1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack please things Worse!

Discussion in 'Virus & Other Malware Removal' started by jonia, Jul 19, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. jonia

    jonia Thread Starter

    Joined:
    Aug 17, 2005
    Messages:
    98
    Logfile of HijackThis v1.99.1
    Scan saved at 1:51:01 PM, on 7/19/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\COMPAQ\EASYACC\CPQBZL.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\COMPAQ\EASYACC\OSD.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\CPQTAPI.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adams.net/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Essdc] essdc.exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\RunServices: [CPQEASYACC] C:\Compaq\EasyAcc\cpqbzl.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_ansi.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    What problems are you having? Your log looks fine.
     
  3. jonia

    jonia Thread Starter

    Joined:
    Aug 17, 2005
    Messages:
    98
    The computer just starts opening things (like the taskbar, moves the icons around, if I'm on the internet knocks me off the page -- it doesn't send me anywhere else on the internet the page will be gone.

    When I touch the mouse the computer goes crazy, but it's sporatic. I can use the mouse for a couple minutes no problem then all of sudden I'll move it and it'll start opening things on its own for several seconds.

    I am running another full scan on my computer with AVAST free antivirus. I have ME on a Compaq Petinum.

    Just before the AVAST scan I did another Ad-Aware scan and it found some cookie tracking, which it quaranteened, but the problem was not solved.

    thanks
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Have you tried another mouse to see if it still happens?
     
  5. jonia

    jonia Thread Starter

    Joined:
    Aug 17, 2005
    Messages:
    98
    Yes, the mouse hasn't anything to do with it.
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    I don't see anything in the log that would cause it.

    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  7. jonia

    jonia Thread Starter

    Joined:
    Aug 17, 2005
    Messages:
    98
    I appreciate your help. I ran some on line scanner, CA, it found nothing. I have AVAST on the computer, I don't know if that would cause it not to find anything.

    I tried running Panda before and it didn't seem to help, but can try again.

    When I tried to download Kwaskty(sp) trial version it said to uninstall other antivirus programs - I really didn't want to uninstall AVAST knowing how much difficultly it is for me to install something on this computer.

    Please advise about whether I need to get rid of AVAST before doing Panda. I can barely do anything now without the computer knocking me off here or whereever I am or whenever I'm on the computer.
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Actually......do this instead:

    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don¬ít do anything with it yet!


    Click here for info on how to boot to safe mode if you don't already know how.


    Reboot into Safe Mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot back to Normal Mode!


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  9. jonia

    jonia Thread Starter

    Joined:
    Aug 17, 2005
    Messages:
    98
    I tried this, but when I went to look at the winfind on my desktop I couldn't open it, I didn't have the proper whatever to open.

    Before I got back to your message I scanned the computer with a what I thought was free program, but found after I went through the scan- it charges to eliminate the virus.

    It found 2 trojan 2 cookes & 1 keylogger. Windows System\ESSDC.EX
    Software\microsoft\windows\currentversionrun\essdc

    I eliminated the tempfile that something else was in,

    Is there a way to fix something with this information. Thanks
     
  10. jonia

    jonia Thread Starter

    Joined:
    Aug 17, 2005
    Messages:
    98
    I relooked at my notes. Could I eliminate my problem with the information I have??
    Trojan/CWS combo Type: Registry -- the object is Software/microsoft/windows/current versionrun\essdc

    The other is the same except: Type: file
    C:\WINDOWS\SYSTEM\ESSDC.EX

    Eliminating that Temp file (nothing was in) seemed to get rid of the DirSpy2.8 which I think it said was a keylogger

    I will leave it in safe mode until I figure out what to do next. Going to breakfast.

    Thanks.
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please go to this site: http://virusscan.jotti.org/

    Use the Browse button at Jotti.
    Navigate to the file's location on your hard drive and submit this file:
    C:\WINDOWS\SYSTEM\ESSDC.EX

    Let me know what it says regarding the file.
     
  12. jonia

    jonia Thread Starter

    Joined:
    Aug 17, 2005
    Messages:
    98
    I will do that.

    While in safe mode I did another scan of Ad-aware it said I had 11 MRU's and 5 cookies (like data miner) so quaranteed them the critical objects. The problem is still there. Now I'm having trouble even getting the computer to function right let alone jumping all over the place. But I'll get it as soon as I start it. I'm on someone elses computer right now.

    Thanks. I'll check back after I do that.
     
  13. jonia

    jonia Thread Starter

    Joined:
    Aug 17, 2005
    Messages:
    98
    I just did it. It said: the file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware prohibiting you from uploading this file.

    Is there a way to get rid of it??
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    MRU objects and cookies are totally harmless.
    You can try manually deleting the file. Let it sit in the Recycle Bin though
     
  15. jonia

    jonia Thread Starter

    Joined:
    Aug 17, 2005
    Messages:
    98
    I deleted and it's in the recycle box. Things are the same. I was going to get rid of the other one that I checked with Jotti & it said there were 0 bytes and etc. It was software\microsoft\windows\currentversionrun\essdc

    I can't find it to delete it.

    Thank you for any help.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/484549

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice