1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

highjack this check please

Discussion in 'Virus & Other Malware Removal' started by sylvia,ann, Feb 6, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. sylvia,ann

    sylvia,ann Thread Starter

    Joined:
    Jun 26, 2004
    Messages:
    129
    Can someone check my highjack this please

    Logfile of HijackThis v1.99.0
    Scan saved at 05:34:05, on 2/6/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\WINDOWS\SYSTEM\E_S4I0F2.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\DESKTOP\HIGHJACKTHISR\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.btopenworld.com/searchpane
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\SYSTEM\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O7 "EPUSB1:" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\SYSTEM\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
    O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
    O15 - Trusted Zone: http://memberservices.tesco.net
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.browserplugin.com/eroticAccess/cabs/1764012.cab
    O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://instantsupport.europe.hp.com/awebui/jsp/answerweb/applets/ISPEActiveChat.CAB
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v49/bjattack/bjattack.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v44/sol/sol.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v48/haunted/haunted.cab
    O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.CAB
    O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v42/golfsol/golfsol.cab
     
  2. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
    Hello sylvia,ann! :D

    Open Internet Explorer and at the top click on "Tools" and choose "Internet Options". Click on the "Advanced" tab and untick "Enable third-party browser extensions". Click on "Apply" then "OK".

    Run HijackThis and fix the following entries:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...fo/bt_side.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain


    Download Ad-Aware SE from here:
    http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

    Install and run Ad-Aware SE. On the bottom right corner of Ad-Aware you will see an option called "Check for updates now", click on that and choose "connect". Download the updates. Next click on "Scan now" on the left side of Ad-Aware. Make sure that "Search for negligible risk entries" is crossed out and not ticked. Choose "Perform full system scan" and click "Next". After Ad-Aware scans your computer, Ad-Aware may find some bad files on your computer so make sure you tick them all and choose "Next". It will ask if you want to remove those items so just continue. After removing the items close Ad-Aware.

    Download Spybot S&D from here:
    http://users.skynet.be/fa936042/spybotsd13.exe

    Install and run Spybot S&D. Choose "Search for updates". Next choose "Download updates". After that, choose "Search and Destroy" and click on "Check for problems". If Spybot finds any nasties on your computer, make sure that they are ticked and choose "Fix selected problems".

    Download SpywareBlaster from here:
    http://www.majorgeeks.com/downloadget.php?id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef

    Install and run SpywareBlaster. Click on "Updates" and then choose "Check for updates". Next choose "Protection" and at the top you will see different tabs which are Internet Explorer, Restricted sites and Mozilla/Firefox. Choose one of them at a time and at the bottom click "Protect Against Checked Items" (make sure that all of the items are checked). Tick the boxes above the items. Make sure you do this for all of the top tabs. Mozilla/Firefox you only need to do if you have the user profiles on your computer. You may now exit out of SpywareBlaster.

    Download CWShredder from here:
    http://cwshredder.net/bin/CWSInstall.exe

    Install and run CWShredder. Click on "Check for Update" and download the latest updates. Next, click on "Fix". Exit out of CWShredder.

    Restart your computer and post a fresh HijackThis log back on this thread.
     
  3. sylvia,ann

    sylvia,ann Thread Starter

    Joined:
    Jun 26, 2004
    Messages:
    129
    hi crushbone.
    thanks for your reply Must admit I am not sure how to do a lot of the things you have said but will try and work them out
    you have said run highjack this again and fix problems sorry new to computers so not sure how i fix the problems do you mean delete the files if so how.
    sorry to sound dum but I only bought this computer second hand a couple of weeks ago and had problems since I bought it
     
  4. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
    That's OK sylvia,ann! :D

    Right-Click on the "Internet Explorer" icon and click on "Properties". Click on the "Advanced" tab and untick "Enable third-party browser extensions". Click on "Apply" then "OK".

    Run HijackThis and click on "Do a system scan only".

    Put a tick next to the following entries:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...fo/bt_side.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain


    Click on "Fix Checked" and HijackThis will delete those entries.

    Exit out of HijackThis.

    Everything else from here shouldn't be a problem but if you are having trouble then don't worry about it.

    Download Ad-Aware SE from here:
    http://www.download.com/3000-2144-1...page&tag=button

    Install and run Ad-Aware SE. On the bottom right corner of Ad-Aware you will see an option called "Check for updates now", click on that and choose "connect". Download the updates. Next click on "Scan now" on the left side of Ad-Aware. Make sure that "Search for negligible risk entries" is crossed out and not ticked. Choose "Perform full system scan" and click "Next". After Ad-Aware scans your computer, Ad-Aware may find some bad files on your computer so make sure you tick them all and choose "Next". It will ask if you want to remove those items so just continue. After removing the items close Ad-Aware.

    Download Spybot S&D from here:
    http://users.skynet.be/fa936042/spybotsd13.exe

    Install and run Spybot S&D. Choose "Search for updates". Next choose "Download updates". After that, choose "Search and Destroy" and click on "Check for problems". If Spybot finds any nasties on your computer, make sure that they are ticked and choose "Fix selected problems".

    Download SpywareBlaster from here:
    http://www.majorgeeks.com/downloadg...37615f4682b4cef

    Install and run SpywareBlaster. Click on "Updates" and then choose "Check for updates". Next choose "Protection" and at the top you will see different tabs which are Internet Explorer, Restricted sites and Mozilla/Firefox. Choose one of them at a time and at the bottom click "Protect Against Checked Items" (make sure that all of the items are checked). Tick the boxes above the items. Make sure you do this for all of the top tabs. Mozilla/Firefox you only need to do if you have the user profiles on your computer. You may now exit out of SpywareBlaster.

    Download CWShredder from here:
    http://cwshredder.net/bin/CWSInstall.exe

    Install and run CWShredder. Click on "Check for Update" and download the latest updates. Next, click on "Fix". Exit out of CWShredder.

    Restart your computer and post a fresh HijackThis log back on this thread.
     
  5. sylvia,ann

    sylvia,ann Thread Starter

    Joined:
    Jun 26, 2004
    Messages:
    129
    hi crushed bones
    thank you so much for your help must admit i feel a fool not knowing what to do but I guess we all have to learn
    seems this computer was not such a bargin after all with all the problems I am having oh well will try and fix them with the kind help I am getting of this site
     
  6. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
    That's OK! :)

    Remember:
    "There's no such thing as a stupid question,
    but they're the easiest to answer!"


    :D :D :D
     
  7. sylvia,ann

    sylvia,ann Thread Starter

    Joined:
    Jun 26, 2004
    Messages:
    129
    hi crushed bones
    I have run the high jack this and removed the 5 files you said it has made a back up of theses files on hard drive I think as when i open highjack this from my desktop I have 5 files called back up have i done it right please
     
  8. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
    You should put HijackThis in it's own folder.

    Do the following:

    Go to C: Drive and create a new folder (right-click) and scroll down to "New" then choose "Folder". Copy HijackThis and put it in that folder.

    You can delete all of those backup files that you have on your desktop.

    Your doing great! (y) :D :D
     
  9. sylvia,ann

    sylvia,ann Thread Starter

    Joined:
    Jun 26, 2004
    Messages:
    129
    hi crushed bones I do have high jack this in its own folder these five files are in that folder is what i meant to say sorry so i will delete them then before i do any of the other things you said to do is that ok
     
  10. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
    Yes sylvia,ann that is fine! (y) :D
     
  11. sylvia,ann

    sylvia,ann Thread Starter

    Joined:
    Jun 26, 2004
    Messages:
    129
    hi when i try to go tothe prgrame you gave me for adware it isnt there
     
  12. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
    Sorry sylvia,ann, I just noticed that the link doesn't work.

    Continue to do the rest while I find a link to Ad-Aware SE.
     
  13. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
    Here's the link for Ad-Aware SE:
    http://www.download.com/3001-8022_4-10319876.html

    Install and run Ad-Aware SE. On the bottom right corner of Ad-Aware you will see an option called "Check for updates now", click on that and choose "connect". Download the updates. Next click on "Scan now" on the left side of Ad-Aware. Make sure that "Search for negligible risk entries" is crossed out and not ticked. Choose "Perform full system scan" and click "Next". After Ad-Aware scans your computer, Ad-Aware may find some bad files on your computer so make sure you tick them all and choose "Next". It will ask if you want to remove those items so just continue. After removing the items close Ad-Aware.
     
  14. sylvia,ann

    sylvia,ann Thread Starter

    Joined:
    Jun 26, 2004
    Messages:
    129
    right done adware and it found 70 critical objects so deleted them
    thank you so much for your help with this
     
  15. sylvia,ann

    sylvia,ann Thread Starter

    Joined:
    Jun 26, 2004
    Messages:
    129
    sorry should have said i found a link to adware se and download it and did updates
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/327409

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice