Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Service Pak 2 and Internet Explorer

Started by Deb227 , Sep 29 2004 06:15 PM

  • Please log in to reply

#16
Deb227
Posted 10 October 2004 - 02:51 PM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

How you getting on with the scans?

View Post


I've finished with the scans and I am just now going to Hijack this again and send it to you. Hopefully you'll be able to help> Thanks.
  • 0

Advertisements

#17
Deb227
Posted 10 October 2004 - 03:29 PM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

How you getting on with the scans?

View Post


I've finished with the scans and I am just now going to Hijack this again and send it to you. Hopefully you'll be able to help> Thanks.

View Post


I am trying to use Hijackthis and when I press the hijack button on the bottom of my screen it says waiting for www.merijn.org.... and nothing happens. What does this mean?
<_<
  • 0

#18
-=jonnyrotten=-
Posted 10 October 2004 - 03:33 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Try downloading it again from the link in my signature and when then move the HJT.exe file to a permanent folder like C:\Hjt\hjt.exe or something like that and make a desktop shortcut to it. Then run it again.

-=jonnyrotten=- <_<
  • 0

#19
Yarnouth
Posted 10 October 2004 - 03:34 PM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Click on this link for hijack. Your firefox download manager will appear. Choose save it to disc. Follow the same instructions from before when you have opened it <_<
  • 0

#20
Deb227
Posted 10 October 2004 - 03:46 PM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Try downloading it again from the link in my signature and when then move the HJT.exe file to a permanent folder like C:\Hjt\hjt.exe or something like that and make a desktop shortcut to it.  Then run it again.

-=jonnyrotten=- <_<

View Post


I tried and the same thing came up on the bottom waiting for www.merign.org... then it said done and nothing happened? Remember when telling me to do someting I need it spelled out clearly because I'm not the best computer person. Thanks alot!!!!!!
  • 0

#21
Yarnouth
Posted 10 October 2004 - 03:51 PM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
ok now locate your download folder. If your using firefox you can click on the tab at the top thats called 'tools' and then 'downloads' You will see hijack this and from there you can open it. Once hijack this is open you will see the'scan button' click on that once. When finished the same button becomes 'save log' click on this once also. The text you will now see before you is what you need to paste in here for us to read.
  • 0

#22
Deb227
Posted 10 October 2004 - 03:55 PM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

ok now locate your download folder. If your using firefox you can click on the tab at the top thats called 'tools' and then 'downloads' You will see hijack this and from there you can open it.  Once hijack this is open you will see the'scan button' click on that once. When finished the same button becomes 'save log' click on this once also. The text you will now see before you is what you need to paste in here for us to read.

View Post


OK did this and it tells me that this hijack folder does not exist. what now?
  • 0

#23
Yarnouth
Posted 10 October 2004 - 04:00 PM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
ok, something we missed maybe. In your firefox browser. Go to 'tools' >>>'options' >>> 'downloads' >>> and tell me the location of your downloads please.
  • 0

#24
Deb227
Posted 10 October 2004 - 09:12 PM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

ok, something we missed maybe. In your firefox browser. Go to 'tools' >>>'options' >>> 'downloads' >>> and tell me the location of your downloads please.

View Post


Hey, where the hijackthis is located is in my documents. It went into a notepad. Should I delete it?
  • 0

#25
Deb227
Posted 11 October 2004 - 09:55 AM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

ok, something we missed maybe. In your firefox browser. Go to 'tools' >>>'options' >>> 'downloads' >>> and tell me the location of your downloads please.

View Post


Hey, where the hijackthis is located is in my documents. It went into a notepad. Should I delete it?

View Post


Here is the hijackthis log. Let me know if something can be done. thanks!!!

Logfile of HijackThis v1.98.2
Scan saved at 10:51:31 AM, on 10/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CCPDPSRV.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\csuptfn.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\AppPatch\wmsodbc.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhawk.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BlackHawk Internet
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_5_5_0.dll
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: CATLEvents Object - {FD8609EC-7D7C-4778-AB8F-0053245550EF} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\cbdosmw.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CCPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CCPDPSRV.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hugidyxkv] C:\WINDOWS\System32\csuptfn.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\RunOnce: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe rerun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\srvfax.exe ren
O4 - Global Startup: CPQ1400P.lnk = C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {2754F965-C95A-47BB-B9FE-BEF46A515C3D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B49FDE2A-2F29-460A-870A-B6A021D64A6E}: NameServer = 12.148.201.34 12.148.201.35
  • 0

Advertisements

#26
Yarnouth
Posted 11 October 2004 - 01:48 PM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Please put Hijack This in the following folder:
C:\DOCUME~1\HERNAN~1\\HijackThis.exe

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: CATLEvents Object - {FD8609EC-7D7C-4778-AB8F-0053245550EF} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\cbdosmw.dat
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hugidyxkv] C:\WINDOWS\System32\csuptfn.exe
O4 - HKLM\..\Run: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe
O4 - HKLM\..\RunOnce: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe rerun
O9 - Extra button: Support - {2754F965-C95A-47BB-B9FE-BEF46A515C3D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409

The following ip is BlackHawk Internet. You tell me you know little about computers, so i doubt you'll know this. If you have no connection with this have hijack fix these too:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhawk.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BlackHawk Internet
O17 - HKLM\System\CCS\Services\Tcpip\..\{B49FDE2A-2F29-460A-870A-B6A021D64A6E}: NameServer = 12.148.201.34 12.148.201.35

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\csuptfn.exe
C:\WINDOWS\AppPatch\wmsodbc.exe
Reboot your PC.

Download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file

  • Automatically quarantine objects prior to removal

  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives

  • Scan Active Processes

  • Scan Registry

  • Deep Scan Registry

  • Scan my IE favorites for banned URL’s

  • Scan my Hosts file

  • Under Click here to select drives + folders, choose:

  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information

  • Include additional file information

  • Include environment information

  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.
If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<
  • 0

#27
Deb227
Posted 12 October 2004 - 04:46 PM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Please put Hijack This in the following folder:
C:\DOCUME~1\HERNAN~1\\HijackThis.exe

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: CATLEvents Object - {FD8609EC-7D7C-4778-AB8F-0053245550EF} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\cbdosmw.dat
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hugidyxkv] C:\WINDOWS\System32\csuptfn.exe
O4 - HKLM\..\Run: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe
O4 - HKLM\..\RunOnce: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe rerun
O9 - Extra button: Support - {2754F965-C95A-47BB-B9FE-BEF46A515C3D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409

The following ip is BlackHawk Internet. You tell me you know little about computers, so i doubt you'll know this. If you have no connection with this have hijack fix these too:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhawk.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BlackHawk Internet
O17 - HKLM\System\CCS\Services\Tcpip\..\{B49FDE2A-2F29-460A-870A-B6A021D64A6E}: NameServer = 12.148.201.34 12.148.201.35

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\csuptfn.exe
C:\WINDOWS\AppPatch\wmsodbc.exe
Reboot your PC.

Download Ad-aware from:  http://www.lavasoft.de/res/aaw6.exe

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

  1. In the General window make sure the following are selected:

  • Automatically save log-file


  • Automatically quarantine objects prior to removal


  • Safe Mode (always request confirmation)
  2. Click on the Scanning button on the left and select :
  • Scan Within Archives


  • Scan Active Processes


  • Scan Registry


  • Deep Scan Registry


  • Scan my IE favorites for banned URL’s


  • Scan my Hosts file


  • Under Click here to select drives + folders, choose:


  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information


  • Include additional file information


  • Include environment information


  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.
If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<

View Post



Before I get started, two things. The items within the section that says www.bhawk.net, this is my connection (dial up) to the internet. The company is Blackhawk Internet Communications, Inc. What should I do with those? And I already have Adware on my computer. Shouldn't I have the updated versions already on my computer? Thanks for your help. Let me know before I do this. I'm very nervous but it guess I can't make my computer any worse than it already is> LOL
  • 0

#28
Yarnouth
Posted 12 October 2004 - 05:15 PM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts

Before I get started, two things...
Blackhawk Internet Communications, Inc.  What should I do with those?

