Dismiss Notice
Attention AVForums app / Tapatalk users
Sadly GDPR means that, from 25th, we can no longer offer access to AVForums via the branded app or Tapatalk.
Click here for more information.

Hijack This help needed (Thickbloke - can you help?)

Discussion in 'Desktop & Laptop Computers Forum' started by chris_h, May 1, 2005.

  1. chris_h

    chris_h
    Standard Member

    Joined:
    Apr 24, 2005
    Messages:
    77
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    6
    Ratings:
    +0
    I have just built new PC and already virus probs.

    installed f-secure anti-v 2005 before even went online. then got a couple of weird pop-ups saying "critical errors" and the like and to go to some dodgy site and pay money to have it fixed!

    so came on here and read up on stuff and did the following:

    1) downloaded microsoft beta program

    2) downloaded spybot and scanned and restarted PC

    3) downloaded adaware and scanned.

    and i am still getting probs. pop-ups every 10 mins. and when i am playing brothers in arms it causes whole game to minimise so i can click okay and then when i go back into game the visual settings have all changed and it is really dark so i have to go into options and reset. very annoying !!

    Can anyone help??????

    i have just downloaded hijack this and run and got the following reading?

    Logfile of HijackThis v1.99.1
    Scan saved at 22:58:34, on 01/05/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
    C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
    C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
    C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\ctfmon.exe

    does this help anyone diagnose or do i have to give you more/different info??
     
  2. drummerjohn

    drummerjohn
    Active Member

    Joined:
    Sep 2, 2001
    Messages:
    2,489
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    66
    Location:
    South Derbyshire
    Ratings:
    +198
    I cant see anything wrong in the log but I need to see the full log - Im only seeing the running processes not the IE Plugins.

    Are you using a firewall because it sounds like you aren't?

    I would also strongly suggest installing MS SP2 for XP as this had a pop-up blocker.
     
  3. chris_h

    chris_h
    Standard Member

    Joined:
    Apr 24, 2005
    Messages:
    77
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    6
    Ratings:
    +0
    i thought i had a firewall with the f-secure software as when i tried to download a firewall it told me that i could not have both it and f-secure installed?? is there a firewall you could recommend that would work alongside f-secure??

    should i copy and paste all the individual items from the Hijack This scan? (the ones with check boxes beside them)

    just tried to update from SP1 to SP2 on MS website but said i "didnt have copy of windows it expected"?? is there a special version for SP1 to SP2 rather than v0 to SP2??

    not having much luck !!!
     
  4. Kamakazie

    Kamakazie
    Active Member

    Joined:
    Sep 20, 2004
    Messages:
    559
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Ratings:
    +22
    right i believe this will solve it:

    Right click "My Computer"
    Go to "Manage"
    Expand "Services and Applications"
    Click "Services"
    Find "Messenger"
    Double Click "Messenger"
    Then click the dropdown box for "Startup type" and select "Disabled"
    Click "Apply" and then click "OK"

    problem should be sorted. Service pack 2 sets messenger to disabled automatically but since you cant update for some reason this fix will serve the same purpose.
     
  5. Kamakazie

    Kamakazie
    Active Member

    Joined:
    Sep 20, 2004
    Messages:
    559
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Ratings:
    +22
    oh and if i was you i would cleanup your startup programs, you've gpot a fair few unneeded ones in there like realsched.exe, usbdragdiag.exe and soundman.exe.

    Infact the only thing you really want to startup are the antivirus, firewall and any essential programs. If you are uncomfortable with doing it then dont bother but it will increase the computers startup speed somewhat.
     
  6. drummerjohn

    drummerjohn
    Active Member

    Joined:
    Sep 2, 2001
    Messages:
    2,489
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    66
    Location:
    South Derbyshire
    Ratings:
    +198
    ChrisH - give us the full Hijack this log on here.
     
  7. chris_h

    chris_h
    Standard Member

    Joined:
    Apr 24, 2005
    Messages:
    77
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    6
    Ratings:
    +0
    Thanks guys!!

    Is this better below??

    would be great if someone could tell me what to remove through Hijack This and also what i can safely delete from my start folder.


    Logfile of HijackThis v1.99.1
    Scan saved at 10:01:04, on 02/05/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
    C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
    C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
    C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29d0cc6e63afc64f7023/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1114117719703
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBAD3DF-A2C3-49C5-88DE-748FC232EFB5}: NameServer = 195.92.195.95 195.92.195.94
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
     
  8. chris_h

    chris_h
    Standard Member

    Joined:
    Apr 24, 2005
    Messages:
    77
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    6
    Ratings:
    +0
    FYI - I disabled the messenger facility and the warning pop ups are still happening !!
     
