Is this HJT Logfile clean ?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

JoeLo

Thread Starter
Joined
Jun 12, 2004
Messages
284
Hi Fella's, I'm a bit suspicious about the "My Web Search" entry here. I can't recall if it's affiliated with "Smiley Central" I wann'a keep the smileys and I don't have the toolbar that was offered. I hav'em hidden. Thanks. (y)
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,296
Where is the HijackThis log? Make sure to post the entire log.

----------------------------------------------------------------

After you download and install the 2 spyware detection-and-removal programs that MFDnSC linked you to, run their update function and get them up-to-date before you run a scan with them. Once they're up-to-date, run a full system scan with Ad-Aware, select and delete everything it finds, run a scan with Spybot, select and delete everything in red it finds, then reboot.

If you post a HijackThis log before you install and run them, you'll want to post another one after you run them.

----------------------------------------------------------------
 

JoeLo

Thread Starter
Joined
Jun 12, 2004
Messages
284
Oops, sorry, I've a habit of doing that......Logfile of HijackThis v1.99.1
Scan saved at 3:25:33 PM, on 7/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm801YYUS
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
 

JoeLo

Thread Starter
Joined
Jun 12, 2004
Messages
284
What's that ? Are you saying that my AVG7.0 isn't showing up ? well I've had it for over a month now. I also have : Spybot, Adaware, CWShredder, CCleaner, SpywareBlaster, HJT.
 
Joined
Sep 7, 2004
Messages
49,014
No AV showing - make sure you are positing the log in normal not safe mode

Fix this in HiJack

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxdm801YYUS

When you post the log

Open the log in notepad

EDIT - SELECT ALL
EDIT - COPY

Then come to this message, and in the quick reply box click in the white space and then EDIT - PASTE
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,296
JoeLo:

Click Start - Run, type in MSCONFIG, then click OK - Startup(tab).

If you have Grisoft AVG Antivirus installed, it will have some entries in the startup list. Make sure that they have a checkmark next to them. The entries will likely start with "avg".

While you're there, remove the checkmark from

loadpowerprofile (both entries)

taskmon.exe

They're not needed and don't need to run in the background.

Click Apply - OK, then reboot.

Run another scan with HijackThis, then post a new log here.

----------------------------------------------------------------
 

JoeLo

Thread Starter
Joined
Jun 12, 2004
Messages
284
I'm here fella's. Checked 3 entries of AVLogfile of HijackThis v1.99.1
Scan saved at 10:55:44 AM, on 7/9/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab

G in startup tab. My latest logfile.....
 
Joined
Sep 7, 2004
Messages
49,014
Clean - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,296
Good! You got Grisoft AVG enabled and running in the background.(y)

You didn't uncheck and disable taskmon.exe and loadpowerprofile(both entries) though.:( They don't need to run in the background.(n)
 

JoeLo

Thread Starter
Joined
Jun 12, 2004
Messages
284
Ok, done that. Thanks fellas. Enjoy the rest'o the weekend. (y) :)
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,296
The weekend has been good here. Hurricane Dennis gave us a wide berth, so all we got was plenty of rain and some wind gusts. :)

I do feel sorry for those folks along the north Gulf coast though. They're still recovering from Hurricane Ivan last year. :(
 

JoeLo

Thread Starter
Joined
Jun 12, 2004
Messages
284
Thanks Frank, know what'cha mean, my 2 young ones live in Orlando & although the worst that's happened was losing power for couple days I'm always on the edge 'o my seat up here in NY. I'm always sending them care pckgs. & stuff like lightsticks, batteries, etc.That's a real interesting & adventrous hobby you got there, myself,I can barely stay afloat, I'm like a rock. Just gimm'e an easel & oil paint & I'll produce some wonderful portraits. I have a ? about getting a picture or icon of some kind in my profile here, is that possible ? or do i have'ta be a "Distinguished Member" or something of the sort. :cool: (y)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top