Help with Hijackthis log, please

  furrina 10:11 06 Mar 2004

I've run Hijack this from the latest cover disk but I have no idea what most of it means so I am following the advice in the magazine and posting here
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

  temp003 10:18 06 Mar 2004

Are you having any specific problems?

What about the rest of the log which has startup items and internet settings?

  furrina 10:19 06 Mar 2004

O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\Alset\HelpExpress\Unknown\HXDL.EXE -from="MANIFEST.DAT" -to="MANIFEST.DAT"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Unknown\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Unknown\Client\HelpExp.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Quick StartUp.lnk = C:\PSURFER\fquick32.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .taf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - click here
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - click here
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - click here
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - click here
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - click here

  furrina 10:24 06 Mar 2004

O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - click here
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - click here
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - click here

Sorry - it wouldn't let me put it all in at once.

problems... explorer keeps changing icon size when I scroll (not all the time)
Also it moves into strange non-English fonts and refuses to accept more than one or two characters at a time. And it freezes and a ctrl/alt/delete shows a program called "Quick" running then - ending it unfreezes explorer.

So far I have - run scandisk and it has fixed errors. Deleted things I don't use. defragged. Updated Explorer to the latest version. All to little effect

  Big Elf 10:32 06 Mar 2004

Download, update and run the following

Spybot click here

AdAware click here

  furrina 10:36 06 Mar 2004

forgot to list them in my actions so far.

  Big Elf 11:00 06 Mar 2004

I haven’t tried these myself but they have been recommended by others on the forum:

Trojan Remover click here and

The Cleaner click here

Also SpywareBlaster click here

  temp003 11:06 06 Mar 2004

Searches reveal the following.

GBPOLL.exe is a Trojan.

Processes to do with IP Insight are not exactly spyware. They are probably installed with your ISP software, although they don't really don't do much for you.

Alset related files are adware, tells you when and where to buy print cartridges.

The coupons stuff - are they related to ebay?

Can't find much information about fquick32.exe, but that may be the thing causing you the problem.

  Big Elf 11:07 06 Mar 2004

This might help click here

  temp003 11:29 06 Mar 2004

Sorry, gbpoll.exe may be OK, but it's in the program files folder Wild Life. Thought GoBack should be Roxio or at least Adaptec. Leave it alone first. If you know that this is a program you use, then it's OK.

Close all open applications. Then I would tick the boxes related to Alset, fquick32.exe and the Coupons, in Hijack This, and let it fix. Restart.

Do you use stumbleupon? If so, leave it. If not, tick it and fix as well.

  temp003 11:30 06 Mar 2004

Sorry, has to go. Hope Big Elf and others can help you on. Will check again tomorrow.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

Converse's new logo: the trainer brand looks to its heritage for a fresh identity

Mac power user tips and hidden tricks

Comment lancer Windows 10 en mode sans échec ?