Offer-Optimizer HELP hjt log

Forums: Internet
Email this Topic • Print this Page

I tried to delete it on my own but its 2 hard 2 do. I have this log frm hjt, and after you tell me what to delete do i just delete it in hjt and then just disable win recovery and reboot and enable it again or what else do i need to do. Thank you for helping

Logfile of HijackThis v1.98.2
Scan saved at 10:21:05 AM, on 11/09/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\CAPRPCS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\MNIUYNNY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\CAPPSW.EXE
C:\WINDOWS\SYSTEM\CAPPSW.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ACDSEE32\ACDSEE32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\USEFULPROGRAMS\IBM CRACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.fnb.co.za/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.fastwebfinder.com/hp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by First National Bank
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\MULTIMPP.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\SYSTEM\CAPON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [ncidjnso] C:\WINDOWS\SYSTEM\mniuynny.exe
O4 - HKLM\..\Run: [Popup Chomper] C:\PROGRAM FILES\POPUP CHOMPER\POPUP CHOMPER.exe
O4 - HKLM\..\Run: [PopUp Buster+] C:\PROGRAM FILES\POPUPBUSTER\popupbuster.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRAM FILES\SPYWARE-COP\SPYWARE-COP.EXE" /s
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Canon LBP-810 Status Window.LNK = C:\WINDOWS\SYSTEM\CAPPSW.EXE
O4 - Startup: folder.htt
O4 - User Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - User Startup: Canon LBP-810 Status Window.LNK = C:\WINDOWS\SYSTEM\CAPPSW.EXE
O4 - User Startup: folder.htt
O4 - Global Startup: folder.htt
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Block - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\PROGRAM FILES\POPUP CHOMPER\block.exe (file missing)
O9 - Extra 'Tools' menuitem: &Block Popup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\PROGRAM FILES\POPUP CHOMPER\block.exe (file missing)
O9 - Extra button: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\PROGRAM FILES\POPUPBUSTER\POPUPBUSTER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\PROGRAM FILES\POPUPBUSTER\POPUPBUSTER.EXE (file missing)
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.co...v45/yacscom.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...389/mcfscan.cab

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 952 • Replies: 1

No top replies

Hi Robby v

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.fastwebfinder.com/hp.php
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\MULTIMPP.DLL
O4 - HKLM\..\Run: [ncidjnso] C:\WINDOWS\SYSTEM\mniuynny.exe
O9 - Extra button: Block - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\PROGRAM FILES\POPUP CHOMPER\block.exe (file missing)
O9 - Extra 'Tools' menuitem: &Block Popup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\PROGRAM FILES\POPUP CHOMPER\block.exe (file missing)
O9 - Extra button: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\PROGRAM FILES\POPUPBUSTER\POPUPBUSTER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\PROGRAM FILES\POPUPBUSTER\POPUPBUSTER.EXE (file missing)
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com (file missing) (HKCU)

. Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD

C:\WINDOWS\MULTIMPP.DLL
C:\WINDOWS\SYSTEM\mniuynny.exe

Next
Dowload the following program

CWShredder
It should be the current version, but check for updates

Run Program cwshredder and have it fix anything it finds.

Make sure you click the "Fix" button

Next:
Download Ad-aware CHECK FOR UPDATES.
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK."

Next
Dowload the latest version of Spybot 1.3. Please check it for updates, Run the program and have it fix anything it finds in Red.

Restart your computer,
Next
Next:
Go Here BitDefender Scan Online
Run a scan with BitDefender as well, Be sure and Check Auto Clean.

Next:
Go here Trend Micro - Free online virus Scan
Be sure and check Auto Clean before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

Next
Restart HJT and post a fresh log, Let us know if either of the online scans find anything. If we come back all clean then you can create a new restore point,

0 Replies

Offer-Optimizer HELP hjt log

Related Topics

Quick Links

My Account

able2know