Author Topic: highjack this log (Read 3082 times)

jen3ca · « **Reply #40 on:** February 13, 2006, 05:15:48 PM »

it didnt work
now what?

guestolo · « **Reply #41 on:** February 13, 2006, 05:43:31 PM »

Quote

it didnt work
now what?

Since I'm not a mind reader, I'll have to ask some questions to see if you at least tried again on your own to see if you can get this machine to view web pages
I'll try to put in as much effort as you give back

How did you get the computer to view web pages earlier?
Have you checked in your dialup connections properties to see
If you are set to use a proxy or not, it may be trying to force it

I linked you to a few tools earlier, Winsock2 fix and LSP fix, have you tried them again?

Close down all browser windows, disconnect from the Net
Run Winsock2>>ONLY from the Desktop
Double click on the w2fix file on your Desktop and follow the on-screen instructions. You will be prompted to reboot your computer twice before the fix is complete.

You recently installed a very old version of Norton's
You could try uninstalling it from Add/Remove programs completely and see if this resolves your problem
We'll get you a more up to date AV if you can get this computer online

You could also try removing ICS
Reinstall only if needed
http://www.homenethelp.com/web/faq/sharing-ics.asp

Keep me informed, I need more than a Yup or Nope

I would like to see a New hijackthis log and a new Uninstall list from hijackthis

jen3ca · « **Reply #42 on:** February 15, 2006, 02:05:25 AM »

im back online on the other computer that i have been working on
i got back online by uninstalling the ics then uninstalled and then reinstalled the modem
after that i ran the winsock2fix and now my computer is back online anyway here is the highjack this log
and the unistall list that you wanted.

Logfile of HijackThis v1.99.1
Scan saved at 2:01:01 AM, on 2/15/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

Ad-Aware SE Personal
Adobe Acrobat 5.0
ArcSoft PhotoStudio 2000
Caere Scan Manager 5.1
Canon CanoCraft CS-P 3.8
Canon ScanGear Toolbox CS 2.2
CCleaner (remove only)
Conexant HCF V.90/56K Modem
Corel WordPerfect Suite 8
HijackThis 1.99.1
Internet Explorer Q891781
Kurzweil 3000 v.6
LiveAdvisor (Symantec Corporation)
LiveUpdate
Macromedia Flash Player 8
Microsoft Data Access Components KB870669
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Outlook Express 6
Microsoft VGX Q833989
Mozilla Firefox (1.5)
Outlook Express Q837009
Panda ActiveScan
Spybot - Search & Destroy 1.4
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows 98 Q890175 Update
Windows Messaging Update 1
WinZip

I am also going to download the virus program you wanted me to download awhile ago and do a panda scan and update my spybot and other programs.

jen3ca · « **Reply #43 on:** February 15, 2006, 02:14:57 PM »

here the panda scan log

Incident Status Location

Adware:adware/cws Not disinfected C:\WINDOWS\Favorites\LIVING\Insurance.lnk
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\SYSTEM\paytime.exe
Potentially unwanted tool:application/funweb
Not disinfected
C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Adware:adware/tvmedia Not disinfected C:\WINDOWS\Application Data\tvmknwrd.dll
Adware:adware/clickalchemy Not disinfected C:\WINDOWS\INF\ALCHEM.INF
Adware:adware/gator Not disinfected C:\GatorPatch.log
Adware:adware/secure32 Not disinfected C:\secure32.html
Adware:adware/dollarrevenue Not disinfected C:\drsmartload1.exe
Adware:adware/sidesearch Not disinfected C:\PROGRAM FILES\Lycos
Adware:adware/dealhelper Not disinfected C:\WINDOWS\SYSTEM\DealHelper
Spyware:spyware/clipgenie Not disinfected Windows Registry
Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Cookies\alc@2o7[2].txt
Adware:Adware/Secure32 Not disinfected C:\WINDOWS\SYSTEM\paytime.exe
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\INF\ALCHEM.INF
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Cookies\alc@2o7[2].txt
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\winsysupd2.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\winsysban2.exe
Spyware:Spyware/Clipgenie Not disinfected C:\Program Files\Support Software\SS2.DLL
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload1.exe

guestolo · « **Reply #44 on:** February 15, 2006, 11:41:24 PM »

Can you do the following please, and nice to hear again your back online
And your log is looking better

Optionally, not malware but not needed on startup
You can have hijackthis fix checked these entries with all other windows closed
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

Find and delete the following files or folders in bold please
Let me know which you couldn't find all of them

FILES
C:\WINDOWS\Favorites\LIVING\Insurance.lnk
C:\WINDOWS\SYSTEM\paytime.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
C:\WINDOWS\Application Data\tvmknwrd.dll
C:\WINDOWS\INF\ALCHEM.INF
C:\GatorPatch.log
C:\secure32.html
C:\drsmartload1.exe
C:\WINDOWS\winsysupd2.exe
C:\WINDOWS\winsysban2.exe
C:\Program Files\Support Software\SS2.DLL

C:\PROGRAM FILES\Lycos
C:\WINDOWS\SYSTEM\DealHelper

Afterwards
Download and install ONLY one of these free AV's
More than one will cause conflicts
All have a free version
AVG 7 by Grisoft

Avast Home Edition by ALWIL

AntiVir Personal Edition Classic

After it is installed run a full system scan and let it clean what it finds
Reboot the computer

*Install SpywareBlaster 3.5.1 by JavaCool[/url]

After installation, Check for updates and then click the "Enable all protection"
Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"

Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Please Immunize after every update

I would also recommend that you do a Disk Defragmentor on your system
I feel it's best to do this in safe mode

Post back and let me know how things are running

guestolo · « **Reply #45 on:** March 05, 2006, 04:56:13 PM »

As these problems appear resolved, I'll lock this topic
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: highjack this log (Read 3082 times)

jen3ca

highjack this log

guestolo

highjack this log

jen3ca

highjack this log

jen3ca

highjack this log

guestolo

highjack this log

guestolo

highjack this log