This is ridiculous having to go through all this. The post I reference below, NEVER got posted! So, I'm not going to waste anymore time on it until Marlene will let the original post through. -Clint
----- Original Message ----- From: "Support-OrpheusComputing.com" Ok, this is Harold's HJT log. You have to refer between this email and my last one for references. I'm going to try it this way--in order to keep the post to 10k, I had to delete all of his post(s) and just leave mine. -Clint ----- Original Message ----- From: "Support-OrpheusComputing.com" Wasn't my ISP Harold, it was getting dumped by Google. No, things have only gotten worse. I still have your log and I pasted it below, at the extreme bottom. Let's take the easy things first. The screen shot I don't recall ever seeing, I guess that's on the newest version. I never new HJT didn't detect HIJACKS and only "METHODS" as it states! As you can see, mostly benign things will show in the log. SpyBot's "TeaTimer" is better than SpywareGuard (SWG), so I would keep the TT running and only exe SWG when at "questionable sites". Unlike SpyWareBlaster, SWG MUST be running for it to work. I had some problems with ID Blaster, so I don't use it anymore (I think it removed some customized settings from Windows). >From what I recall, it does NOT have to be running, you just run every once on a while to "null" all Product ID #'s. Now I just use .reg files I created to do this. I wouldn't concern yourself with AdAware's log. Just tell it to ignore as many things as you can. Most of the things it tags aren't really anything because they are all just MRU type entries (like recent docs, last files opened/played, last d'load directory, address bar, browsing history, etc.). If it finds something bad (as any of them will) it will mark it in red and tell you it's "Critical". I do see one odd thing in the AdAware log, wmiexe.exe is supposed to be in the 'System32' folder according to M$, yours is in the 'System' folder. It's not running on my PC but I have as many services as possible disabled. It's "Windows Management Instrumentation (WMI)" and I have that set to "Automatic" and it's "Started" on mine (under Services), but it's supposed to load an "svchost" in the cont-alt-del Task Manager and that should be running, not any wmiexe.exe. I'd do some searches on it to find out more info. Under my services I don't have the "(WMI)" after mine, so that may mean something. Like most other logs, most of what HJT finds is benign and you can tell it to ignore most of them so it won't tag them again. You should know this just by looking at them. You can ignore everything in your HJT log (check the boxes to 'ignore') except for these: "R3 - Default URLSearchHook is missing". I forgot how I fixed this, and if I recall it will also show in SpyBot. SB may tell you more on how to fix it. If not, just do a search on it and you can find the info. It's not that big of a deal, but I would still fix it. I believe if you let HJT fix it, you "lose something", you can always let it fix then put it back if you find out it's needed. I think I had to fix mine with a manual registry edit. This one: "O2 - BHO: Yahoo! Companion BHO -", and "O3 - Toolbar: 1-Click Answers -", watch out for any of these Yahoo (or Google, etc.) "Toolbar companion" things, they will usually track everything you do online. This one: "O2 - BHO: AtBHOObj Class - " I'd check into that, I don't like the sound if it. Looks like some type of malware or least something you don't want. http://www.atomica.com/index.html is their website and it looks pretty suspicious...unless of course you KNOW what's it's for and need it. http://www.popupsentry.com/A/AGTBHO.DLL-3557.html . It just doesn't.........'sound right' to me for lack of a better term. I would never touch ANY KIND of "Messenger" thing (be it Yahoo, M$, MSN, etc.) unless you absolutely MUST have it. I never use any of that. They are loaded with security risks, holes, and the like, so I would consider this. (BTW, the last entry on your log is for Adobe). When in doubt, just paste any of those file names or DLL's into a search engine and you can get the details on them. Logfile of HijackThis v1.99.1 Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\MSGLOOP.EXE C:\WINDOWS\SYSTEM\MSG32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.yahoo.com/config/login?.src=geo&.intl=us&.done=http%3a//geocities.yahoo.com/filemanager R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ACROBAT\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: AtBHOObj Class - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\PROGRAM FILES\COMMON FILES\ATOMICA SHARED\AGTBHO.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRAM FILES\1-CLICK ANSWERS\IETOOLBAR\ANSWERSTOOLBAR.DLL O3 - Toolbar: HTML Quick Edit - {C420F40F-9AD0-4EC5-BF71-01B8384CD66C} - C:\PROGRAM FILES\QUICK EDIT BAR\HTMLQUICKEDITBAR.DLL O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Add to WebSite-Watcher - C:\PROGRAM FILES\WEBSITE-WATCHER\wswie.htm O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\PROGRA~1\FAVORI~1\FAVSEEK.DLL O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
