Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Pending] hello, i need help with Msgm32 About:Blank and NTop

[Fixed] Hijackthis! Logs - [Pending] hello, i need help with Msgm32 About:Blank and NTop posted in the Security & Safety forums; i downloaded hijack this can someone please help me clean this stuff up my mom wanted to uninstall windows and reinstall im lucky you guys are here any help would ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 06-03-2005
Bronze Member
  
Join Date: Jun 2005
Posts: 4
Trajik - See this Members User comments on their Profile page
Default [Pending] hello, i need help with Msgm32 About:Blank and NTop
i downloaded hijack this
can someone please help me clean this stuff up

my mom wanted to uninstall windows and reinstall

im lucky you guys are here

any help would be greatly appreciated

going to post hijack this long.....
  #2  
Old 06-03-2005
Bronze Member
  
Join Date: Jun 2005
Posts: 4
Trajik - See this Members User comments on their Profile page
Default Re: hello, i need help with Msgm32 About:Blank and NTop
Logfile of HijackThis v1.99.1
Scan saved at 11:51:15 AM, on 6/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE
C:\PROGRAM FILES\PASSWORD LOCK\PASSLOCK.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\NTOP.EXE
C:\WINDOWS\MSGM32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.pacifictrustbank.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.pacifictrustbank.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.pacifictrustbank.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.ebay.com"); (C:\Program Files\Netscape\Users\dasitah\prefs.js)
O2 - BHO: Class - {EAE64C90-789B-AF19-4056-CC6A84E38EC3} - C:\WINDOWS\ATLVN.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [Password Lock] C:\Program Files\Password Lock\PassLock.exe /hide
O4 - HKLM\..\Run: [MSGM32.EXE] C:\WINDOWS\MSGM32.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [NTOP.EXE] C:\WINDOWS\SYSTEM\NTOP.EXE /s
O4 - HKLM\..\RunOnce: [Password Lock] C:\Program Files\Password Lock\PassLock.exe /lock
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: @Home - {BCCE4DE0-D4F5-11D4-BAC6-0048543B703E} - http://home.excite.com (file missing) (HKCU)
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex...n/nsmp2inf.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...63/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
  #3  
Old 06-03-2005
Hengis's Avatar
PCHF Founder & Owner
My PC
 
Join Date: Jan 2004
Location: Berkshire, England
Posts: 11,114
PC Experience: Always learning
Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page
Send a message via Skype™ to Hengis
Default Re: hello, i need help with Msgm32 About:Blank and NTop
Welcome and
im lucky you guys are here
thanks - flattery will get you EVERYWHERE!!?

Ok, on to the log....

Before proceeding, if you are running? ME or XP, make a system restore point ! (EDIT - Oops, just noticed ur running Win98 nm)

Put a check mark nex to the following and select "fix":

C:\WINDOWS\SYSTEM\NTOP.EXE
C:\WINDOWS\MSGM32.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {EAE64C90-789B-AF19-4056-CC6A84E38EC3} - C:\WINDOWS\ATLVN.DLL
O4 - HKLM\..\Run: [MSGM32.EXE] C:\WINDOWS\MSGM32.EXE
O4 - HKLM\..\RunServices: [NTOP.EXE] C:\WINDOWS\SYSTEM\NTOP.EXE /s
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)

Run Adaware & Spybot, re-boot and re-post your HJT log.


__________________
> Pre-Work > System File Checker
> Did we help you? If we did, please consider A Donation
  #4  
Old 06-03-2005
Bronze Member
  
Join Date: Jun 2005
Posts: 4
Trajik - See this Members User comments on their Profile page
Default Re: hello, i need help with Msgm32 About:Blank and NTop
thank you so much for the help

had a problem during spybot SD it says

"Error during check!
Xabot (Ungultiger Datentyp fur ") "

and thats above and connected to a DSO eploit

im going to click fix and continue with adaware and do hijack this again
  #5  
Old 06-03-2005
Bronze Member
  
Join Date: Jun 2005
Posts: 4
Trajik - See this Members User comments on their Profile page
Default Re: hello, i need help with Msgm32 About:Blank and NTop
here is the new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 1:40:37 PM, on 6/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE
C:\PROGRAM FILES\PASSWORD LOCK\PASSLOCK.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.pacifictrustbank.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.pacifictrustbank.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.pacifictrustbank.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.ebay.com"); (C:\Program Files\Netscape\Users\dasitah\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [Password Lock] C:\Program Files\Password Lock\PassLock.exe /hide
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunOnce: [Password Lock] C:\Program Files\Password Lock\PassLock.exe /lock
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: @Home - {BCCE4DE0-D4F5-11D4-BAC6-0048543B703E} - http://home.excite.com (file missing) (HKCU)
O12 - Plugin for .asx: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player) - http://activex.microsoft.com/activex...n/nsmp2inf.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...63/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
  #6  
Old 06-04-2005
Friend of PCHF
  
Join Date: Sep 2004
Location: Right here !
Posts: 2,150
Zimbo - See this Members User comments on their Profile page
Default Re: hello, i need help with Msgm32 About:Blank and NTop
Fix these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\byyge.dll/sp.html#51014
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R3 - Default URLSearchHook is missing
O9 - Extra button: @Home - {BCCE4DE0-D4F5-11D4-BAC6-0048543B703E} - http://home.excite.com (file missing) (HKCU)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!

Bookmarks

« [Fixed] - Hijackthis log - files are really slow to open | [Answered] Here's My Hijack This Log »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 10:54 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top
Wills
Wills are complicated, let moneyextra help.

Debt Help
Having problems with debt? Maybe moneyextra can help.

Pimpin MySpace Profiles
Hot stuff for pimpin your MySpace Profile.