Computer Hope

Microsoft => Microsoft Windows => Windows XP => Topic started by: Fordtruckmaniac on May 31, 2006, 12:09:24 AM

Title: Would someone check my "Highjack This" log file
Post by: Fordtruckmaniac on May 31, 2006, 12:09:24 AM

I just dowloaded Highjack This to the "Desktop" of a computer I am cleaning up for a person.

It does not look complete, compared to others I have seen on here. But this is all that shows  :-?

Have I not done something right?

Thanks,

Logfile of HijackThis v1.99.1
Scan saved at 1:59:41 PM, on 5/31/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Accessories\msmsgs.exe
O9 - Extra 'Tools' menuitem: MS&N Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Accessories\msmsgs.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O12 - Plugin for .flc: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

Title: Re: Would someone check my "Highjack This" log fil
Post by: dl65 on May 31, 2006, 12:32:29 AM

 Fordtruckmaniac....  Your right you have only posted perhaps 1/2 of the log ...... the last entry should be a 023 entry ......... and there are a lot missing in between ..... have another look at the saved log and the rest should be there.

dl65  ::)

Title: Re: Would someone check my "Highjack This" log fil
Post by: Fordtruckmaniac on May 31, 2006, 12:44:53 AM

I pasted from top to bottom on the log file. ? The actual "results" window on the program was not even filled after running the scan. There is no scrolling down to find more. That is it.

I will go back and look at it again though. I posted from the old computer after I loaded and ran the program.

Thanks,

Title: Re: Would someone check my "Highjack This" log fil
Post by: dl65 on May 31, 2006, 01:00:42 AM

 Fordtruckmaniac....  I just had another look and I realised that its win98SE your using ......... So thats all of it .

dl65  ::)

Title: Re: Would someone check my "Highjack This" log fil
Post by: dl65 on May 31, 2006, 01:06:48 AM

Fordtruckmaniac.......
Mark for removal the following :

O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)

O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL    

O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL

That should do it ......

dl65  ::)

Title: Re: Would someone check my "Highjack This" log fil
Post by: Fordtruckmaniac on May 31, 2006, 01:08:28 AM

This is the image I see directly.

Title: Re: Would someone check my "Highjack This" log fil
Post by: Fordtruckmaniac on May 31, 2006, 01:17:32 AM

Oh, I see you wrote while I was grabbing the image to post for you.

The [highlight]Pop This[/highlight] is a pop up blocker I installed on this computer. So go ahead and keep it? So I have it de-crapped pretty good?

This old Proteva had no AV at all. No adware, malware, spyware protection. Nothing!!! It was pretty wrecked. Tons of search this and that crap set in it, worms, trojans.

Thanks much dl65

Quote

Fordtruckmaniac.......
Mark for removal the following :

O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)

O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL    

O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL

That should do it ......

dl65  ::)

Title: Re: Would someone check my "Highjack This" log fil
Post by: dl65 on May 31, 2006, 01:21:01 AM

 Fordtruckmaniac.....  If POPTHIS is something that is always used then do not mark for removal the two ...... 09 entries ...they are part of POPTHIS.

Yes you have done a good job on that box......

dl65  ::)

Title: Re: Would someone check my "Highjack This" log fil
Post by: Fordtruckmaniac on May 31, 2006, 09:38:38 PM

dl65

I also was trying to get rid of the Yahoo Messenger.  So could I yank these files as well?


O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL


Thanks,

Title: Re: Would someone check my "Highjack This" log fil
Post by: Fordtruckmaniac on June 02, 2006, 01:00:04 AM

bump

Title: Re: Would someone check my "Highjack This" log fil
Post by: dl65 on June 02, 2006, 01:07:20 AM

 Fordtruckmaniac......  Yes you can do those files as well , but before you do that , go into control panel and use the add/remove programs and remove Yahoo messenger from there and then mark those items for removal in hijackthis .

dl65  ::)

Title: Re: Would someone check my "Highjack This" log fil
Post by: Fordtruckmaniac on June 02, 2006, 02:10:30 AM

Quote

Fordtruckmaniac......  Yes you can do those files as well , but before you do that , go into control panel and use the add/remove programs and remove Yahoo messenger from there and then mark those items for removal in hijackthis .

dl65  ::)

Okay

I had already done that. I was supprised to see it show up in the "Highjack This" log. I had searched for it in the registry too and knocked it out of there as well.

Thanks for the help, dl65