Is this Hijack log clean now?

Expand Post »

Have run Adaware and Spybot S&D, but just to make sure (Thanx for helping out)

:

Logfile of HijackThis v1.97.7

Scan saved at 22:50:48, on 06.04.04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOGWAT95.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SYSTEM\VETMSG9X.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\PROGRAM FILES\FREEMEM PROFESSIONAL\FMEMPRO.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://www.searchnow.ws/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=2567500

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blinkpro.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2000 Pro\Search Bar.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html

R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LogWatch] C:\WINDOWS\LogWat95.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [MDTOOL] c:\program files\mobile disk o21\mdtools.exe sys_auto_run C:\Program Files\Mobile Disk O21

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRAM FILES\FREEMEM PROFESSIONAL\FMEMPRO.EXE" Startup

O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe

O4 - HKCU\..\Run: [quicken] C:\WINDOWS\QUICKEN.EXE

O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - User Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Advanced Email Extractor - res://C:\PROGRAM%20FILES\ADVANCED%20EMAIL%20EXTRACTOR\AEEMSIE.DLL/page.html

O8 - Extra context menu item: Scan link with AEE - res://C:\PROGRAM%20FILES\ADVANCED%20EMAIL%20EXTRACTOR\AEEMSIE.DLL/link.html

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmbacklinks.html

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: Email Extractor (HKCU)

O9 - Extra 'Tools' menuitem: Advanced Email Extractor (HKCU)

O12 - Plugin for .swf: C:\PROGRA~1\INTERN~1\PLUGINS\NPSWF32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/no/de.../GoogleNav.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Similar Threads

hijack this log in Viruses, Spyware and other Nasties
IE Opens by itself (hijack log included) in Viruses, Spyware and other Nasties
Found Virus..Can't get rid of it. (hijack log included) in Viruses, Spyware and other Nasties
Windows program closing automatically on opening- HIJACK LOG posted in Viruses, Spyware and other Nasties
spywaregaurd found problem-hijack log in Viruses, Spyware and other Nasties

ArveK

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

2 posts
since Apr 2004

Permalink

Apr 6th, 2004

Re: Is this Hijack log clean now?

Quote originally posted by ArveK ...

Have run Adaware and Spybot S&D, but just to make sure

No, a few things are left behind--or you have been hit again. Remove these keys:

R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://www.searchnow.ws/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=2567500

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blinkpro.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2000 Pro\Search Bar.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html

R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe

These two are resource wasters, and not needed:

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

After a reboot, find and remove these files:

C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

C:\WINDOWS\iedll.exe

That should do it.

TallCool1

Team Colleague

Reputation Points: 149

Solved Threads: 45

Practically a Posting Shark

Offline

865 posts
since May 2003

Permalink

Apr 7th, 2004

Re: Is this Hijack log clean now?

Thanx for great help! Ive done all the removals except the iedll.exe which i couldnt find (even with show hidden files), so i guess its been removed by SpyBot/AdAware and just the reference to it stayed behind. Else i deleted the complete MyWay folder (dont know what that was and i certainly dont want it).

Again thanx for your time, this forum is the best!!!:cheesy:

ArveK

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

2 posts
since Apr 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Missing Shortcuts on Startup (With Hijack Log)

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: I've been hijacked, please help !

DaniWeb Message

Cancel Changes

User Name
Password