• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jshapp03

Fix My Hijack This log

21 posts in this topic

hi, im pretty sure theres something wrong on my log here. I just ran the newest versions of ad-aware, spybot, and CWShredder. Each of them found problems. I used ad-aware 3 times in a row just now and each time it found something new. Heres my HJT log please tell me if somethings wrong on it to. :unsure:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:11:22 PM, on 6/10/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\SA3DSRV.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATICWD32.EXE

C:\WINDOWS\SYSTEM\ATITASK.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE

C:\WINDOWS\STUTFIX.EXE

C:\WINDOWS\SYSTEM\CPQPSCP.EXE

C:\WINDOWS\SYSTEM\PROMON.EXE

C:\PROGRAM FILES\EXCITE\PRVTMSGR\BIN\X8IMPIPE.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\TOOLS_95\IMGICON.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\DESKTOP\JUSTINS THINGS\FIX COMPUTER\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Essdc] essdc.exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe

O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe

O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe

O4 - HKLM\..\Run: [CompaqSysTray] cpqpscp.exe

O4 - HKLM\..\Run: [ZoomTownEXE] d:\autorun\autorun.exe

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [KFWebServer] C:\Program Files\KeyFocus\KFWS\bin\kfwsmon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [HC Reminder] hc.exe

O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe

O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe

O4 - HKLM\..\RunServices: [sSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe

O4 - HKCU\..\Run: [soniqueQuickStart] C:\PROGRAM FILES\SONIQUE\sqstart.exe -nostick

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE

O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE

O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE

O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\WINDOW~1\MLSET32.EXE

O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Startup: America Online Tray Icon.lnk.disabled

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html

O9 - Extra button: AIM (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20011004...meInstaller.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Share this post


Link to post
Share on other sites

can anyone tell me what needs to be deleted of that log please.. i think its a homepage hijack because my homepage keeps changing.

Edited by jshapp03

Share this post


Link to post
Share on other sites

Hi jshapp03,

I have examined your log and can find nothing that would cause you problems. I take it Zoomtown is your ISP?. If you have a specific problem please let me know of it, and get back to me with a fresh logfile here.

Share this post


Link to post
Share on other sites

yes, i have a few problems now. please help

 

every once in a while my homepage will keep changing to about:blank. (it will also change to msn.com sometimes but i think thats only after i run ad-aware)

 

almost everytime i run ad-aware it finds about 10-20 things saying possible browser hijack.

 

and every once in a while i cant use certain sites like google, certain forums, and geocities. it will just give me that error page saying page cannot be displayed. the only way i can use those pages is to restart my computer (that works sometimes). or i can use my other browser.

 

----------------------------------------------------------------

 

Logfile of HijackThis v1.97.7

Scan saved at 11:18:21 AM, on 6/14/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\SA3DSRV.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATICWD32.EXE

C:\WINDOWS\SYSTEM\ATITASK.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE

C:\WINDOWS\STUTFIX.EXE

C:\WINDOWS\SYSTEM\CPQPSCP.EXE

C:\WINDOWS\SYSTEM\PROMON.EXE

C:\PROGRAM FILES\EXCITE\PRVTMSGR\BIN\X8IMPIPE.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\TOOLS_95\IMGICON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\DESKTOP\JUSTINS THINGS\FIX COMPUTER\HIJACKTHIS.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: (no name) - {32367B9E-BD59-11D8-A636-0003D03A0252} - C:\WINDOWS\SYSTEM\DDNCJK.DLL (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Essdc] essdc.exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe

O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe

O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe

O4 - HKLM\..\Run: [CompaqSysTray] cpqpscp.exe

O4 - HKLM\..\Run: [ZoomTownEXE] d:\autorun\autorun.exe

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [KFWebServer] C:\Program Files\KeyFocus\KFWS\bin\kfwsmon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [HC Reminder] hc.exe

O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe

O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe

O4 - HKLM\..\RunServices: [sSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe

O4 - HKCU\..\Run: [soniqueQuickStart] C:\PROGRAM FILES\SONIQUE\sqstart.exe -nostick

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE

O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE

O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE

O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Startup: America Online Tray Icon.lnk.disabled

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html

O9 - Extra button: AIM (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20011004...meInstaller.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Share this post


Link to post
Share on other sites

Hi there jshapp03,

 

I need you to do this first;

 

You are running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar). Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop.

