1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Highjack this log/please

Discussion in 'Virus & Other Malware Removal' started by loopy in ky, Apr 14, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. loopy in ky

    loopy in ky Thread Starter

    Joined:
    Feb 9, 2004
    Messages:
    86
    Hey guys, I have been having trouble with my work computer freezing up, running slow ect. I ran adaware 6 and spybot in safe mode and got rid of a bunch of wild tangent junk. Here is my hjt log. Will you take a look and see if there is anything else I need to get rid of? It is an old computer with not much hard drive and almost no ram so it doesnt take much to really mess with it. They won't get me a new one. I would really apprecialte it! :D

    Logfile of HijackThis v1.97.7
    Scan saved at 2:02:09 AM, on 4/15/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\CITRIX\ICA CLIENT\SSONSVR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.luckyhomepage.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.luckyhomepage.com/ie/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Dell Home (HKCU)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://128.194.172.9/activex/AxisCamControl.ocx
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37883.2926967593
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} - http://pak02.pictures.aol.com/ygp/aol/plugin/screensaver/YGPPicScreensaver.9.0.1.2.cab
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
     
  2. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Have HJT fix these items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.luckyhomepage.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.luckyhomepage.com/ie/
    O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)


    Restart your computer.
     
  3. loopy in ky

    loopy in ky Thread Starter

    Joined:
    Feb 9, 2004
    Messages:
    86
    Thanks so much winchester, So, do you think that other no name one is ok?

    thanks,Char
     
  4. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    Do you mean this one?
    [/quote]O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL[/quote]

    It is part of Netzip Download Demon/Real Download/Netscape Smart Download. Whether it is "OK" or not depends upon whether you use it or not.

    I think your question is actually about the "no name" being displayed ... in this case, there is a file associated with that CLSID. The one you fixed had "no file" associated with it, indicating it was an orphaned entry, hence needed to be removed.
     
  5. loopy in ky

    loopy in ky Thread Starter

    Joined:
    Feb 9, 2004
    Messages:
    86
    Thanks Winchester!
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/220371

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice