|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
10-04-2004, 10:53 AM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2004
Posts: 5
OS: Win98
|
[B][B]Trusted Start Page][/B]
Hi,
I thought I was on the winning side, but I was wrong. I am not sure whether it is CWS again or sthg similar only. This is my current log from hijack:Logfile of HijackThis v1.98.2 Scan saved at 19:36:28, on 04-10-04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE D:\PROGRAM FILES\PERSONAL FIREWALL 4\KPF4SS.EXE C:\WINDOWS\SYSTEM\MBTFMOGO.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\USBSTORAGE\USBDETECTOR.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE D:\PROGRAM FILES\PERSONAL FIREWALL 4\KPF4GUI.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE D:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [KPF4] D:\Program Files\Personal Firewall 4\kpf4ss.exe O4 - HKLM\..\RunServices: [IPGX32.EXE] C:\WINDOWS\IPGX32.EXE O4 - HKLM\..\RunServices: [DNSCache] C:\WINDOWS\SYSTEM\MBTFMOGO.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = toas O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 193.166.234.15 Every time I open IE http://a-search.biz/?wmid=1010 this page shows up. Any ideas how I could get rid of it? Thx |
|
     
|
|
10-05-2004, 08:56 AM
|
#2 (permalink) |
|
Analyst, Security Team
|
Is that the whole HijackThis log file? I see one or two suspicious files, but want to make sure there aren't others.
Download: StartDreck. Unzip to its own folder and start the program: Press 'Config' Press 'Unmark All' Check the following boxes only: Registry -> Run Keys System/drivers> Running processes Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread. Also, update Internet Explorer to version 6.0 and get the Service Pack for it. It will bring you down eventually since it's so outdated now.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
| Thread Tools | |
|
|
![[B][B]Trusted Start Page][/B]](http://www.techsupportforum.com/cwd/iconimages/hijackthis-log-help/b-b-trusted-start-page-b.gif)
