Forum Home
Press F1
 
Thread ID: 76420 2007-01-31 22:29:00 HiJackThis Log Lurking (218) Press F1
Post ID Timestamp Content User
521254 2007-01-31 22:29:00 Speedy here is the log for wifey's pc:

Logfile of HijackThis v1.99.1
Scan saved at 11:02:03, on 1/02/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\RunDLL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [PersFw] "C:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - c.ancestry.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - security1.norton.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - security.symantec.com
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - 66.119.139.74
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - download.mcafee.com
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - download.mcafee.com
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - www.bitdefender.com
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - www.lizardtech.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - ak.imgfarm.com
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - download.zonelabs.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - www.pestscan.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - www.errorguard.com

There is a lot on there I don't know anything about.

Sending this from her computer and the only way of connecting is to Install Internet Explorer from windoz explorer.

Should make up a Bat file!.

Lurks. 		Lurking (218)
521255 2007-01-31 22:49:00 Double post. Stupid thing keeps duplicating my reply. Speedy Gonzales (78)
521256 2007-01-31 22:53:00 Run HJT again close browsers tick these entries and tick fix checked.

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - ak.imgfarm.com

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - www.errorguard.com

It looks like this update

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE can cause probs.

But by the looks of it this entry shouldn't be removed from startup.

But run msconfig and untick the above entry see if it makes any diff for now. 		Speedy Gonzales (78)
521257 2007-02-01 00:09:00 Thanks Speedy, that seems to log on better.

This problem can/can't be fixed and it pops up now and again:

IEXPLORE executed an invalid instruction in
module FLASH9B.OCX at 016f:300512e8.
Registers:
EAX=03835410 CS=016f EIP=300512e8 EFLGS=00010246
EBX=00000002 SS=0177 ESP=0064944c EBP=00649480
ECX=03836ec0 DS=0177 ESI=03836f60 FS=0e9f
EDX=00000000 ES=0177 EDI=00000005 GS=0000
Bytes at CS:EIP:
0f 77 8b 46 38 db 80 88 00 00 00 51 db 40 64 51
Stack dump:
006499c4 03836f60 03835950 00000000 41c3ed18 fffffd77 fffffbd7 00000001 00649550 30072e03 006499f8 03836ec8 00000004 00649550 300732f1 03836f60

Thanks again,

Lurks.

Ps. Have to go and visit a 95 year friend this affo.

lurks. 		Lurking (218)
521258 2007-02-01 00:15:00 Uninstall adobe flash and reinstall it.

Here (www.adobe.com) 		Speedy Gonzales (78)
521259 2007-02-04 22:24:00 Speedy, sorry to be so long in replying, but have uninstalled Adobe a few times and re-installed it and this screen pops up occassionaly:

IEXPLORE executed an invalid instruction in
module FLASH9B.OCX at 016f:300512e8.
Registers:
EAX=0392b6d0 CS=016f EIP=300512e8 EFLGS=00210246
EBX=00000002 SS=0177 ESP=0064a0c4 EBP=0064a0f8
ECX=0392da70 DS=0177 ESI=0392db10 FS=0f7f
EDX=302066ec ES=0177 EDI=00000006 GS=0000
Bytes at CS:EIP:
0f 77 8b 46 38 db 80 88 00 00 00 51 db 40 64 51
Stack dump:
03f66430 0392dac4 0392db10 00000000 41a00000 00000000 00000000 00000001 0064ac84 3006bb73 0064ae80 0064abec 00000004 0064ac84 3006bbed 0392b6d0

All googly gok to us.

Will try machine now to see if it will hold onto web sites for wifey, not that she goes into many, mainly card making sites.

Your assistance is much appreciated and you are always there when we nee you.

Lurks. 		Lurking (218)
521260 2007-02-04 22:51:00 Well flash is causing the prob just uninstall it, search for FLASH9B.OCX and delete it, then install it again. Or just dont install flash.

And delete shockwave flash object in C:\WINDOWS\Downloaded Program Files before u reinstall it if u want to use it. 		Speedy Gonzales (78)
521261 2007-02-06 18:48:00 Hi Speedy, must have spent too much time away from my answer, as I notice my last reply is not there.

Have uninstalled Adobe as wifey doesn't use internet much, one or two emails from craft sites to Hotmail.

Noticed JetCar flash software on her machine as well.

Regards,

Lurks. 		Lurking (218)
1