Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Check This Log


  • This topic is locked This topic is locked
3 replies to this topic

#1 farmgirl806

farmgirl806

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 02 March 2007 - 07:15 PM

I am trying to get a windows 98se computer up and running and I was wondering if someone could check this log to make sure it is ok. Thanks so much.

Logfile of HijackThis v1.99.1
Scan saved at 2:55:09 PM, on 3/2/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ICONOID\ICONOID.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [Iconoid] "C:\PROGRAM FILES\ICONOID\ICONOID.EXE"
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:51 PM

Posted 09 March 2007 - 02:55 PM

Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.

During the cleaning process, if any other issues appear, please let us know.
If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:51 PM

Posted 09 March 2007 - 03:49 PM

I don't see an antivirus program or a firewall. These are very critical to safe surfing.

Step 1

An antivirus program is an essential part of computer security and you do not appear to have one running on your system. There are a few available for free that have excellent reputations.

AVG Anti-Virus Free Edition

Avast! 4 Home Edition

AntiVir Personal

Step 2

A Firewall is an essential part of computer security and you do not appear to have one running on your system. Do not attempt to run two software firewalls since like running two antivirus programs, they will possibly cause problems and conflict with each other. There are a few firewalls available for free that appear to be good and easy to use:

Jetico Personal Firewall

NetVeda Safety.Net

Outpost Firewall Free

R‑Firewall

Step 3

Please download Ad-Aware SE Personal Edition.
Please check this link, Using Ad-Aware To Remove Spyware From Your Computer for instructions on how to download, install and use Ad-Aware. Run this program as soon as possible.

Step 4

To help prevent further infection, please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Step 5

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that canít be cleaned / deleted, please write down the filenames and locations and post that in your reply.

Step 6

CCleaner is a tool for cleaning temporary files stored on your computer which may help improve performance.
  • Please download CCleaner
  • Starting with v1.27.260, "CCleaner" installs the "Yahoo Toolbar" as an option which IS checked by default during the installation. IF you do NOT want it, REMOVE the check when provided with the option OR download the toolbar free Basic version instead of the Standard Build.
  • Unzip the file to install.
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours.
  • Select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies.
      • Clean all the entries in the Windows Explorer section.
      • Clean all entries in the System section.
      • Clean all entries in the Advanced section.
      • Clean any others that you choose.
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK. CCleaner will scan and clean your system.
  • Click Exit when done.
Do not run it yet.

Step 7

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Now we will address the HijackThis fixes.

These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.

exec.exe ( Netzero free ISP and Juno ISP software ) process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun

I see that you have related.htm ((Related Links' feature of Internet Explorer) on your computer. The issue is the 'Related Links' feature of Internet Explorer which appears as the 'Tools'/'Show Related Links' menu item (and a corresponding toolbar button if you added it from the 'Customize...' link on the toolbar). If you use that feature, Internet Explorer will contact the Alexa servers, via MSN, to obtain information about other web pages which seem to be related, open an Explorer Bar, and display those (plus adverts and whatnot). Alexa/Show Related Links is just a registry key
  • creating a menu item
  • pointing to a local web page
  • pointing to an MSN search page
  • which redirects to the Alexa web site
All that is 'installed' on your PC is that HTML page [#3], which uses MSN and Alexa, but only if you use it. Check the Alexa web site to see if you think that is a good idea or just to double check that you haven't deliberately or unintentionally installed some of their software. Click here for more information Some adware/spyware programs will tag related.htm. If you did not intentionally install Alexa software or if you choose to remove it, these are the items to fix in HijackThis:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Using Windows Explorer, (My Computer (Windows key+e) search for the following file, and DELETE it (Do not worry if it is not there):

C:\WINDOWS\Web\>>>related.htm<<<

Step 8

Letís run CCleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 9

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the list of filenames and locations for any files that canít be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:51 PM

Posted 26 April 2007 - 02:54 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users