Need help with Hijack This....sluggish pc

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

micheleg001

Thread Starter
Joined
Mar 6, 2001
Messages
9
Fist, I've read other threads on this same subject and tried to mirror them by posting the running applications from Hijack This, but whenever I try to open HT I get a flashing "File Download" window ..... something wrong there. Can anyone first advise me what to do about this and let me know how to get that list here for someone to read and tell me what to delete of my pc????
 

micheleg001

Thread Starter
Joined
Mar 6, 2001
Messages
9
I can't even get past trying to "open" the log file on Hijack This....I get the endless flashing of the "download file" window...it's maddening!!! After that happens I have no choice but to shut down the pc...there's no way to stop it. I'm at my wit's end with this .....any other suggestions? Is there another program or can anyone just tell me what type of files to delete off the scan results....thanks again everyone...
 

micheleg001

Thread Starter
Joined
Mar 6, 2001
Messages
9
OK......I finally got it....lol Now, can somebody please look over this log and let me know which files could be causing me problems....????? I really appreciate your help with this....thank you very, very much!!!!

Logfile of HijackThis v1.97.2
Scan saved at 5:24:22 PM, on 9/22/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://out.true-counter.com/c/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?840828 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?840828 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://out.true-counter.com/a/?840828 about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?840828 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?840828 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - C:\WINDOWS\SYSTEM\AHIEHELP.DLL (file missing)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O10 - Broken Internet access because of LSP provider 'wps.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://download.iwon.com/ct/pm3/iwonpm_2_1,0,2,5.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1245/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www105.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp
 
Joined
Mar 25, 2001
Messages
3,334
Okay micheleg001, first my kudos to you for having one mean, lean start up folder. (y)

There's some stuff you can have HJT take care of. Check the following entries in HJT, close your browser, click Fix, and reboot afterwards.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?840828 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://out.true-counter.com/c/?840828 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?840828 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?840828 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?840828 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?840828 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?840828 (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://out.true-counter.com/a/?840828 about :blank (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?840828 (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?840828 (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?840828 (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?840828 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)



O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://download.iwon.com/ct/pm3/iwonpm_2_1,0,2,5.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1.../v6/brix6ie.cab

O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www105.coolsavings.com/download/cscmv5X.cab


O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp


Afterwards, go here and download Spybot:

http://www.safer-networking.org/index.php?lang=en&page=download

....once installed, have it go on line and download all updates. Have it check your system for any problems. Everything it finds in RED is safe to Fix.


Then, check your HJT log again. If this item wasn't fixed by Spybot:

O10 - Broken Internet access because of LSP provider 'wps.dll' missing

.........the go here for fixing that item:

http://www.cexx.org/lspfix.htm

:)
 

micheleg001

Thread Starter
Joined
Mar 6, 2001
Messages
9
Buckaroo.....

Did as you said and it worked!!!!! Thank you sooooo much for your help. You ROCK!!!

Michele
 
Joined
Mar 25, 2001
Messages
3,334
You're welcome. (y) Glad everything's well. I'm just getting back on line after major storm interruption here.

:)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top