Jump to content


Photo

Hijack This Question


  • Please log in to reply
3 replies to this topic

#1 RedSunOfKrypton

RedSunOfKrypton

    Member

  • New Member
  • Pip
  • 2 posts

Posted 19 May 2004 - 09:18 PM

My computer has been acting funny now for a little while, so I got Spybot, and Ad-Aware and followed the instructions on the site etc. And a lot of things were fixed, but it's still a little off. So I got hijack this and ran the scan function. Problem is I don't know which things to fix in the log or not, so can anyone help me? I'd really appreciate it.

Here's the log:

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\FOLDER\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.download.dir", "C:\\My Documents\\My Pictures");
user_pref("browser.download.progressDnldDialog.keepAlive", false);
user_pref("browser.history.last_page_visited", "file:///C:/Anime/Naruto/215/naruto_ch215_p19.png");
user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.yahoo.com/");
user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4.1");
user_pref("browser.turbo.showDialog", false);
user_pref("editor.history_title_0", "funny");
user_pref("editor.history_title_1", "link");
user_pref("editor.history_title_2", "Gametrailer Links");
user_pref("editor.history_title_3", "link");
user_pref("editor.history_title_4", "Physad Powers");
user_pref("editor.history_title_5", "");
user_pref("editor.history_title_6", "The Depths Of Purgatory");
user_pref("editor.history_title_7", "dfgh");
use
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.download.dir", "C:\\My Documents\\My Pictures");
user_pref("browser.download.progressDnldDialog.keepAlive", false);
user_pref("browser.history.last_page_visited", "file:///C:/Anime/Naruto/215/naruto_ch215_p19.png");
user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.yahoo.com/");
user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4.1");
user_pref("browser.turbo.showDialog", false);
user_pref("editor.history_title_0", "funny");
user_pref("editor.history_title_1", "link");
user_pref("editor.history_title_2", "Gametrailer Links");
user_pref("editor.history_title_3", "link");
user_pref("editor.history_title_4", "Physad Powers");
user_pref("editor.history_title_5", "");
user_pref("editor.history_title_6", "The Depths Of Purgatory");
user_pref("editor.history_title_7", "dfgh");
use
O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - C:\PROGRA~1\SVAPLA~1\SVAPLA~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O8 - Extra context menu item: Translate Selection with Worldlingo.com - http://www.worldling...pword=lingocnet
O8 - Extra context menu item: Translate Page with Worldlingo.com - http://www.worldling...pword=lingocnet
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: Translate Page (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7582.7456712963
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/View22RTE.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab

#2 Archon_Wing

Archon_Wing

    Donut Patron

  • Trusted Advisor
  • PipPipPipPip
  • 368 posts

Posted 20 May 2004 - 04:55 AM

Could you post the top part of the log?
Rights are never important until you don't have them.

#3 RedSunOfKrypton

RedSunOfKrypton

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 May 2004 - 05:30 AM

Logfile of HijackThis v1.97.7
Scan saved at 5:15:45 PM, on 5/19/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Oh, and sorry for posting this in the wrong place. My bad :|

#4 Archon_Wing

Archon_Wing

    Donut Patron

  • Trusted Advisor
  • PipPipPipPip
  • 368 posts

Posted 21 May 2004 - 04:33 AM

You can select the following entries listed below in Hijack This. Then, close all other windows besides Hijack This and click fix checked


Note: If something goes wrong you can undo the changes done by Hijack This. Go to the bottom right hand corner of Hijack This and click on config. Then choose backups.There you can reverse any changes you made.

O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - C:\PROGRA~1\SVAPLA~1\SVAPLA~1.DLL

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)

O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -



Restart the computer and post a new log.
Rights are never important until you don't have them.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button