Got aminute to check Hijack This log?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

gutie

Thread Starter
Joined
Aug 21, 2003
Messages
25
Can you please help me out by looking over my hijack this log and let me know what needs to be removed from it? I am getting a lot of pop ups, search pages and tool bars. Thanks!!

Logfile of HijackThis v1.96.1
Scan saved at 12:53:34 PM, on 9/11/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HPMMKBD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\GATEWAY.NET INSTANT MESSENGER\AIM.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azcentral.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {445B5BEA-3311-4C34-98E6-4B8BB9CCC878} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O19 - User stylesheet: c:\windows\java\my.css
 
Joined
Aug 22, 2003
Messages
378
I can't say what exactely. You can remove all items related to softwares you don't use.

Check in "Start" "program" ..."System Information" clic "Tools" "configuration utility" "start up" tab and uncheck everything suspect.

You can also download code stuff starter and do what you want with running/strat up apps...

http://codestuff.mirrorz.com/

very good freeware!
 
Joined
Jul 24, 2003
Messages
420
Hi gutie ,

Open the Task Manager (Ctrl+Alt+Delete) select processes , click P2P NETWORKING.EXE , click end process. Close Task Manager.

Close all browser windows , Scan Hijack This , put a check in the following entries and hit fix ,

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - {445B5BEA-3311-4C34-98E6-4B8BB9CCC878} - (no file)

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe

O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE

O19 - User stylesheet: c:\windows\java\my.css


Shutdown & Reboot your computer in Safe Mode ( Tap the F8 key on Reboot , select Safe Mode )

Delete the following

C:\WINDOWS\iedll.exe > File
C:\WINDOWS\LOADER.EXE > File
C:\windows\java\my.css > File
C:\WINDOWS\SYSTEM\P2P NETWORKING > Folder

Shutdown & Normal Reboot

To prevent the installation and running of Spyware active X controls download and install SpywareBlaster www.wilderssecurity.net/index.html Open SpywareBlaster , Click select all , Click Protect Against Checked Items! , Click settings , put a check in only show New/Unprotected items on the protection list after an update , Click save settings , Click check for updates , download all available updated definitions , Click select all , Click protect against checked items.

Good luck
 
Joined
Jul 26, 2003
Messages
243
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE 9here's the popups)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: (no name) - {445B5BEA-3311-4C34-98E6-4B8BB9CCC878} - (no file)
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...5/Installer.exe


Are you using Kazaa? If you are, you really need to take some time to find a replacement (including Kazaa Lite). The minute you open Kazaa again, you will have all this junk right back on your machine. Kazaa is only for people who don't care what happens to their computer (it's that bad).

Open Hijack This, select all of the above entries. Make sure all browser windows are closed. Tell HJT to fix these entries. Reboot.

At the security forum, first page, there is a post "Security Pronlems?"... by Chatton. If you are new to Spyware programs, I still recommend Adaware 6.0 (free). Follow his instructions to set it up. Run an update/scan/remove
not less than once weekly.

There is another post, "Security Tolls", 1 or 2 posts under Chatton's; spend some time looking at this, as many of us do not know what is available to help us protect ourselves, and so much of it is free.

I don't think that you will need to post another HJT log after all of this is done, but if you would feel better, feel free.

By the way, you might want to run a search in the Security Forum for Kazaa; there have been several discussions there, and safe alternatives have been recommended.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top