Major puter probs, hijack log
Results 1 to 5 of 5

Thread: Major puter probs, hijack log

  1. October 18th, 2003, 02:52 AM #1
    Sleigh Belle
    Sleigh Belle is offline Virtual Med Student
    Join Date
    Oct 2003
    Location
    Canada
    Posts
    1

    Question Major puter probs, hijack log

    I have been having major problems (started with a virus that I quarentined). I try to do a thorough scan disk but it won't complete because there is a program writing to the drive. My puter also takes a long time to start up and is really bogged down when running. I ran the "hijack this" scan for both running processes and start up log. Sorry it's so long but can someone please tell me what I can get rid of here and how? Thanks.

    Logfile of HijackThis v1.97.3
    Scan saved at 2:25:41 AM, on 18/10/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\MSMGT.EXE
    C:\PROGRAM FILES\INKLINE GLOBAL\PC BOOSTER\PCBOOSTER.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.EXE
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [Yahoo HP Reminder 1.0] C:\PROGRAM FILES\YAHOO!\YIP2\HP\ENCWAR\PROGRAM\YR.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.2686921296
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
    O16 - DPF: {828A9ED2-C5BB-4CAA-BCB7-A4CC024AAFD6} - http://www.totalvelocity.com/SpeedBl...terT_3.0.4.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    Reply With Quote Reply With Quote
  2. October 18th, 2003, 01:27 PM #2
    flachebaq
    flachebaq is offline Virtual Resident
    Join Date
    Mar 2001
    Posts
    597
    First thing you need to do is download something like AdAware and clean the SpyWare off your PC. I can tell by a few of the processes that are running on your PC that you have Kazaa. That should get rid of some of the problems.
    Reply With Quote Reply With Quote
  3. October 18th, 2003, 01:49 PM #3
    SuperSparks's Avatar
    SuperSparks
    SuperSparks is offline Friend of Site Staff
    Join Date
    Apr 2000
    Location
    Friern Barnet, London, England
    Posts
    46,565
    Try Spybot as well:

    Spybot S & D

    It looks like you have a Browser Helper Object called "Mywebsearch" which is probably scumware. There is a ton of info on spyware/scumware removal here as well:

    www.spywareinfo.com

    Welcome to VirtualDr BTW
    Nick.
    Reply With Quote Reply With Quote
  4. October 18th, 2003, 03:11 PM #4
    TangZ's Avatar
    TangZ
    TangZ is offline Networking Guru
    Join Date
    Sep 2003
    Location
    Florida
    Posts
    1,494
    Scumware? thats a new one to me...

    please, sparks...elaborate

    what...persay..is scumware
    (being serious, I have no idea what it is)
    .*TaNgZ*.

    **(Outdated)Power Machiene**
    **Tripple Boot System**
    Operating Systems     : Windows 2000 SP4; Windows XP Pro; SuSE Linux 9.1
    CPU : AMD Athlon XP 2700+ (256kb on-die L2 Cache) PDF Data Sheet
    RAM : 2x512 PC3200 modules-88L5HDL0-1RDG
    MOBO : Gigabyte GA-7VAXP Ultra
    HDD : WD800BB (80gig), WD800JB (80gig)
    DVD DRIVE : Sony DRU-500A
    CD DRIVE : AOPEN 52x48x52 CD-RW
    VIDEO : GeForce FX5900 (OC'd to 10MHz below the 5950 Ultra)
    AUDIO : Creative Sound Blaster Audigy 2
    CAPTURE : Conexant Mpeg video capture card
    3D : Direct X 9.0b

    A+ and Net+ Certified (so far)

    Quote of the day
    “Success is never final. Failure is never fatal.” -Winston Churchill

    - - - Recommended Programs - - -
    AdAware - - Spybot Search & Destroy - - Hijack This - - Everest Home Edition

    Want to know if a program is naughty? Go to Sysinfo.org to find out ! !
    Reply With Quote Reply With Quote
  6. October 18th, 2003, 03:37 PM #5
    SuperSparks's Avatar
    SuperSparks
    SuperSparks is offline Friend of Site Staff
    Join Date
    Apr 2000
    Location
    Friern Barnet, London, England
    Posts
    46,565
    It's just a general name given for any kind of malicious software, BHO's that take you to porn sites, diallers that dial half-way round the world and give you a phone bill for several hundred dollars, stuff that changes all your IE preferences and won't let you cahnge them back. That sort of thing.

    I think it was Mike Healan over at Spywareinfo that coined the phrase, or it might have been Fred langa, but it's being used quite a lot now. I think it's a very good word for that %^&$.
    Nick.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules