Solved: hjt log guestions

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

barncat

Thread Starter
Joined
Jan 11, 2005
Messages
253
i have some questions about these entries in my hjt log. how do i find what these are are doing? can i "fix" these to see what happens? Any suspicious things in the log???/ THANKS ......

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O16 - DPF: {11111111-1111-1111-2222-111111111157} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

O9 - Extra button: ZDelete Auto-Cleaner (HKCU)




Logfile of HijackThis v1.97.3
Scan saved at 7:42:31 AM, on 1/23/05
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v4.70 SP1 (4.70.0000.1155)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = {BROWSER_HOMEPAGE}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [ZE5IECONFIG] regedit.exe /s "{INSTALL_DIR}\MSIE.REG"
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ZDelete Auto-Cleaner (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Macromedia Active Shockwave) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {11111111-1111-1111-2222-111111111157} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
 

barncat

Thread Starter
Joined
Jan 11, 2005
Messages
253
THANK YOU.....GOT THE new log.....:) oh, i found out what the zdelete thing is.....
still get these that i would like to find out how to find out what they are: thanks
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O16 - DPF: {11111111-1111-1111-2222-111111111157} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -


Logfile of HijackThis v1.99.0
Scan saved at 12:27:29 PM, on 1/23/05
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v4.70 SP1 (4.70.0000.1155)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = {BROWSER_HOMEPAGE}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [ZE5IECONFIG] regedit.exe /s "{INSTALL_DIR}\MSIE.REG"
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {11111111-1111-1111-2222-111111111157} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,578
You can check BHO's here:

http://computercops.biz/bhotb-all.html

The two you mentioned are legit but can be fixed because their files are missing.

The O16's you can check in SpywareBlaster by clicking on Internet Explorer, then right click in the area where the bad entries are shown and select find - then copy the number portion of the O16 entry in the dialog box that opens up then click OK. If it finds it there, then it's bad. There are some entries that bad that don't show there but it's a guideline. The rest you have to research.

You can get SpywareBlaster here (I'm not sure if 95 supports it though):

http://www.javacoolsoftware.com/spywareblaster.html

Rescan with Hijack This, close all browser windows except Hijack This, put a check mark beside these entries and click “fix checked”.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O13 - WWW. Prefix: http://

O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net

O16 - DPF: {11111111-1111-1111-2222-111111111157} -



Are you runnng this reg edit file knowingly and intentionally?
O4 - HKLM\..\Run: [ZE5IECONFIG] regedit.exe /s "{INSTALL_DIR}\MSIE.REG"
 

barncat

Thread Starter
Joined
Jan 11, 2005
Messages
253
thank you for all your effort...lots of info for me to absorb.....this regedit thing , HKLM\..\Run: [ZE5IECONFIG] regedit.exe /s "{INSTALL_DIR}\MSIE.REG",
is what is showing up as an error message at startup!!!! i didn't recognise the hjt entry as the error message...can i delete that reg key? or just "fix" in hjt???

THANK YOU very much for all your help....


i neither intentionally or knowingly do anything....:)
 

barncat

Thread Starter
Joined
Jan 11, 2005
Messages
253
hjt "fix" took care of the error message ,"regedit----".....thanks again!
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,578
You're welcome.

Do a search to see if you can locate that .reg file and if you find it, delete it.

BTW, the other O16 entry you were asking about was from Trend Micro's Housecall on-line scan so legit.

Read here to see how to tighten your security:

http://forums.techguy.org/t208517.html
 

barncat

Thread Starter
Joined
Jan 11, 2005
Messages
253
these came back! do i need to do more than just "fix" with hjt???? thanks

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O16 - DPF: {11111111-1111-1111-2222-111111111157}
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,578
Please post the entire Hijack This log.
 

barncat

Thread Starter
Joined
Jan 11, 2005
Messages
253
oh, sorry.....here is current ...i deleted the above items today....thanks.....

Logfile of HijackThis v1.99.0
Scan saved at 6:25:48 PM, on 1/30/05
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v4.70 SP1 (4.70.0000.1155)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\ANALOGX\COOKIEWALL\COOKIE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = {BROWSER_HOMEPAGE}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O13 - WWW. Prefix: http://
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,578
BTW, those two BHO's are not malicious, one is for Internet Download Manager and the other is for Adobe Acrobat Reader, but their files are missing.

Rescan with Hijack This and have it fix these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O13 - WWW. Prefix: http://
 

barncat

Thread Starter
Joined
Jan 11, 2005
Messages
253
Thank You again....i feel like such a dunce...i read and read, but not much of this computer stuff stays with me....and i must be really out of step when it comes to compatibility with software...i find most programs irritating at best and some popular ones as obnoxious, ie, adobe....if i accidently clk on a pdf link adobe stops my computer while it loads........so, i collect garbage in my computer when i uninstall it.....thanks you very much for all the help.....
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top