MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: HJackThis log ,so tired, help DESESPERATELY needed
November 12, 2019, 06:45:49 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 12, 2019, 06:45:49 AM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: HJackThis log ,so tired, help DESESPERATELY needed  (Read 1134 times)
RastaCook
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« on: July 30, 2004, 03:44:02 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: WIN XP PRO SP1
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



IM SICK OF THIS IE PIECE OF ****. I BEG HELP FROM ANYONE
Im using Mozilla now because IE is getting on my nerves.
Is there a way to completely erase IE and re-install it without all the virus/adware/popups/searchpagehack/about:blank/and all the other many annoying stuff.
Who makes this things anyways, im sorry but someone needs to put a bullet in the head of ppl who do stuff like these, computers are already always crashing and wasting our time fixing them. anyways...

Even tho im using Mozilla, I still have that stupid s*xx icon that installs itself once in a while on my desktop, and once in a while ie pops up a window with dialer something saying that it failed or something p*rn site whatever.

I cant change the annoying default homepage search page that shoots popups in my face if i change it it instanly forgets what i put and give me that stupid search page with links to casino p*rn antivirus air travel and whatnot geez.

I tried latest adaware, cwsshreder , stinger, and tons of other free useless programs to get rid , i guess some of it went away but the most annoying stuff is still ... i desesperately need help.
Logfile of HijackThis v1.98.0
Scan saved at 11:22:22 PM, on 7/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ieckkpri.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: (no name) - {FD1FCE57-D6CE-4E17-981D-2F6927297B08} - C:\WINDOWS\System32\ddi.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -on
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MessengerPlus2] "d:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [zlcenglbcfo] C:\WINDOWS\System32\ieckkpri.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4780DF5-470B-491F-9B8C-6476709CB176}: NameServer = 206.47.244.79 206.47.244.51
O18 - Filter: text/html - {171A08E1-7E1D-400A-872B-FE934481FC82} - C:\WINDOWS\System32\ddi.dll
O18 - Filter: text/plain - {171A08E1-7E1D-400A-872B-FE934481FC82} - C:\WINDOWS\System32\ddi.dll

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 30, 2004, 05:25:05 AM »

I'll close your other topic, let's stick with this one

Let's try this Rasta,

Access your add/remove programs and remove Twain Tech if there

Set Windows to Show Hidden Files and Folders

Navigate to this file, I can find no info on it
C:\WINDOWS\System32\ieckkpri.exe <--this file

Right click on it----properties---version
Do you know what it is related too?
Could you submit it to Kapersky's for a free virus scan
http://www.kaspersky.com/scanforvirus
Simply use the Browse button to navigate to the file
Right click on it-----Select---Submit
I will assume it is bad for now!

Enter your task manager (Hold down CTRL+SHIFT and tap the ESC key)
End process on this if you can
ieckkpri.exe

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed
Fix the ones Only I ask you too fix, some may return, we'll deal with them later

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O4 - HKLM\..\Run: [zlcenglbcfo] C:\WINDOWS\System32\ieckkpri.exe

RESTART your Computer in SAFE MODE

find and delete this file
C:\WINDOWS\System32\ieckkpri.exe <--this file

RESTART back in Normal mode

Open up Notepad (START, run, enter NOTEPAD in the BOX and hit OK).
Copy the CONTENTS of the Quote box to notepad
Now in Notepad select file, save as and enter in the filename box "Appinit.bat" (Use the quotes too) and save it on the desktop.

quote:
Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
chkntfs c: > windows.txt
type windows1.hiv >> windows.txt


Double click on Appinit.bat
This will create a file on the desktop named windows.txt
Upload windows.txt in your next reply----Insert file attachmet

NEXT:
 Download FindnFix

Double click to run FindnFix----It will Install to it's own folder
Find the folder and double-click on !LOG!.bat. Give it time to run and produce a log---- When done post the contents of Log.txt in this thread.
Logged

 
RastaCook
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« Reply #2 on: July 30, 2004, 04:59:53 PM »

hi,
Thank you for thanking the time to help me out i really appreciate it and sorry for the double post ( I am desesperate ).

Im at work and i will do what you suggested when i get home.

However, i just want to add something about notepad... First i didnt understand why notepad wasnt working, then i noticed that everytime i tried to start notepad my computer was slow... and then i noticed that something called over.exe was in task manager and if i ended it my computer was back to normal. So now i use wordpad instead of notepad... i tried a few things that i read on the internet and i never succeeded in fixing notepad.


Also about  http://213.159.117.134/index.php , when i go in my hotmail account to check my mails , before the page finish to load im redirected there, so i have to quickly press stop before im redirected so i can check my mails... really annoying...

Anyways i hope everything will be fixed with your help.
thank you
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: July 31, 2004, 04:17:51 AM »

Set Windows to Show Hidden Files and Folders
Navigate to this folder
C:\WINDOWS\System32\dllcache
Look for Notepad.exe
right click on it and copy it
Navigate to this folder,
C:\WINDOWS\System32
Paste notepad and overwrite if prompted

Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 24, 2018, 06:28:36 PM