button: iSex-41 - -
C:\intsexo41\intsexo41.exe (file missing)
O12 - Plugin for .swf: C:\ARCHIVOS DE
PROGRAMA\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
O12 - Plugin for .mpg: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: (Windows Media
Player) -
http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: (MSN Chat Control
4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: (PPUpdate Class) -
http://us.amadeusvista.com/PROPRINTER/PPUpdateATL.CAB
O16 - DPF: (ActiveScan Installer
Class) - http://www.pandasoftware.es/activescan/as/asinst.cab
O16 - DPF: (IntPagomaster Class)
- http://www.muyzorras.com/pagomast.cab
O16 - DPF: (UDConnect Class) -
http://09.sharedsource.org/html/UDConn.cab
O16 - DPF: -
http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = amadeuslink.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
196.40.3.10,196.40.3.13,196.40.31.66
O18 - Filter: text/html - -
C:\WINDOWS\SYSTEM\BGJP.DLL
O18 - Filter: text/plain - -
C:\WINDOWS\SYSTEM\BGJP.DLL


Thanks,
\Dan



Posted by Isaac Perez on April 15, 2005, 8:22 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

O2 - BHO: (no name) - -
C:\WINDOWS\SYSTEM\BGJP.DLL
O2 - BHO: Cls - -
C:\WINDOWS\SYSTEM\SPM8274.DLL
O4 - HKLM\..\Run: [Members area] c:\Program
Files\DiallerProgram5960.exe -r
O4 - HKLM\..\Run: [fondosdewindowsgb]
C:\fondosdewindowsgb\FONDOSDEWINDOWSGB[1].EXE -t
O9 - Extra button: Erotic - -
C:\@lesbianas_jp\@lesbianas_jp.exe (file missing)
O9 - Extra button: iSex-41 - -
C:\intsexo41\intsexo41.exe (file missing)
- http://www.muyzorras.com/pagomast.cab
O16 - DPF: (UDConnect Class) -
O18 - Filter: text/html - -
C:\WINDOWS\SYSTEM\BGJP.DLL
O18 - Filter: text/plain - -
C:\WINDOWS\SYSTEM\BGJP.DLL
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = amadeuslink.com



