1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Got aminute to check Hijack This log?

Discussion in 'Virus & Other Malware Removal' started by gutie, Sep 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. gutie

    gutie Thread Starter

    Joined:
    Aug 21, 2003
    Messages:
    25
    Can you please help me out by looking over my hijack this log and let me know what needs to be removed from it? I am getting a lot of pop ups, search pages and tool bars. Thanks!!

    Logfile of HijackThis v1.96.1
    Scan saved at 12:53:34 PM, on 9/11/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\HPMMKBD.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\PROGRAM FILES\GATEWAY.NET INSTANT MESSENGER\AIM.EXE
    C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azcentral.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {445B5BEA-3311-4C34-98E6-4B8BB9CCC878} - (no file)
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
    O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O19 - User stylesheet: c:\windows\java\my.css
     
  2. Fredledingue

    Fredledingue

    Joined:
    Aug 22, 2003
    Messages:
    378
    I can't say what exactely. You can remove all items related to softwares you don't use.

    Check in "Start" "program" ..."System Information" clic "Tools" "configuration utility" "start up" tab and uncheck everything suspect.

    You can also download code stuff starter and do what you want with running/strat up apps...

    http://codestuff.mirrorz.com/

    very good freeware!
     
  3. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Hi gutie ,

    Open the Task Manager (Ctrl+Alt+Delete) select processes , click P2P NETWORKING.EXE , click end process. Close Task Manager.

    Close all browser windows , Scan Hijack This , put a check in the following entries and hit fix ,

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php

    R3 - Default URLSearchHook is missing

    O3 - Toolbar: (no name) - {445B5BEA-3311-4C34-98E6-4B8BB9CCC878} - (no file)

    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

    O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe

    O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE

    O19 - User stylesheet: c:\windows\java\my.css


    Shutdown & Reboot your computer in Safe Mode ( Tap the F8 key on Reboot , select Safe Mode )

    Delete the following

    C:\WINDOWS\iedll.exe > File
    C:\WINDOWS\LOADER.EXE > File
    C:\windows\java\my.css > File
    C:\WINDOWS\SYSTEM\P2P NETWORKING > Folder

    Shutdown & Normal Reboot

    To prevent the installation and running of Spyware active X controls download and install SpywareBlaster www.wilderssecurity.net/index.html Open SpywareBlaster , Click select all , Click Protect Against Checked Items! , Click settings , put a check in only show New/Unprotected items on the protection list after an update , Click save settings , Click check for updates , download all available updated definitions , Click select all , Click protect against checked items.

    Good luck
     
  4. jbredmound

    jbredmound

    Joined:
    Jul 26, 2003
    Messages:
    243
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE 9here's the popups)
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: (no name) - {445B5BEA-3311-4C34-98E6-4B8BB9CCC878} - (no file)
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...5/Installer.exe


    Are you using Kazaa? If you are, you really need to take some time to find a replacement (including Kazaa Lite). The minute you open Kazaa again, you will have all this junk right back on your machine. Kazaa is only for people who don't care what happens to their computer (it's that bad).

    Open Hijack This, select all of the above entries. Make sure all browser windows are closed. Tell HJT to fix these entries. Reboot.

    At the security forum, first page, there is a post "Security Pronlems?"... by Chatton. If you are new to Spyware programs, I still recommend Adaware 6.0 (free). Follow his instructions to set it up. Run an update/scan/remove
    not less than once weekly.

    There is another post, "Security Tolls", 1 or 2 posts under Chatton's; spend some time looking at this, as many of us do not know what is available to help us protect ourselves, and so much of it is free.

    I don't think that you will need to post another HJT log after all of this is done, but if you would feel better, feel free.

    By the way, you might want to run a search in the Security Forum for Kazaa; there have been several discussions there, and safe alternatives have been recommended.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164051

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice