HijackThis Log

Hey,
Can one of you experts tell me whats the verdict with this? Do you just run it or is there something like running it on startup I need to do?

Thanks
Rockit

Logfile of HijackThis v1.98.2
Scan saved at 4:44:07 PM, on 9/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\Explorer.EXE
C:\Internet\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Internet\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Internet\Trillian\trillian.exe
C:\Internet\Avant Browser\iexplore.exe
C:\Internet\Misc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Internet\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Internet\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Internet\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O8 - Extra context menu item: Add to AD Black List - C:\Internet\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Internet\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Internet\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Internet\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Internet\Avant Browser\Search.htm
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Internet\IE Privacy Keeper\IEPrivacyKeeper.exe
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Internet\IE Privacy Keeper\IEPrivacyKeeper.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_04) -
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Plug-in 1.4.2_04) -
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2EAC102-9E2E-48FD-B573-0FB43FF850E8}: NameServer = 209.172.0.5 209.172.0.8

 

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix. Note** you may need to temporarily disable Spybot's TeaTimer for changes to take effect.

R3 - Default URLSearchHook is missing
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_04) -
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Plug-in 1.4.2_04) -
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} -

See the following link for removal instructions of ClearSearch (the BHO entry)

http://www.pestpatrol.com/PestInfo/c/clearsearch.asp

The following BHO entry is for Spybot's SD Helper, which may have been disable (file missing) by some nasty. Open Spybot and remove the SD Helper protection, then reapply after rebooting.

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

Suggest you also visit the Sun Java website and update your JRE to version 1.4.2_05 (think that's the latest)

Reboot when completed and post a new HJT log.

 

Hey Dave,
Thanks Allot for your help !! What would a person need to do to be able to interpet these log's? I think if I just lurk around and watch what you all come up with I may be able to pick it up. Also if you don't mind I have a question about my antivirus software. Do you think I should look into a different program? I notice allot of people on this board use AVG. I'm not sure but I don't think the FProt scans incoming email. Again thanks for your insite. Heres what I got now..
Rockit

Logfile of HijackThis v1.98.2
Scan saved at 8:31:15 AM, on 9/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\Explorer.EXE
C:\Internet\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Internet\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Internet\SpywareGuard\sgmain.exe
C:\Internet\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\svchost.exe
C:\Internet\Misc\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Internet\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Internet\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Internet\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [SpywareGuard] C:\Internet\SpywareGuard\sgmain.exe

 

Log looks clean. Also suggest you open Spybot and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install and update. Check for updates weekly. Still in Spybot, click tools in the left pane, then click IE tweaks and at least lock the HOSTS file. Then download and install IESpyads.

That will give you an added layer of protection against unwanted parasites.

As far as learning to interpret log files, in addition to a tutorial, a LOT of lurking and Googling is necessary.

AVG is good, and does scan imcoming email, AND the price is right. However, I use and recommend eTrust. Available with or without a firewall, it's what 99% of Fortune 500 companies use. If you ordered the update cd from MS early this year, it came with a free-for-a-year cd for eTrust. Looks like the link above has a free trial good until Feb 05.

 

Hey Dave,
Thanks again for the help! One last question.. I see in another forum that you guy's think I should use a firewall on a dialup connection. The last time I tried zonealarm I had nothing but trouble. What firewall do you all use and which one would you recommend..

Thanks
Rockit

 

I use the eTrust version of Zone Alarm that comes with the EZ Armor package. Never had any problems with it. There were some issues with one of the ZA upgrades at one time, but I think they may have been resolved now. Many folks here like Kerio and Sygate too. Both available here.

And YES! You should use a firewall regardless of the connection type.

Glad to help.