 

Next,

 

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {32367B9E-BD59-11D8-A636-0003D03A0252} - C:\WINDOWS\SYSTEM\DDNCJK.DLL (file missing)

 

Next,

 

Restart your computer in

Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

 

This may not show,

 

C:\WINDOWS\SYSTEM\DDNCJK.DLL<<<<File

 

 

 

Reboot,

then post a fresh logfile so that I can check to see if it is clean.

Share this post


Link to post
Share on other sites

ok i deleted the things on hijack this and it went back to my normal homepage then when i restarted my homepage went back to about:blank again. and i thought about:blank was suppost to be a blank page.... when this thing changes to about:blank its actually a search engine. its still mest up :weep:

 

--------------------------------------------

Logfile of HijackThis v1.97.7

Scan saved at 2:33:10 PM, on 6/14/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\SA3DSRV.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATICWD32.EXE

C:\WINDOWS\SYSTEM\ATITASK.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE

C:\WINDOWS\STUTFIX.EXE

C:\WINDOWS\SYSTEM\CPQPSCP.EXE

C:\WINDOWS\SYSTEM\PROMON.EXE

C:\PROGRAM FILES\EXCITE\PRVTMSGR\BIN\X8IMPIPE.EXE

C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\TOOLS_95\IMGICON.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE

C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE

C:\WINDOWS\DESKTOP\JUSTINS THINGS\FIX COMPUTER\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: (no name) - {AB3A75F2-BDF2-11D8-A636-00036EDF01A6} - C:\WINDOWS\SYSTEM\BNMN.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Essdc] essdc.exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe

O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe

O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe

O4 - HKLM\..\Run: [CompaqSysTray] cpqpscp.exe

O4 - HKLM\..\Run: [ZoomTownEXE] d:\autorun\autorun.exe

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [KFWebServer] C:\Program Files\KeyFocus\KFWS\bin\kfwsmon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [HC Reminder] hc.exe

O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe

O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe

O4 - HKLM\..\RunServices: [sSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe

O4 - HKCU\..\Run: [soniqueQuickStart] C:\PROGRAM FILES\SONIQUE\sqstart.exe -nostick

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE

O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE

O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE

O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Startup: America Online Tray Icon.lnk.disabled

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html

O9 - Extra button: AIM (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20011004...meInstaller.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Share this post


Link to post
Share on other sites

Hi,

 

Please deal with this first

 

You are still running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar). Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop.

Share this post


Link to post
Share on other sites

no its not on my desktop its in a folder

 

 

its in a folder that is on my desktop though

Edited by jshapp03

Share this post


Link to post
Share on other sites

Ok,

 

This is at the bottom of your running processes on your logfile

 

C:\WINDOWS\DESKTOP\JUSTINS THINGS\FIX COMPUTER\HIJACKTHIS.EXE

 

 

I take it there are no backups on your desktop from the fix then?

Share this post


Link to post
Share on other sites

yea thats because its a folder thats on my desktop is that ok? or should i move it.

no all the back ups went to that folder....

what else should i delete cause my homepage is still hijacked. it keeps changing to about blank

Edited by jshapp03

Share this post


Link to post
Share on other sites

Please move it first

Share this post


Link to post
Share on other sites

You have a CoolWebSearch variant infection which requires special treatment.

 

Download 'Dllfix.exe' from:

 

http://tools.zerosrealm.com/dllfix.exe

 

It is a self-extracting archive; double click on it.

 

IMPORTANT!: Before you run this tool please close ALL running programs and ALL Windows except dllfix.

 

Open the DLLFIX folder and double click on Start.bat.

 

*Note: If your Antivirus is running a scriptblocker, when you run this tool, you will probably receive an alert warning you that the script is running. "Allow" the script to run.

 

 

At the main menu, press '1' (Run Find-All by FreeAtLast) and enter.

Let the program run.

When finished, Press 'E' to exit.

 

Open the DLLFix folder.

1. Post the contents of Output.txt in this thread.

2. Attach file Windows1.txt to the same post. (Please attach, do not post)

Share this post


Link to post
Share on other sites

Print the instructions if you can, all programs/windows etc must be closed before you run the tool

Share this post


Link to post
Share on other sites

Apologies!

I will hunt for the 98 fix

Share this post


Link to post
Share on other sites

Download: "StartDreck", from here:

http://members.blackbox.net/hp_links/21/ni.../startdreck.htm

 

Unzip to its own folder and start the program,

 

Press 'Config'

Press 'Unmark All'

 

Check the following boxes only:

Registry -> Run Keys

System/drivers> Running processes

Press 'Ok'

 

Press 'Save' and select hte location to save the log file

(default is the same folder as the application)

 

Post the log in this thread.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0