Jump to content


Photo

Help im new to pc


  • This topic is locked This topic is locked
6 replies to this topic

#1 daffy

daffy

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 05:11 AM

Hiya, im new to the pc so please be patient, i have unwanted item called erotica under the tool button, i also had an IQ test there too for ages but that has vanished, i downloaded the spyware and another thingy and it scanned my pc but hasnt got rid of it. Please help me get rid of this as im concerned that my children will click on it by accident and it will take them straight to that page.

many thanks
daffy

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 01 July 2004 - 02:42 PM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 daffy

daffy

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 03:20 PM

Thanks for getting back to me, hope i done this right here goes,

Logfile of HijackThis v1.97.7
Scan saved at 21:10:16, on 01/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\pmsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\tmostj.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\PROGRA~1\COMMON~2\VCatch\VCatch.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\webshots.scr
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
C:\Program Files\Gearbox Connection Kit\bin\gbdash.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrea\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/home.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Samantha\My Documents\WH5_1843003.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-gb\msntb.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [alchem] C:\Documents and Settings\Toddy\Local Settings\Temp\alchem.exe
O4 - HKLM\..\Run: [gqfyxnwmebw] C:\WINDOWS\System32\tmostj.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\Andrea\LOCALS~1\Temp\MiniBug.exe 1
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\VCatch\VCatch.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Erotic (HKLM)
O9 - Extra 'Tools' menuitem: Erotic... (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masmin...aaplicacion.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8007.5676851852
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21D757ED-BD92-4F04-AD39-177E9426A5E2}: NameServer = 194.168.4.100 194.168.8.100

Hope this is ok im not sure i done it right

#4 daffy

daffy

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 03:41 PM

Also sorry i forgot to add that when i pressed hijckthis to download it had a message came up it said, Advanced Malicious application detection system, has recognised suspicouis characteristics in the file HijackThis.exe downloaded by internet explorer. Would you like to delete this file.
Malicious probability 97%

I clicked no to carry on downloading.

#5 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 01 July 2004 - 06:02 PM

You're doing OK so far.


Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Samantha\My Documents\WH5_1843003.dll

O4 - HKLM\..\Run: [alchem] C:\Documents and Settings\Toddy\Local Settings\Temp\alchem.exe
O4 - HKLM\..\Run: [gqfyxnwmebw] C:\WINDOWS\System32\tmostj.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\Andrea\LOCALS~1\Temp\MiniBug.exe 1
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\VCatch\VCatch.exe

O9 - Extra 'Tools' menuitem: Erotic... (HKLM)

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab

Reboot and delete

files
All files in the C:\Documents and Settings\Toddy\Local Settings\Temp folder
All files in the C:\Documents and Settings\Andrea\Local Settings\Temp folder
C:\WINDOWS\System32\tmostj.exe

folders
C:\PROGRA~1\COMMON~2\VCatch

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#6 daffy

daffy

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 July 2004 - 06:59 PM

Thanks ever so much my unwanted item under the tools has gone,
thanks again
daffy

#7 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 03 July 2004 - 10:27 AM

Glad to help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button