HiJackThis Log Look/Read-Over (Resolved)
-
HiJackThis Log Look/Read-Over (Resolved)
Logfile of HijackThis v1.98.2
Scan saved at 1
25 AM, on 10/22/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\CARPSERV.EXE
C:\MY DOCUMENTS\DOWNLOADS\PROGRAMS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&m...JQ3&N=PLEM&O=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Spike Valentine
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\PROGRAM FILES\JUNO\TOOLBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
O4 - HKCU\..\Run: [INetBooster] C:\PROGRAM FILES\ROBUST\INTERNET BOOSTER\ISPBOS.exe
O8 - Extra context menu item: Download All Links with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEExt.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
-
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
Click Fix Checked
Never come across this entry and can find no reference to it:
O4 - HKCU\..\Run: [INetBooster] C:\PROGRAM FILES\ROBUST\INTERNET BOOSTER\ISPBOS.exe
-
oh that will be deleted also, it was a program for dial up connections to keep your connection from being lost and to speed up transfers a little, it only gave me a little boost so i uninstalled it.
-
Logfile of HijackThis v1.98.2
Scan saved at 6:11:40 PM, on 10/22/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\CARPSERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\DOWNLOADS\PROGRAMS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&m...JQ3&N=PLEM&O=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Spike Valentine
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\PROGRAM FILES\JUNO\TOOLBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [r***ent] C:\PROGRAM FILES\RFA\r***ent.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServicesOnce: [Delete SWAP] "C:\PROGRAM FILES\SYSTEM CLEANER\SCidxdat.exe" /DELETESWAP
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
O8 - Extra context menu item: Download All Links with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEExt.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
-
Thats a clean log, how are things running?
-
pretty good for an old peice of SH** walmart special
-
You don't appear to have a firewall. I suggest you install one. Have a read of this:
Preventing it returning
After your problem has been resolved on the forum, it is an absoulute MUST to do the following steps to prevent the problem returning. Click on the link to get access to the software or webpage that I'm referring to.
1. Visit Windows Update
Pay a visit to Windows Update and scan for and download ALL Critical Updates and Service Packs. New updates are usually released monthly so check back to Windows Update every month.
2. Download Antivirus Software-
If you haven't already got Antivirus software, you should download and install AVG Antivirus. It is freeware and is updated nearly every 2 days (sometimes more frequently if there are a lot of new viruses) and in my opinion, is better than some Antivirus software such as Norton. Antivirus software will prevent viruses infecting your system and it is important that you update it every two days or every week at the most.
3. Download a Firewall-
If you haven't already got a firewall, it is Very important that you download one. Firewalls will prevent unauthorised access to your computer and stop data leaking out of your computer. You may think that it won't happen to you, but Hackers don't care who you are, what you do, where you live or what you had for tea last Sunday on your holiday in the Lake District, they want your data. Firewalls will keep these sneaks out and one of the best is Sygate Personal Firewall, which happens to be freeware.
4. Spyware Scanners-
It is important that as well as having real time spyware protection, you have a spyware scanning application. If you have not already been told to download one earlier in this thread, it is a good idea to download Spybot Search And Destroy and Ad-aware. They are both spyware scanners and will search for a remove spyware. It is recommended that you have both, because one will pick up entries that the other misses. It is even a good idea to download these if you have other programs such as ASE, Spysweeper, Pest Patrol, etc, because one spyware scanner will not pick up everything. Please remember to update your spyware scanners weekly/fortnightly.
5. Prevent Spyware slipping through Internet Explorer-
Quite a lot of spyware slips through Internet Explorer if your settings are not tight enough. Spyware Blaster will help you prevent spyware slipping through and installing tracking cookies. Simply run it via Start> Programs> Spyware Blaster and click Enable All Protection and it will protect you. It doesn't even have to be open! Remember to update weekly/fortnightly.
