Results 1 to 8 of 8
  1. #1
    Member jaorrock's Avatar
    Join Date
    Dec 2003
    Posts
    28
    Points
    0

    Default HIJACK LOG (HELP!)

    Here is the hijack log:

    Logfile of HijackThis v1.97.7
    Scan saved at 2:42:12 PM, on 6/18/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\HP CD-WRITER\VERITAS STORAGEGUARD\SGTRAY.EXE
    C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clickondetroit.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:\WINDOWS\SYSTEM\IEENHANCER.DLL
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [StorageGuard] C:\Program Files\HP CD-Writer\VERITAS StorageGuard\SGTRAY.EXE
    O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\Adstartup.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: ComcastHSI (HKLM)
    O9 - Extra button: Support (HKLM)
    O9 - Extra button: Help (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...114.6398726852
    O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - https://www.shop.intuit.com/commerce...les/ie/IDA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:\WINDOWS\SYSTEM\IEENHANCER.DLL
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\Adstartup.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun


    In case the files are hidden --- Click here >>> How to Show Hidden/System Files <<<

    Then reboot into >>>safe mode<<< Click Here for instructions find and delete :-

    Any of these files found
    C:\WINDOWS\SYSTEM\Adstartup.exe
    C:\WINDOWS\System\AdUpdater.exe
    C:\WINDOWS\System\adupdmanager.xml
    C:\WINDOWS\System\data.xml
    C:\WINDOWS\System\IEEnhancer.dll

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member jaorrock's Avatar
    Join Date
    Dec 2003
    Posts
    28
    Points
    0

    Default

    Thank you.
    I foundall files listed except the IEEnhancer.dll and delted them. Here's the new log:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:34:50 AM, on 6/20/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\HP CD-WRITER\VERITAS STORAGEGUARD\SGTRAY.EXE
    C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clickondetroit.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [StorageGuard] C:\Program Files\HP CD-Writer\VERITAS StorageGuard\SGTRAY.EXE
    O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: ComcastHSI (HKLM)
    O9 - Extra button: Support (HKLM)
    O9 - Extra button: Help (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...114.6398726852
    O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - https://www.shop.intuit.com/commerce...les/ie/IDA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI jaorrock

    Your log's clean now.

    how's the computer running ?

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Guest

    Default

    Hello,

    It's running great now Thank you!. One thing I noticed when I visit some websites is just the word [add] where there usually is a picture of something but the picture it doesn't come thru? Any idea on what may be doing this?

    JimD

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Now that's the million dollar question .... there are so many possibilities for this...these are just a few...

    My first thought is that you have an ad blocker in place, but one doesn't show in your log (unless you start it manualy)

    Here's everything I have on the dredded Red X

    1. Go to - View - encoding - select "western european (windows)" repair ie if not sticking

    2. Check that Show Pictures has not been disabled:

    On the Tools menu, click Internet Options\Advanced - scroll down to Multimedia and
    tick " Show Pictures"
    untick "show image placeholders"
    Click OK .

    3. Restore Default Associations for Graphics File Types :

    Go to Folder Options/File Types, and make sure that the following file types are associated by default with Microsoft Internet Explorer (Iexplore.exe):
    ART image (.art)
    GIF image (.gfa, .gif)
    JPEG image (.jfif, .jpe, .jpeg, .jpg)

    4. Install the latest version of "Microsoft Virtual Machine"
    http://java-virtual-machine.net/download.html

    5. It could be caused by your firewall

    6. If some of the images are on adverts and you have "spyblocker" installed - this will not only block some ad's but also show a red X instead of a picture

    7. Of course it could be that the pictures are no longer on the website - could you give an example of website and picture which is not working for you ?

    8." cleaning " your computer may also clear this problem so....
    delete your temporary files.....your temporary internet files.....and clear your ie history

    9. Check out this Microsoft link :-

    Web Page Displays an Image As a Red X or Not at All (Q283807) :-
    http://support.microsoft.com/?kbid=283807

    10. (Thanks to Rollin' Rog) See this Norton link regarding NIS
    http://service1.symantec.com/SUPPORT...3?OpenDocument

    Also try disabling the "privacy" feature, we've seen that cause problems as well...
    http://service1.symantec.com/SUPPORT...e?OpenDocument

    ...I have also heard of many other rare and obscure reasons, which i unfortunately never made a note of.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Guest

    Default

    Hello,

    It was due to the firewall. I had to disable a couple of ad things and now the graphics are all showing up.

    Thanks for everything!

    JimD

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    That's great

    You're very welcome

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -