zzb

I rad HijackThis but how do you post the results?

 

Hi zzbvictim,

Welcome to Wilders!!!

Hijackthis icon & double click it.
The Hijackthis window will open, click the Scan button.
In a little while the scan button will change to Save Log and Fix Checked. DO NOT FIX ANYTHING YET. Click the Save Log button.
A Save Log window will open up, it is a good idea to save your log to the same folder as Hijackthis, so double click on your Hijackthis folder and then click Save.

HTH....

Regards,
Kent

 

thank you. here is my log. I would appreciate it if someone could tell me what to do.

Logfile of HijackThis v1.97.7
Scan saved at 1:46:45 PM, on 3/19/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {DEDE69C3-E0CE-FFB0-EB46-FCD3FCFB9EEC} - C:\windows\system\cwfgycuo.dll
O2 - BHO: (no name) - {3FB06D2B-CF22-49FD-F3E2-56861BFFB540} - C:\windows\system\wuuvpsmw.dll
O2 - BHO: (no name) - {73CAE36B-8395-F2BD-7023-F9F0EC967A02} - C:\windows\system\jfotgmkn.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [Norton Auto-Protect] "C:\PROGRA~1\NORTON~3\NORTON~2\NAVAPW32.EXE /LOADQUIET"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~3\NORTON~2\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [FreeRAM XP] "C:\PROGRAM FILES\FRAMXPPRO\FREERAM XP PRO 1.40.EXE" -win
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37862.3033333333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab

 

Hi zzbvictim,

Welcome to Wilders.

Before you start, please unzip or move HijackThis to a separate folder. The program will make backups in the folder it's in. These easily get lost in a temporary folder.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {DEDE69C3-E0CE-FFB0-EB46-FCD3FCFB9EEC} - C:\windows\system\cwfgycuo.dll
O2 - BHO: (no name) - {3FB06D2B-CF22-49FD-F3E2-56861BFFB540} - C:\windows\system\wuuvpsmw.dll
O2 - BHO: (no name) - {73CAE36B-8395-F2BD-7023-F9F0EC967A02} - C:\windows\system\jfotgmkn.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

Then reboot in Safe Mode and delete the following:

C:\windows\system\cwfgycuo.dll
C:\windows\system\wuuvpsmw.dll
C:\windows\system\jfotgmkn.dll

Reboot and then post a fresh HijackThis log.

Regards,
Kent

 

how do you reboot in safe mode?

 

zzbvictim,

To reboot into safe mode.

HTH....

Regards,
Kent

 

new log:

Logfile of HijackThis v1.97.7
Scan saved at 3:44:34 PM, on 3/19/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\FRAMXPPRO\FREERAM XP PRO 1.40.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\1ST FOLDER EZRA\DOWNLOADS\HIJACKTHIS1977\HIJACKTHIS.EXE

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [Norton Auto-Protect] "C:\PROGRA~1\NORTON~3\NORTON~2\NAVAPW32.EXE /LOADQUIET"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~3\NORTON~2\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [FreeRAM XP] "C:\PROGRAM FILES\FRAMXPPRO\FREERAM XP PRO 1.40.EXE" -win
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37862.3033333333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab

 

zzbvictim,

Your problems should be gone now and everything back to normal...

Regards,
Kent

 

Thanks a lot! You were patient and told me what to do quickly. I have been trying for 3 weeks to solve this problem, and you fixed it! I will recommend your site to anyone who i knows has a problem you might be able to solve. Thanks again; you saved me a few hundred bucks (or more) because my cdrom doesn't work and I cannot reinstall windows (i am working on a very old laptop and cannot get a replacement, lol).

 

Hi zzbvictim,

Thanks for the compliments!!

Wilders is a great site where all the members work together as a team.

I am just glad to have been able to help you.....

Regards,
Kent