Cant get anywhere on internet

fentz · 12-09-2004, 06:34 PM

I have had problems with viruses and spyware things on my computer. I have ran AdAware and other things and have gotten rid of alot but now I cant even seem to get anywhere on the internet. It takes forever and usually ends up with page not found. Please see if bad things are still on my computer - thank you

Logfile of HijackThis v1.98.2
Scan saved at 6:51:16 PM, on 12/9/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\HPZTSB08.EXE
C:\WINDOWS\SYSTEM\SYSTEM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\COMP2K\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://dorkodrom.com/sp.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - (no file)
O2 - BHO: (no name) - {11AC330D-E71B-28B2-8753-60550DA82941} - C:\WINDOWS\SYSTEM\DVGVZ.DLL (file missing)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\BPKWB.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb08.exe
O4 - HKLM\..\Run: [SystemNetwork] "C:\windows\system\NETSERV32.EXE" kernel32.dll,LoadUserSetting
O4 - HKLM\..\Run: [syshost] C:\WINDOWS\syshost.exe
O4 - HKLM\..\Run: [Windows Update Software] C:\WINDOWS\SYSTEM\system.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\QMGR\AIM95\AIM.EXE
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll
O21 - SSODL: Web Event Logger - {79FB9088-19CE-715E-D900-216290C5B738} - C:\WINDOWS\SYSTEM\Aklooaoc.dll

CremeSoda · 12-09-2004, 07:07 PM

(EDIT: Please check your PM's, CremeSoda.)

CTSNKY · 12-09-2004, 08:22 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download CWShredder and click on 'Fix' (it will automatically fix anything it finds for you). If it asks if you want to delete a certain random file, choose No and post that filename here.

Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

Download IE-Spyad. IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and spyware pushers to the Restricted sites zone of Internet Explorer. Double-click to unzip the files and then run the install.bat file in the IE-Spyad folder it created (press 2 to install after it starts, I believe).

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://dorkodrom.com/sp.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - (no file)
O2 - BHO: (no name) - {11AC330D-E71B-28B2-8753-60550DA82941} - C:\WINDOWS\SYSTEM\DVGVZ.DLL (file missing)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\BPKWB.DLL (file missing)
O4 - HKLM\..\Run: [SystemNetwork] "C:\windows\system\NETSERV32.EXE" kernel32.dll,LoadUserSetting
O4 - HKLM\..\Run: [syshost] C:\WINDOWS\syshost.exe
O4 - HKLM\..\Run: [Windows Update Software] C:\WINDOWS\SYSTEM\system.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll
O21 - SSODL: Web Event Logger - {79FB9088-19CE-715E-D900-216290C5B738} - C:\WINDOWS\SYSTEM\Aklooaoc.dll

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\SYSTEM\gotint.dll
C:\WINDOWS\SYSTEM\Aklooaoc.dll
C:\windows\system\NETSERV32.EXE
C:\WINDOWS\syshost.exe
C:\WINDOWS\SYSTEM\system.exe

Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean.

12-09-2004, 06:34 PM	#1 (permalink)
fentz Registered User Join Date: Dec 2004 Posts: 1 OS: win98se	Cant get anywhere on internet I have had problems with viruses and spyware things on my computer. I have ran AdAware and other things and have gotten rid of alot but now I cant even seem to get anywhere on the internet. It takes forever and usually ends up with page not found. Please see if bad things are still on my computer - thank you Logfile of HijackThis v1.98.2 Scan saved at 6:51:16 PM, on 12/9/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\HPZTSB08.EXE C:\WINDOWS\SYSTEM\SYSTEM.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\COMP2K\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://dorkodrom.com/sp.htm R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - (no file) O2 - BHO: (no name) - {11AC330D-E71B-28B2-8753-60550DA82941} - C:\WINDOWS\SYSTEM\DVGVZ.DLL (file missing) O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\BPKWB.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb08.exe O4 - HKLM\..\Run: [SystemNetwork] "C:\windows\system\NETSERV32.EXE" kernel32.dll,LoadUserSetting O4 - HKLM\..\Run: [syshost] C:\WINDOWS\syshost.exe O4 - HKLM\..\Run: [Windows Update Software] C:\WINDOWS\SYSTEM\system.exe O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\QMGR\AIM95\AIM.EXE O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O15 - Trusted Zone: .05p.com O15 - Trusted Zone: .searchmiracle.com O15 - Trusted Zone: .clickspring.net O15 - Trusted Zone: .mt-download.com O15 - Trusted Zone: .my-internet.info O15 - Trusted Zone: .scoobidoo.com O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll O21 - SSODL: Web Event Logger - {79FB9088-19CE-715E-D900-216290C5B738} - C:\WINDOWS\SYSTEM\Aklooaoc.dll

12-09-2004, 07:07 PM	#2 (permalink)
CremeSoda Member Join Date: Sep 2004 Posts: 54 OS: XP Pro	(EDIT: Please check your PM's, CremeSoda.) Last edited by CTSNKY : 12-09-2004 at 07:36 PM.

12-09-2004, 08:22 PM	#3 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). Download CWShredder and click on 'Fix' (it will automatically fix anything it finds for you). If it asks if you want to delete a certain random file, choose No and post that filename here. Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation. Download IE-Spyad. IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and spyware pushers to the Restricted sites zone of Internet Explorer. Double-click to unzip the files and then run the install.bat file in the IE-Spyad folder it created (press 2 to install after it starts, I believe). Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://dorkodrom.com/sp.htm R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - (no file) O2 - BHO: (no name) - {11AC330D-E71B-28B2-8753-60550DA82941} - C:\WINDOWS\SYSTEM\DVGVZ.DLL (file missing) O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\BPKWB.DLL (file missing) O4 - HKLM\..\Run: [SystemNetwork] "C:\windows\system\NETSERV32.EXE" kernel32.dll,LoadUserSetting O4 - HKLM\..\Run: [syshost] C:\WINDOWS\syshost.exe O4 - HKLM\..\Run: [Windows Update Software] C:\WINDOWS\SYSTEM\system.exe O15 - Trusted Zone: .05p.com O15 - Trusted Zone: .searchmiracle.com O15 - Trusted Zone: .clickspring.net O15 - Trusted Zone: .mt-download.com O15 - Trusted Zone: .my-internet.info O15 - Trusted Zone: .scoobidoo.com O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\gotint.dll O21 - SSODL: Web Event Logger - {79FB9088-19CE-715E-D900-216290C5B738} - C:\WINDOWS\SYSTEM\Aklooaoc.dll Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: C:\WINDOWS\SYSTEM\gotint.dll C:\WINDOWS\SYSTEM\Aklooaoc.dll C:\windows\system\NETSERV32.EXE C:\WINDOWS\syshost.exe C:\WINDOWS\SYSTEM\system.exe Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean. __________________ GO BIG BLUE!!