after cleaning this computer somewhat.. - just took the log:
(by the way .. it's on 56 K dial-up)
---
Logfile of HijackThis v1.99.1
Scan saved at 11:53:57 PM, on 19/04/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGCTRL.EXE
C:\PROGRAM FILES\HYPNO\RUNNER.EXE
C:\PROGRAM FILES\AOL 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.ca/mi...h/aolcamini.adp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/mra
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
O4 - HKCU\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -CU
O4 - Startup: Runner.LNK = C:\Program Files\Hypno\Runner.EXE
....
Have some questions:
1) What are all those .. did AOL stuck them to me:
(copy/paste from above log)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.ca/mi...h/aolcamini.adp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/mra
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
Can i just keep:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/mra
(the home page i want basically)
And delete the other 2 above (the R1 ones)?
2) I installed Spybot.. but is it normal to get this one or?
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
needed there or not?
3) I have this one there somehow.. maybe some crap from before.. do i need it . or what is it?
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
4)
Which ones of those i can get rid of there? .. or all are needed:
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
O4 - HKCU\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -CU
O4 - Startup: Runner.LNK = C:\Program Files\Hypno\Runner.EXE
From those above - that i know and can recognize.. - i WANT to keep:
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
O4 - HKCU\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -CU
O4 - Startup: Runner.LNK = C:\Program Files\Hypno\Runner.EXE
(want to keep all those)
But those.. do i need them all .. or which one(s) i can get rid of? :
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
Thanks in advance...
1
HijackThis log from our spare MMX 200 (Win 98) ... someone analize it plz!
Started by Darkman, Apr 20 2006 05:17 AM
4 replies to this topic
#2 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 20 April 2006 - 10:27 PM
Hi Darkman
I dont see any problems in the log or anything that needs removing but maybe other members can suggest things that are not required. The only entry that I wasn't sure about was the Runner.exe file, when I was searching for information I noticed a couple of your earlier logs and the folder was called PSYCH, In this log its called HYPNO but I noticed the part where you said it was a screensaver so its fine if you trust the program.
This log of yours from last year has alot of info on the processes and possible fixes.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http ://www.aol.ca/minisearch/aolcamini.adp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
These can be fixed to set the search bar to default and remove the Window Title (Close All browser and other windows first except for Hijack This then press the Fix Checked button)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
Required for Spybot and its normal to show (no name) in the entry
You can click any of the entries below to get more details on them from different sites:
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
Hope that helps
Andy
I dont see any problems in the log or anything that needs removing but maybe other members can suggest things that are not required. The only entry that I wasn't sure about was the Runner.exe file, when I was searching for information I noticed a couple of your earlier logs and the folder was called PSYCH, In this log its called HYPNO but I noticed the part where you said it was a screensaver so its fine if you trust the program.
This log of yours from last year has alot of info on the processes and possible fixes.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http ://www.aol.ca/minisearch/aolcamini.adp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
These can be fixed to set the search bar to default and remove the Window Title (Close All browser and other windows first except for Hijack This then press the Fix Checked button)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
Required for Spybot and its normal to show (no name) in the entry
You can click any of the entries below to get more details on them from different sites:
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
Hope that helps
Andy
#3 OFFLINE
-
- Members
-
- 171 posts
Advanced Member
Posted 21 April 2006 - 07:22 AM
ya.. Thanks a lot Andy..
Runner is fine.. it's SS Runner (screen saver runner that comes packaged with Psycho, Kine, etc.. )
It's optional.. but i like it.. cuz it can manage / go to / choose .. any screensaver that i like to run, etc .. with a mouse click..
I ll check others.. (entries above) but i think some of them could be outdated.. maybe from previous setup(s), etc...
I ll check though... (your links for them there, etc)
I see about Spybot's entry.. ya.. - i will keep it...
as to:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http ://www.aol.ca/minisearch/aolcamini.adp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
I will probably end up removing them.. but maybe wait until this , hehe, 3 MONTH FREE AOL internet thingy / offer is over..
(definatly will NOT pay AOL for their internet)
Dial up yet.. lol
They just gave it to me / my mom here (at her place).. and it expires in almost full 3 months from now...
So i will wait till then.. and then get rid of those 2 entries...
Let them be for now there.. (for cosmetical reasons if for nothing else)
Thanks again.
Runner is fine.. it's SS Runner (screen saver runner that comes packaged with Psycho, Kine, etc.. )
It's optional.. but i like it.. cuz it can manage / go to / choose .. any screensaver that i like to run, etc .. with a mouse click..
I ll check others.. (entries above) but i think some of them could be outdated.. maybe from previous setup(s), etc...
I ll check though... (your links for them there, etc)
I see about Spybot's entry.. ya.. - i will keep it...
as to:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http ://www.aol.ca/minisearch/aolcamini.adp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
I will probably end up removing them.. but maybe wait until this , hehe, 3 MONTH FREE AOL internet thingy / offer is over..
(definatly will NOT pay AOL for their internet)
Dial up yet.. lol
They just gave it to me / my mom here (at her place).. and it expires in almost full 3 months from now...
So i will wait till then.. and then get rid of those 2 entries...
Let them be for now there.. (for cosmetical reasons if for nothing else)
Thanks again.
#4 OFFLINE
-
- Members
-
- 171 posts
Advanced Member
Posted 23 April 2006 - 06:05 PM
Andy .. and others
Since last post.. - Today .. actually just now .. i got rid of the following entries mentioned above... Gone are now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http ://www.aol.ca/minisearch/aolcamini.adp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
Also after examining links above (for few items) .. i got rid of those 2 as well:
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
....
Computer still works .. lol
Thanks.....
Here is my latest log.. after getting rid of those few mentioned above:
Logfile of HijackThis v1.99.1
Scan saved at 12:59:48 PM, on 23/04/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGCTRL.EXE
C:\PROGRAM FILES\HYPNO\RUNNER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AOL 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/mra
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
O4 - HKCU\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -CU
O4 - Startup: Runner.LNK = C:\Program Files\Hypno\Runner.EXE
----
Thanks again...
Since last post.. - Today .. actually just now .. i got rid of the following entries mentioned above... Gone are now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http ://www.aol.ca/minisearch/aolcamini.adp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
Also after examining links above (for few items) .. i got rid of those 2 as well:
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
....
Computer still works .. lol
Thanks.....
Here is my latest log.. after getting rid of those few mentioned above:
Logfile of HijackThis v1.99.1
Scan saved at 12:59:48 PM, on 23/04/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGCTRL.EXE
C:\PROGRAM FILES\HYPNO\RUNNER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AOL 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/mra
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
O4 - HKCU\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -CU
O4 - Startup: Runner.LNK = C:\Program Files\Hypno\Runner.EXE
----
Thanks again...
#5 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 23 April 2006 - 08:09 PM
Looking Good Darkman,
Happy Surfing
Happy Surfing
