Help with HijackThis Log (1 Viewer)

S

slinky

A Very Important Member
Joined
Mar 31, 2004
Messages
211
Gender
Male
HSC
N/A
Hi, this is my HijackThis Log, is was wondering if any one here can tell me what i need to fix or delete. thanku in advance

Logfile of HijackThis v1.99.0
Scan saved at 1:25:17 AM, on 7/02/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WINZIP8\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://launch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://launch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: My HotLinks - {6F2F58A0-6924-11d4-923F-0050DA6A66A1} - C:\WINDOWS\Add To My Hotlinks.hotlinks_launch
O9 - Extra 'Tools' menuitem: My HotLinks - {6F2F58A0-6924-11d4-923F-0050DA6A66A1} - C:\WINDOWS\Add To My Hotlinks.hotlinks_launch
O9 - Extra button: C-SMS - {C1E3533C-70F6-4f36-B97C-032C8A5EE759} - C:\PROGRAM FILES\C-SMS\c-sms.exe (file missing)
O9 - Extra 'Tools' menuitem: Send an SMS using C-SMS - {C1E3533C-70F6-4f36-B97C-032C8A5EE759} - C:\PROGRAM FILES\C-SMS\c-sms.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.ozonline.com.au/toolbox
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O19 - User stylesheet: (file missing)


once again thanks for reading and commenting on this thread
 
jumb

jumb

mr jumb
Joined
Jun 24, 2004
Messages
6,184
Gender
Male
HSC
2004
slinky said:
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE

O2 - BHO: (no name) - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: My HotLinks - {6F2F58A0-6924-11d4-923F-0050DA6A66A1} - C:\WINDOWS\Add To My Hotlinks.hotlinks_launch
O9 - Extra 'Tools' menuitem: My HotLinks - {6F2F58A0-6924-11d4-923F-0050DA6A66A1} - C:\WINDOWS\Add To My Hotlinks.hotlinks_launch
O9 - Extra button: C-SMS - {C1E3533C-70F6-4f36-B97C-032C8A5EE759} - C:\PROGRAM FILES\C-SMS\c-sms.exe (file missing)
O9 - Extra 'Tools' menuitem: Send an SMS using C-SMS - {C1E3533C-70F6-4f36-B97C-032C8A5EE759} - C:\PROGRAM FILES\C-SMS\c-sms.exe (file missing)
Click to expand...
Atleast those ones in my opinion BUT, I'd rather you wait for someone to back me up before you delete anything.
 
M

MedNez

:o>---<
Joined
Aug 21, 2004
Messages
3,004
Gender
Male
HSC
N/A
None of those processes need to be ended. They're windows services and task monitor =)

Place a check next to the following (revised list):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: My HotLinks - {6F2F58A0-6924-11d4-923F-0050DA6A66A1} - C:\WINDOWS\Add To My Hotlinks.hotlinks_launch
O9 - Extra 'Tools' menuitem: My HotLinks - {6F2F58A0-6924-11d4-923F-0050DA6A66A1} - C:\WINDOWS\Add To My Hotlinks.hotlinks_launch
O9 - Extra button: C-SMS - {C1E3533C-70F6-4f36-B97C-032C8A5EE759} - C:\PROGRAM FILES\C-SMS\c-sms.exe (file missing)
O9 - Extra 'Tools' menuitem: Send an SMS using C-SMS - {C1E3533C-70F6-4f36-B97C-032C8A5EE759} - C:\PROGRAM FILES\C-SMS\c-sms.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.ozonline.com.au/toolbox

Then close any IE / Browser windows, and click 'Fix Checked'. Reboot and paste another log.

MedNez
 
sladehk

sladehk

le random
Joined
Jul 26, 2004
Messages
1,000
Gender
Undisclosed
HSC
2006
i have hijackthis but the log is just too hard to use. i use SpywareGuard & Spybot(much easier to use)
 
S

slinky

A Very Important Member
Joined
Mar 31, 2004
Messages
211
Gender
Male
HSC
N/A
this my new logfile, thanks MedNez and jumb for helping me.

Logfile of HijackThis v1.99.0
Scan saved at 10:00:06 PM, on 7/02/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://launch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://launch.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO:  - {371C6960-302C-45D0-9504-50B820247439} - C:\PROGRAM FILES\INDENTIX\WINGET\WINIE.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with &WinGet - res://C:\Program Files\Indentix\WinGet\WinIE.dll/300
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O19 - User stylesheet: (file missing)

so does it look ok to u
 
M

MedNez

:o>---<
Joined
Aug 21, 2004
Messages
3,004
Gender
Male
HSC
N/A
O2 - BHO:  - {371C6960-302C-45D0-9504-50B820247439} - C:\PROGRAM FILES\INDENTIX\WINGET\WINIE.DLL
O8 - Extra context menu item: Download with &WinGet - res://C:\Program Files\Indentix\WinGet\WinIE.dll/300

Keep this if you installed Winget (to be honest download programs like this aren't usually great), otherwise tick and remove.

Other than that, log is clean :)
 
S

slinky

A Very Important Member
Joined
Mar 31, 2004
Messages
211
Gender
Male
HSC
N/A
thanks for your help MedNez, and 1 final thing how often do u think i should run Hijackthis. thanks buddy.
 
M

MedNez

:o>---<
Joined
Aug 21, 2004
Messages
3,004
Gender
Male
HSC
N/A
Once every few weeks for a full spyware scan would be appropriate, I think. I do a scan once every fortnight (give or take), and that's fine for me.
 
S

slinky

A Very Important Member
Joined
Mar 31, 2004
Messages
211
Gender
Male
HSC
N/A
thanks for all the help ppl, especially MedNez.
 
You must log in or register to reply here.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top