  9. Rambles

    Rambles
    Well-known Member

    Joined:
    Jul 14, 2004
    Messages:
    8,318
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    UK
    Ratings:
    +1,288
    I am not familiar with hijack this but would advise the following course of action;

    Install SP2 and get all windows updates
    Make sure your anti-virus software is good and up to date
    Do a full system scan for anti-virus
    Do a full system scan with Microsoft Anti-Spyware
    Delete any rogue files that are found,
    If still having problems let us know
     
    Last edited: May 29, 2017
  10. chris_h

    chris_h
    Standard Member

    Joined:
    Apr 24, 2005
    Messages:
    77
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    6
    Ratings:
    +0
    Install SP2 and get all windows updates - It wouldnt let me. i tried and it said it "didnt find the version of windows it was expecting??"

    Make sure your anti-virus software is good and up to date - i bought f-secure 2005 anti-v which has one various awards so should be fine??

    Do a full system scan for anti-virus - i have just run a full scan using f-secure and ......

    Do a full system scan with Microsoft Anti-Spyware - i have done this

    Delete any rogue files that are found
    If still having problems let us know


    FYI - there were 2 files that could not be removed by spybot but it did not give me details of what they were??

    Can anyone put their finger on this? let me knnow if you need any more info?
     
  11. chris_h

    chris_h
    Standard Member

    Joined:
    Apr 24, 2005
    Messages:
    77
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    6
    Ratings:
    +0
    meant to say "ran scan for viruses and nothing found ! (it hadnt finished when i was typing the email !!)
     
  12. Kamakazie

    Kamakazie
    Active Member

    Joined:
    Sep 20, 2004
    Messages:
    559
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Ratings:
    +22
    hmmm well it must be spyware or adware of some sort causing the problem then.


    Download Ad-Aware and Spobot Search & Destroy.
    Use both of them one after the other, deleted anything they find.

    These 2 in combination are probably the most effective tools for removing spyware and adware.
    As lisag said, scan with your antivirus software and get SP2 instsalled.

    A good free firewall is Zone Alarm. A good free anti-virus is AVG Anti-Virus.
    If your willing to purchase i've always found PC-Cillin to be fast and effective and just a pretty good all rounder.
     
  13. Kamakazie

    Kamakazie
    Active Member

    Joined:
    Sep 20, 2004
    Messages:
    559
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Ratings:
    +22
    hmmmmmmm

    perhaps try clearing your System Restore folder then restarting??
    (To do this right click my computer, properties, system resotre, turn off system restore.) You can turn it back on after the restart if you like, i personally never use it so leave it off.
    Not sure if it will help to be honest, some viruses save themselves there so even after deletion when u restart they are restored... but this isn't a virus so its probably not much use :¬/

    computers can be a right pain in the arse can't they.
     
  14. Kamakazie

    Kamakazie
    Active Member

    Joined:
    Sep 20, 2004
    Messages:
    559
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Ratings:
    +22
    also, what are the google and wannadoo toolbars all about? if you dont use them, get rid of them.

    Its not the startup folder that id remove stuff from, its the startup configuration in msconfig.
    All i have on startup is sisUSBrg and 3 prgrams used by my antivirus. All others like the atiptaxx, dragdiag, soundman and realsched are all off. It depends what you use basically. if you have not problems with the speed of your startup then leave them, dont fiddle if your unsure of what you want to do.

    Search for XP tweaks on google for step by step guides to speeding up your computer etc. etc. Its all been covered by people much more qualified than me :p
     
  15. Steve.J.Davies

    Steve.J.Davies
    Well-known Member

    Joined:
    Nov 14, 2004
    Messages:
    2,995
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    83
    Ratings:
    +199
    Blackviper site has lots of good info.

    Don't use microsoft browser and email clients.
    Disable Java in your chosen browser.
    Disable unrequested pop-ups in your chosen browser.
    Set up a good Hosts file.
    Consider using a Proxy.
    Besides stopping connections and cookies etc use the proxy to filter/change javascript 'naughties' - assuming you have javascript enabled.

    Setting up and maintaining a Windows system is a non-trivial exercise.
    You can make WIN XP with no service packs secure.

    Beware of the continued unfiltered application of fixes - the state of windows is such that fixes have unknown consequences (software engineers aplenty have written about this). Once you are stable don't do anything you can't back out.
     
  16. Rambles

    Rambles
    Well-known Member

    Joined:
    Jul 14, 2004
    Messages:
    8,318
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    UK
    Ratings:
    +1,288
    This is odd, and may be the source of your problems,
    Either, dare I say, Microsoft does not like your version of XP.. is it kosher?, or a nasty virus has eaten away some important parts of the OS. With all the messing about you are doing may be as well to bite the bullet and do a clean install.
     
    Last edited: May 29, 2017

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice