wee bit of help needed with analysis of HijackThis Log....

Hello. Our computer has been slow and very often freezes completely necessitating hard resets. Despite being on broadband, the internet pages are very slow to come through yet the computer seems busy doing something. So, after much reading of similar posts i have downloaded and ran Spybot 1.4, Lavasoft Ad-aware SE Personal 1.06 and Hijackthis.exe as is commonly suggested. There is now a significant improvement in the speed of the machine, but I would very much appreciate some analysis of the hijackthis logfile and any details as to correct anything further. I still get popups such as netvenda, flash games , adult wallpaper popups and rogue dialer boxes..... all of which i want rid of..

Anyway, here is the logfile from the Hijackthis program :


Logfile of HijackThis v1.99.1
Scan saved at 19:36:01, on 19/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\EZAUDIO.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\USBDRIVE\SHWICON.EXE
C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sex-family.net/sherbook/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=2323
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.sex-family.net/sherbook/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-search.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\99365223.hta
O4 - HKLM\..\Run: [Gardner] C:\WINDOWS\SYSTEM\Gardner.exe
O4 - HKLM\..\Run: [ADDIN] C:\WINDOWS\SYSTEM\ADDIN.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRAM FILES\NORTON CLEANSWEEP\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [BtStart] C:\Program Files\Belkin\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ShowIcon_Just Rams_USB Device Driver v1.25r004] "C:\Program Files\USBDRIVE\shwicon.exe" -t "Just Rams\USB Device Driver v1.25r004 "
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Product Driver v2.12r012] "C:\Program Files\USB Product Driver v2.12r012\shwicon.exe" -t "Justrams\USB Product Driver v2.12r012 "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [cmiBk] C:\GWGLEUXK.EXE
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton CleanSweep\CSINJECT.EXE
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20000128/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9E5E8BAE-C06C-43A2-84F9-49F90A92508F} (Virgin Net Number Update Control) - http://client.virgin.net/assets/update.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O19 - User stylesheet: (file missing)

Any help / ideas much appreciated..
Cheers

George

 

Hi George! Welcome to WindowsBBS!

Since HijackThis does not delete most of the files associated with the entries being fixed, in addition to TonyT's recommendation, please do the following.

Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

Extract the file to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\SYSTEM\Gardner.exe

Check the box to delete on reboot and click the red X to the right. Click Yes, then NO to the reboot now prompt. Copy the next filepath, paste it in the box, and repeat the above steps. When all of the below filepaths are done, allow it to reboot.

C:\WINDOWS\SYSTEM\ADDIN.exe
C:\GWGLEUXK.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE

After rebooting, please delete the folder ISTSVC in C:\Program Files.
Open C:\Temp if present, select all and delete.
Opn C:\Windows\temp, select all and delete. You may get a message that something is in use and connot be deleted, leaving some files in place. Select all again, press and hold Ctrl and click the file named in the message to de-select it, then delete. You may have to repeat, de-selecting other files as well to get the majority deleted.
Open the control panel and then Internet options. Delete the Temporary Internet Files, checking the box for offline content.
Open My Computer, right click Local Disk C: and choose properties. Click Disk Cleanup and check all boxes, then click OK. Wait for it to complete.

Empty the recycle bin and reboot.

Then do an online virus scan with Panda ActiveScan. Click the report button when finished, save it and post it here, along with a new HijackThis log.

 

Hi there guys. Thanks for taking the time to help me out here. I have followed your advice and completed all the scans. Here is a list of the files and folders the computer wasnt happy about me deleting from C:\Windows\temp, so they are still there :

Cookies -(folder)
History - (folder)
Temporary Internet Files - (folder)

3dOUST.exe - (file)
5xgrLO.exe
bb.exe
gPfBNA.exe
lec2281.tmp
lec2370.tmp
lec3252.tmp
lec3324.tmp
lec3331.tmp
lec4260.tmp
lec5261.tmp
lec8082.tmp
lecf314.tmp
istsv_.exe
keywordsinc.exe
Setup!.exe
setup_wm.exe

Here is the saved report from Panda Activescan :


Incident Status Location

Adware:adware/popuper No disinfected C:\WINDOWS\SYSTEM\msmsgs.exe
Adware:adware/ncase No disinfected C:\WINDOWS\TEMP\bb.exe
Spyware:spyware/adclicker No disinfected C:\WINDOWS\help_dcc.dll
Spyware:spyware/istbar No disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Adware:adware/cws No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGE_BAK
Adware:Adware/Popuper No disinfected C:\WINDOWS\SYSTEM\msmsgs.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\TEMP\bb.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\istsv_.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\3dOUST.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\gPfBNA.exe
Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\TEMP\5xgrL0.exe
Adware:Adware/Comet No disinfected C:\Program Files\Norton CleanSweep\Backup\MON5597.BUD[comet.inf]
Virus:W32/Mydoom.N.worm Disinfected [~000000.txt][readme.scr]
Virus:JS/Kak.Worm Disinfected Local Folders\Flying Club\Ayroplanes[~000002.@x@]
Virus:JS/Kak.Worm Disinfected Local Folders\Flying Club\Various[~000002.@x@]
Virus:JS/Kak.Worm Disinfected Local Folders\George's inbox\newcrops\Book on Himalayan wild fruits.[~000002.@x@]
Virus:JS/Kak.Worm Disinfected Local Folders\Sent Items\Re: Ayroplanes[~000002.@x@]
End of Activescan Report. Here is the new Hijackthis logfile :

