1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack Log, Please Check !

Discussion in 'Virus & Other Malware Removal' started by joe2cool, Mar 24, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. joe2cool

    joe2cool Thread Starter

    Joined:
    Feb 7, 2002
    Messages:
    5,994
    Hi would really appreciate it if someone could check if all looks clear ?

    Thx !


    Logfile of HijackThis v1.97.7
    Scan saved at 16:24:16, on 24/03/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\WASHER\WASHER.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\MAILWASHER PRO\MAILWASHER.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://bt/
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /1
    O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "default"
    O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "default"
    O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37998.2266550926
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,061
    First Name:
    Derek
    fix all the R1 entries

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://bt/
    O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com


    and then decide who you want as searcha nd start page,

    if you happen to be a strange person who likes supanet sponsored searches OK and the same with NThell as a start page
    other than that it all looks clear
     
  3. joe2cool

    joe2cool Thread Starter

    Joined:
    Feb 7, 2002
    Messages:
    5,994
    Hi & thx,

    Thought everything with supanet was off,

    So the'R's aren't important & safe to fix ?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/214335