Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log Check


  • Please log in to reply
1 reply to this topic

#1 rey910

rey910

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 21 October 2005 - 07:03 AM

I just acquired this laptop and performed a HJT log.....I know it should be in a separate folder to do any fixes--to which I will do so if there is any fixes to be made---please review it and suggest any fixes needed to be made---thank you in advance........

Logfile of HijackThis v1.99.1
Scan saved at 11:34:44 PM, on 10/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\NETGEAR\WG511V2\WLANCFG5.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\RunOnce: [csunins_us] COMMAND.COM /c erase
C:\WINDOWS\csunins_us.exe
O4 - HKLM\..\RunOnce: [csunins] COMMAND.COM /c erase
C:\WINDOWS\csunins.exe
O4 - HKLM\..\RunOnce: [share dir] COMMAND.COM /c deltree /y
C:\PROGRA~1\COMMON~1\CSSHARE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN
MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN
MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: NETGEAR WG511v2 Wireless Assistant.lnk = C:\Program
Files\NETGEAR\WG511v2\wlancfg5.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra button: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
(no file)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: Yahoo! Canasta -
http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Euchre -
http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

BC AdBot (Login to Remove)

 


#2 Horse

Horse

  • Malware Study Hall Junior
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Durban South Africa
  • Local time:05:25 PM

Posted 28 October 2005 - 07:21 AM

Hi there and welcome to BC

You have some baddies in your log, so lets run a few tools to begin with.

Please download Cleanup! or use this (Alternate Link) if the main link does not work and install it. You will use this later.
_________________________________________________

Please make sure you run the following tool. Download and update the database on the program before running.
For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click OK,then, if something is found, click Clean according to the directions given. Click Close and exit Ad-Aware.
_________________________________________________

Download, install,and update Ewido Security Suite
  • Install Ewido Security Suite
  • Launch Ewido, there will be a big E icon on your desktop which you must double-click.
  • The program will prompt you to update so you need to click the OK button
  • The program will take you to the main screen
You must update Ewido with the latest definition files.
  • On the left hand side of the main screen click Update
  • Click on Start
The update will start and a progress bar will show the updates being installed. After the updates are installed, exit Ewido
_________________________________________________

Reboot into Safe Mode by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
_________________________________________________

Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - Perform action on all infections. Choose clean then click [OK].
  • Once finished, click the [Save report] button and save the report to your desktop.
Close Ewido
_________________________________________________

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files

*WARNING*Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will need to use another utility

Click OK, Press the CleanUp! button to start the program and reboot your system in Normal Mode when prompted.
_________________________________________________

Please do an online scan at Panda ActiveScan.

Post the results of the Ewido and Panda scans back here together with a new HJT log.

The Sky is not the limit - there are footprints on the Moon

 

 south_aC.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users