Logfile of HijackThis v1.99.1
Scan saved at 21:20:15, on 20/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\EZAUDIO.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\USBDRIVE\SHWICON.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://uk.yahoo.com/
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\99365223.hta
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRAM FILES\NORTON CLEANSWEEP\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [BtStart] C:\Program Files\Belkin\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ShowIcon_Just Rams_USB Device Driver v1.25r004] "C:\Program Files\USBDRIVE\shwicon.exe" -t "Just Rams\USB Device Driver v1.25r004 "
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Product Driver v2.12r012] "C:\Program Files\USB Product Driver v2.12r012\shwicon.exe" -t "Justrams\USB Product Driver v2.12r012 "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton CleanSweep\CSINJECT.EXE
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20000128/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9E5E8BAE-C06C-43A2-84F9-49F90A92508F} (Virgin Net Number Update Control) - http://client.virgin.net/assets/update.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

End of logfile. I can see quite a few changes and the machine is working faster. You guys must be geniuses to work all this out .....!!!
Do you think there is anything else needing done ? I have noticed the browser strat with "about:blank" now, hope this is isnt a problem ?

Again thanks and any further help is much appreciated...

George

 

Taskkill is an XP Pro file, and the "%UserProfile%\Local Settings\Temp\" path is for XP also.

Please fix the following entries with HijackThis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://uk.yahoo.com/
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\PLUS!\VIRUSCAN\VSHWIN32.EXE

Reboot to safe mode.

Delete the following files and folders I have in bold.

C:\WINDOWS\SYSTEM\msmsgs.exe
C:\WINDOWS\help_dcc.dll
C:\PROGRAM FILES\COMMON FILES\Totem Shared <<folder

Open the control Panel and uninstall McAfee Viruscan if listed, then delete the following folder.
C:\PROGRAM FILES\PLUS!\VIRUSCAN

Open C:\Windows\temp, select all and delete (shouldn't be any problem files/folders now).

Empty the recycle bin and reboot back Into windows. Create and post a new HijackThis log. Let us know how your computer is behaving.

 

Thanks Tony and Noah. Not sure whether you guys wanted me to use the taskkill file, as we have windows 98 SE. Tony if you think it would still be ok then ill do it. I clicked Yes to all to delete the windows\temp files and folders, although there was still a dialogue box for each of those above warning there may be problems, hopefully its ok, all seems to be working better. Start up usually takes far longer than i thought it should and the desktop icons appear and dissappear about 6 to 7 times in 'invisible squares' (if you catch my drift) before staying. However in the last reboot back into windows just there, the icons appeared then dissappeared just 3 times. The most annoying thing that often happens is that the screen will just freeze and nothing responds, not even ctrl alt delete, so almost everytime i have to hard reset. If we have managed to prevent that, ill run down the high street in my birthday suit....... !!

Anyway, here is the latest hijackthis logfile :

Logfile of HijackThis v1.99.1
Scan saved at 12:13:15, on 21/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\EZAUDIO.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\USBDRIVE\SHWICON.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\99365223.hta
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRAM FILES\NORTON CLEANSWEEP\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [BtStart] C:\Program Files\Belkin\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ShowIcon_Just Rams_USB Device Driver v1.25r004] "C:\Program Files\USBDRIVE\shwicon.exe" -t "Just Rams\USB Device Driver v1.25r004 "
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Product Driver v2.12r012] "C:\Program Files\USB Product Driver v2.12r012\shwicon.exe" -t "Justrams\USB Product Driver v2.12r012 "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton CleanSweep\CSINJECT.EXE
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20000128/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9E5E8BAE-C06C-43A2-84F9-49F90A92508F} (Virgin Net Number Update Control) - http://client.virgin.net/assets/update.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

If all ok, can i set up a browser homepage instead of about blank ?

Cheers

George

 

taskkill is a command, which refers to the file taskkill.exe, which you do not have. So no, don't bother trying to run it.

Locate the hidden file shelliconcache (believe it's C:\Windows) and rename it shelliconcacheold.

Reboot to safe mode and run disk cleanup, scandisk and defragment, in that order. When done, if you have some compressed air, shut down and remove the cover, then clean things out good. Restart and let us know how things are working.

 

Hello again. Ran Disk cleanup, Scandisk and Defrag in safe mode overnight (took 19 hours to defrag !). Gave the inside a good blast, and it was quite disgustingly dusty. Machine seems to be working fine now. No annoying popups yet, but we will wait and see what happens in the next hour or two online ..... I guess I should update Spybot, Adaware, CWSShredder, and Hijack this every month say and run them as ive done. Would it be wise if i see the same lines in the hijackthis log as ive deleted here, to just fix them through hijackthis, or is every log slightly different and hence better referred to you guys on a regular basis in case there is any particular problems ?

Again, Id like to thank you both for your help and the free software, much obliged.
Have a good weekend !
Cheers

George

 

Glad to hear things are working properly again.

I also recommend you download and install SpywareBlaster. Enable all protections, check for updates and enable them too. Then download IESpyad.exe, double click to extract (it extracts to C:\IESpyad by default), open the folder, double click the ie-ads.reg file and allow it to merge into the registry. That will give you some added layers of protection.