6. Constant Spyware Protection-
It is important to have constant spyware protection. Spyware Guard works like an antivirus program but detects Spyware instead. It will constantly protect your system. Check for updates monthly.
All Of these steps are very important and it is HIGHLY recommended that you download all of the programs mentioned for your own safety. Remember to Update everything (including Windows using Windows Update)! It is also a good idea to perform weekly/fortnightly scans with Spybot S&D, Ad-aware and your antivirus software.
And last of all, please remember, that common sense is your greatest tool. Without it, spyware and other related Malware would rule!
-
the reason im not running a firewall is because most of them take em too many resources of my computer. I barely have enough to run antivirus and sbs&d and my internet software.
-
What are your system specs?
Post a D-A-L Online Hardware Scan report...
http://www.d-a-l.com/hardware-scan.php
-
OS Information:
Property Value
OS Name Microsoft Windows ME|C:\WINDOWS|
Service Pack .
OS Manufacturer Microsoft Corporation
Windows Directory C:\WINDOWS
Processor:
Property Value
Current Clock Speed 768
Description Intel(r) Celeron(tm) processor
Manufacturer GenuineIntel
Name Intel Celeron processor
Memory (RAM):
Property Value
Total Memory Deteced in Hardware: ~0 MB
Memory Reported to Operating System: 190MB
Disk Drives:
Property Value
Description GENERIC IDE DISK TYPE01
Manufacturer (Standard disk drives)
Model IDE DISK TYPE01
Media Type Fixed hard disk media
Size 20020396032 (~19 GB)
Number of Partitions 1
Installed Printers:
Property Value
Name QuickLink III
Port Name COM1:
Driver Name QuickLink III
Motherboard:
Property Value
Manufacturer Asus
Model
Name Base Board
Part Number
Product CUW-AM/MEW-AM
Serial Number xxxxxxxxxxxx
Version 2.06
BIOS:
Property Value
Manufacturer Phoenix Technologies LTD
Name Default System BIOS
Release Date 19010306******.******+***
Version EPP revision 9.00
Monitor:
Property Value
Description Default Monitor
Name Default Monitor
Screen Height
Screen Width
Description Default Monitor
Name Default Monitor
Screen Height
Screen Width
Keyboard:
Property Value
Description Standard 101/102-Key or Microsoft Natural Keyboard
Pointing Device:
Property Value
Manufacturer Browser Mouse
Name PS/2 Port Mouse
Sound Card:
Property Value
Manufacturer Crystal Semiconductor Corporation
Description Audio for Crystal WDM Audio Codec
Device ID PCI\VEN_8086&DEV_2415&SUBSYS_56438086&REV_02\BUS_0 0&DEV_1F&FUNC_05
Manufacturer Microsoft
Description Audio for Unimodem Half Duplex Wave Device
Device ID MODEMWAVE\ROCKWELLVOICEMODEMWAVE\CXT&VEN_14F1&DEV_ 2F00&SUBSYS_200514F1&WDMMDM0
Manufacturer
Description Audio for USB Audio Device
Device ID USB\VID_147A&PID_0100&MI_00\0000USB&VID_147A&PID_0 100&INST_0
Video Card:
Property Value
Adapter Compatibility Intel Corporation
Adapter RAM
Description Intel(R) 82810 Graphics Controller
Installed Display Drivers i81xdw9x.drv
Driver Version 4.0
Driver Date 8/7/2000 5:00:00 PM
Video Mode Description
Adapter Compatibility NVIDIA
Adapter RAM
Description NVIDIA GeForce4 MX 440
Installed Display Drivers nvdisp.drv
Driver Version 4.0
Driver Date 7/11/2004 5:00:00 PM
Video Mode Description
DirectX Installation:
Property Value
Version 6.01.09.0727
Modem:
Property Value
Model Generic SoftK56 Data Fax Voice CARP
Name unimodem.vxd
Network Adapters:
Property Value
Description PPP Adapter.
External Ports:
Property Value
Expansion Slots:
Property Value
Valued Member