En/na gamesstate@gmail.com ha escrit:
> Hello,
> I have some spyware in my computer that I cant remove with AdAware. I
> cant use MS Antispyware cause its win98
> This is my Hijack This Log. Hope you can help me
> Logfile of HijackThis v1.99.1
> Scan saved at 01:30:41 p.m., on 14/04/2005
> Platform: Windows 98 Gold (Win9x 4.10.1998)
> MSIE: Internet Explorer v6.00 (6.00.2600.0000)
>
> Running processes:
> C:\WINDOWS\SYSTEM\KERNEL32.DLL
> C:\WINDOWS\SYSTEM\MSGSRV32.EXE
> C:\WINDOWS\SYSTEM\MPREXE.EXE
> C:\WINDOWS\SYSTEM\MSTASK.EXE
> C:\WINDOWS\TASKMON.EXE
> C:\WINDOWS\SYSTEM\SYSTRAY.EXE
> C:\MOUSE\SYSTEM\EM_EXEC.EXE
> C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\NAVAPW32.EXE
> C:\WINDOWS\LOADQM.EXE
> C:\ARCHIVOS DE PROGRAMA\MCAFEE.COM\AGENT\MCAGENT.EXE
> C:\ARCHIVOS DE PROGRAMA\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE
> C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\OSA.EXE
> C:\PROGRAM FILES\SONY HANDHELD\HOTSYNC.EXE
> C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGAMSVR.EXE
> C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGCC.EXE
> C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
> C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
> C:\WINDOWS\EXPLORER.EXE
> C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
> C:\WINDOWS\SYSTEM\DDHELP.EXE
> C:\ARCHIVOS DE PROGRAMA\WINZIP\WINZIP32.EXE
> C:\WINDOWS\SYSTEM\PSTORES.EXE
> C:\WINDOWS\ESCRITORIO\IVAN\HIJACKTHIS.EXE
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://c:\windows\TEMP\se.dll/spage.html
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://c:\windows\TEMP\se.dll/spage.html
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> about:blank
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
> about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
> about:blank
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
> = Vínculos
> N1 - Netscape 4: user_pref("browser.startup.homepage",
> "file://C:\ibmtools\ign\atlas1.htm"); (C:\Archivos de
> programa\Netscape\Users\default\prefs.js)
> O2 - BHO: NAV Helper - -
> c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
> O2 - BHO: AcroIEHlprObj Class -
> - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT
> 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
> O2 - BHO: (no name) - -
> C:\WINDOWS\SYSTEM\BGJP.DLL
> O2 - BHO: Cls - -
> C:\WINDOWS\SYSTEM\SPM8274.DLL
> O3 - Toolbar: Norton AntiVirus -
> - c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: &Radio - -
> C:\WINDOWS\SYSTEM\MSDXM.OCX
> O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
> O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
> O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
> powrprof.dll,LoadCurrentPwrScheme
> O4 - HKLM\..\Run: [NAV Agent] c:\ARCHIV~1\NORTON~1\NAVAPW32.EXE
> O4 - HKLM\..\Run: [Members area] c:\Program
> Files\DiallerProgram5960.exe -r
> O4 - HKLM\..\Run: [LoadQM] loadqm.exe
> O4 - HKLM\..\Run: [fondosdewindowsgb]
> C:\fondosdewindowsgb\FONDOSDEWINDOWSGB[1].EXE -t
> O4 - HKLM\..\Run: [MCAgentExe] C:\ARCHIV~1\MCAFEE.COM\AGENT\mcagent.exe
> O4 - HKLM\..\Run: [MCUpdateExe]
> C:\ARCHIV~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
> O4 - HKLM\..\Run: [_AntiSpyware] C:\ARCHIVOS DE PROGRAMA\MCAFEE\MCAFEE
> ANTISPYWARE\MssCli.exe
> O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
> powrprof.dll,LoadCurrentPwrScheme
> O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de
> programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe"
> -reg
> O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot -
> Search & Destroy\TeaTimer.exe
> O4 - Startup: Office Startup.lnk = C:\Archivos de programa\Microsoft
> Office\Office\OSA.EXE
> O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony
> Handheld\Hotsync.exe
> O4 - Startup: EPSON Status Monitor 3 Environment Check(4).lnk =
> C:\WINDOWS\SYSTEM\CFGWIZ32.EXE
> O9 - Extra button: Erotic - -
> C:\@lesbianas_jp\@lesbianas_jp.exe (file missing)
> O9 - Extra button: iSex-41 - -
> C:\intsexo41\intsexo41.exe (file missing)
> O12 - Plugin for .swf: C:\ARCHIVOS DE
> PROGRAMA\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
> O12 - Plugin for .mpg: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll
> O16 - DPF: (Windows Media
> Player) -
> http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
> O16 - DPF: (MSN Chat Control
> 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
> O16 - DPF: (PPUpdate Class) -
> http://us.amadeusvista.com/PROPRINTER/PPUpdateATL.CAB
> O16 - DPF: (ActiveScan Installer
> Class) - http://www.pandasoftware.es/activescan/as/asinst.cab
> O16 - DPF: (IntPagomaster Class)
> - http://www.muyzorras.com/pagomast.cab
> O16 - DPF: (UDConnect Class) -
> http://09.sharedsource.org/html/UDConn.cab
> O16 - DPF: -
> http://www.xblock.com/download/xclean_micro.exe
> O16 - DPF: (Windows Genuine
> Advantage Validation Tool) -
> http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
> O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = amadeuslink.com
> O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
> 196.40.3.10,196.40.3.13,196.40.31.66
> O18 - Filter: text/html - -
> C:\WINDOWS\SYSTEM\BGJP.DLL
> O18 - Filter: text/plain - -
> C:\WINDOWS\SYSTEM\BGJP.DLL
>
>
> Thanks,
> \Dan
>


Similar ThreadsPosted
CertOpenStore: Problem opening user certificates on a remote computer March 16, 2006, 12:18 am
Help, my computer will not run anti-spyware April 19, 2005, 11:34 pm
German government now wants to put spyware in every computer. November 7, 2007, 4:10 pm
Call For Papers: WORLDCOMP'07: conferences in computer science & computer engineering, USA January 19, 2007, 4:01 am
Problem K9 August 23, 2004, 8:36 pm
Deleted IE - now got a big problem August 9, 2004, 11:13 pm
NTFS Problem April 29, 2005, 1:49 pm
Off Topic - DNS Problem February 2, 2006, 5:58 pm
RSA verification problem May 11, 2006, 8:29 am
Hacker Problem September 25, 2006, 7:10 am

The site map in XML format XML site map

Contact Us | Privacy Policy