Nothing. It's yours so it's ok.

Shouldn't I have the updated versions already on my computer?

I f you've got it, great! Always check for updates before running.
Ok. Follow these new instructions:
Please put Hijack This in the following folder:
C:\DOCUME~1\HijackThis.exe

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: CATLEvents Object - {FD8609EC-7D7C-4778-AB8F-0053245550EF} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\cbdosmw.dat
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hugidyxkv] C:\WINDOWS\System32\csuptfn.exe
O4 - HKLM\..\Run: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe
O4 - HKLM\..\RunOnce: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe rerun
O9 - Extra button: Support - {2754F965-C95A-47BB-B9FE-BEF46A515C3D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409



Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\csuptfn.exe
C:\WINDOWS\AppPatch\wmsodbc.exe
Reboot your PC.

Ad-aware launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file


  • Automatically quarantine objects prior to removal


  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives


  • Scan Active Processes


  • Scan Registry


  • Deep Scan Registry


  • Scan my IE favorites for banned URL’s


  • Scan my Hosts file


  • Under Click here to select drives + folders, choose:


  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information


  • Include additional file information


  • Include environment information


  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.
If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<

View Post


  • 0

#29
Deb227
Posted 14 October 2004 - 06:22 PM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Before I get started, two things...
Blackhawk Internet Communications, Inc.  What should I do with those?

Nothing. It's yours so it's ok.

Shouldn't I have the updated versions already on my computer?

I f you've got it, great! Always check for updates before running.
Ok. Follow these new instructions:
Please put Hijack This in the following folder:
C:\DOCUME~1\HijackThis.exe

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\gepjlmx.dat
O2 - BHO: CATLEvents Object - {FD8609EC-7D7C-4778-AB8F-0053245550EF} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\cbdosmw.dat
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hugidyxkv] C:\WINDOWS\System32\csuptfn.exe
O4 - HKLM\..\Run: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe
O4 - HKLM\..\RunOnce: [*wmsodbc] C:\WINDOWS\AppPatch\wmsodbc.exe rerun
O9 - Extra button: Support - {2754F965-C95A-47BB-B9FE-BEF46A515C3D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409



Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\csuptfn.exe
C:\WINDOWS\AppPatch\wmsodbc.exe
Reboot your PC.

Ad-aware launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file



  • Automatically quarantine objects prior to removal



  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives



  • Scan Active Processes



  • Scan Registry



  • Deep Scan Registry



  • Scan my IE favorites for banned URL’s



  • Scan my Hosts file



  • Under Click here to select drives + folders, choose:



  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information



  • Include additional file information



  • Include environment information



  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.
If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :D

View Post

View Post



Hi, I did everything and it was easy because you gave me step by step. Thanks, Here is my new hijack log. Let me know if you see any thing else that could be a problem. Thanks again. : <_<

Logfile of HijackThis v1.98.2
Scan saved at 7:15:55 PM, on 10/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CCPDPSRV.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\fontsvc.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhawk.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BlackHawk Internet
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_5_5_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\cvstnof.dat
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CCPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CCPDPSRV.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [*fontsvc] C:\WINDOWS\fontsvc.exe
O4 - HKLM\..\RunOnce: [*fontsvc] C:\WINDOWS\fontsvc.exe rerun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: CPQ1400P.lnk = C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#30
Yarnouth
Posted 15 October 2004 - 06:57 PM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
I need to check an entry further and may want you to submit this following file:
C:\WINDOWS\fontsvc.exe

Please await further instructions.
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP