• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
daffy

Help im new to pc

7 posts in this topic

Hiya, im new to the pc so please be patient, i have unwanted item called erotica under the tool button, i also had an IQ test there too for ages but that has vanished, i downloaded the spyware and another thingy and it scanned my pc but hasnt got rid of it. Please help me get rid of this as im concerned that my children will click on it by accident and it will take them straight to that page.

 

many thanks

daffy

Share this post


Link to post
Share on other sites

We need a closer look at what's happening.

Please download Hijack this

Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

Thanks for getting back to me, hope i done this right here goes,

 

Logfile of HijackThis v1.97.7

Scan saved at 21:10:16, on 01/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\System32\pmsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\System32\tmostj.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\PROGRA~1\COMMON~2\VCatch\VCatch.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\WINDOWS\webshots.scr

C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe

C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe

C:\Program Files\Gearbox Connection Kit\bin\gbdash.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Andrea\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/home.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>

O2 - BHO: (no name) - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Samantha\My Documents\WH5_1843003.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-gb\msntb.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [alchem] C:\Documents and Settings\Toddy\Local Settings\Temp\alchem.exe

O4 - HKLM\..\Run: [gqfyxnwmebw] C:\WINDOWS\System32\tmostj.exe

O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\Andrea\LOCALS~1\Temp\MiniBug.exe 1

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\VCatch\VCatch.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Erotic (HKLM)

O9 - Extra 'Tools' menuitem: Erotic... (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)

O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8007.5676851852

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{21D757ED-BD92-4F04-AD39-177E9426A5E2}: NameServer = 194.168.4.100 194.168.8.100

 

Hope this is ok im not sure i done it right

Share this post


Link to post
Share on other sites

Also sorry i forgot to add that when i pressed hijckthis to download it had a message came up it said, Advanced Malicious application detection system, has recognised suspicouis characteristics in the file HijackThis.exe downloaded by internet explorer. Would you like to delete this file.

Malicious probability 97%

 

I clicked no to carry on downloading.

Share this post


Link to post
Share on other sites

You're doing OK so far.

 

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Samantha\My Documents\WH5_1843003.dll

 

O4 - HKLM\..\Run: [alchem] C:\Documents and Settings\Toddy\Local Settings\Temp\alchem.exe

O4 - HKLM\..\Run: [gqfyxnwmebw] C:\WINDOWS\System32\tmostj.exe

O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\Andrea\LOCALS~1\Temp\MiniBug.exe 1

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\VCatch\VCatch.exe

 

O9 - Extra 'Tools' menuitem: Erotic... (HKLM)

 

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

Reboot and delete

 

files

All files in the C:\Documents and Settings\Toddy\Local Settings\Temp folder

All files in the C:\Documents and Settings\Andrea\Local Settings\Temp folder

C:\WINDOWS\System32\tmostj.exe

 

folders

C:\PROGRA~1\COMMON~2\VCatch

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites

Glad to help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0