TechSpot

hijack This Log File - Help Please

By SadEyes
May 24, 2005
Topic Status:
Not open for further replies.
  1. Attached is the file of my work Hijack this log,
    Can anyone tell me what I need to fix?
    Thanks
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Boot in Safe Mode.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    PSTORES.EXE

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
    O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = end
    Unless the IP-address are from your ISP, fix this second O17 line as well
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.69.188.186,207.171.20.2

    Now click on the Fix Checked button in HJT.
    When done, delete the highlighted bold file.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    OR WHEREVER 'TEMP' IS LOCATED IN W98.

    Boot normal.
  3. SadEyes

    SadEyes Newcomer, in training Topic Starter

    Hijack this log 2

    I did everything you suggested in the last reply, I did not see a "highlighted bold file." to delete though.
    Attached is my new HJT log, it is fresh from the restart of the computer after doing the fixes you suggested.
    Is there anything else I need to do?
    This computer keeps saying there isn't a connection to the internet everytime I try to delete a file in windows explorer, and tries to log on alot on it's own.
    Thanks in advance for the help.
    Sandi
    SadEyes
  4. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    C:\WINDOWS\SYSTEM\PSTORES.EXE

    Your new log is fine.
    You sure this is a WORK-computer?

    You appear to have a rogue dialler.
    Get the 30-day trialversion Trojan Horse remover from http://www.simplysup.com/tremover/
  5. SadEyes

    SadEyes Newcomer, in training Topic Starter

    Thanks for the help.
    It is the computer we have at the leather store that I take classes and help out at.
    The store computer, my home computer, a friends work and home computers, and another friends 2 home computers all have some crazy virus or adware stuff going on with them and I am trying to figure out what to do with it.

    As far as using trojan remover...the trial period on the work - store computer has expired. Is it a program we should purchase? Can the software be used on more than one computer?

    My home computer is doing that...trying to connect without my wanting it to.

    is there any other way of getting rid of a rouge virus?

    Thanks for all of your help
    Sandi
  6. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    On that WORK-PC I notice you run 2 AV programs, NAV and AVG.
    Get rid of that NAV-junk and stick with AVG.

    Between you and your friends, you must have passed around a CD or floppy with the same infection. Or you all went to the same LAN-party and picked it up there.
    Look at the different versions available for Trojan Remover. By all means buy it, it's one of the best!

    Read this about rogue diallers:
    http://www.wanadoo.co.uk/help/internetsecurity/roguedialler.htm
  7. SadEyes

    SadEyes Newcomer, in training Topic Starter

    hijack This Log File - Help Please - Thank you

    I think I have the work/store computer figured out...have to do some rouge dialler research and see what we can do to see if we have one and if so, what we can do with it. but overall it is running faster and acting better.

    Thank you for your help.
    I hope that you don't grow annoyed with my many current computers that are having problems.
    I appreciate your help
    Sandi
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.