| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 69646 | 2006-06-07 16:45:00 | i need advice what to do next... here my hijack logs.... | Cead (10513) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 461485 | 2006-06-08 03:54:00 | ohhhhh almost forgot.... I HAVE MY HOMEPAGE AGAIN ON MY EXPLORER.... WHHEEEEEEEEEEEEEEE....... ^^ | Cead (10513) | ||
| 461486 | 2006-06-08 04:15:00 | . . . . . . . something I spotted and googled: O4 - HKLM\ . . \Run: [Alcmtr] ALCMTR . EXE Realtek AC97 Audio - Event Monitor . "Sypware" file used surreptitiously monitor ones actions . It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers . . and some debate about whether you should remove it . . . . but I hate things that spy on my activities . . . . . Reports your surfing habits to RealTek . Sneaky one . . . . . . . . and there's some debate on this next one: F2 - REG:system . ini: UserInit=C:\WINDOWS\system32\Userinit . exe Part of windows boot . . may be blocking your internet if so just kill it no real threat . . . . . . . . . . . . and another rating on it: Dodgy entry, not part of windows, remove it! I personally would listen to Eddie (pancake) . . . he's 'way up there with guys like Speedy . Anybody can Google something and get returns about things like this as I did, but those guys are really sharp . |
SurferJoe46 (51) | ||
| 461487 | 2006-06-08 04:43:00 | Run HJT and fix this item and delete the (red) file and you should be good to go . . R3 - URLSearchHook: (no name) - - (no file) O4 - HKLM\ . . \Run: [Alcmtr] ALCMTR . EXE C:\WINDOWS\system32\ALCMTR . EXE Reboot, run a full scan here with Ewido ( . cyberanswers . org/runtest . php" target="_blank">www . cyberanswers . org) and that will clean out the cookies for you . |
Pancake (6359) | ||
| 461488 | 2006-06-08 05:54:00 | how do i fix them...? do i just click on FIX CHECKED on the hijackthis...? cuz that what i did for the R3 n 04 you said... and also how to do i delete? Pancake should i fix the one sufer suggested? |
Cead (10513) | ||
| 461489 | 2006-06-08 06:06:00 | Sorry I should have explained better..... Leave this one...if the file is deleted you will have big problems... F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. R3 - URLSearchHook: (no name) - - (no file) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Open Windows Explorer and delete the following highlighted file/s C:\WINDOWS\system32\ALCMTR.EXE |
Pancake (6359) | ||
| 461490 | 2006-06-08 12:27:00 | ummm . . . i'm having a problem try to find this one C:\WINDOWS\system32\ALCMTR . EXE . . . and this might be a stupid question but how to do you open the window explorer . . ? so sorry to trouble you alot . . . i really appreciated you helping me . ^^ |
Cead (10513) | ||
| 461491 | 2006-06-08 12:32:00 | ohh almost forgot to show my next hijackthis log so here it is.... Logfile of HijackThis v1.99.1 Scan saved at 7:27:36 AM, on 6/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\SpyNoMore\SNM.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Chikka\Chikka.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\PROGRA~1\Chikka\BnrRepo2.exe C:\PROGRA~1\ Yahoo! \MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Diane Ignacio\Desktop\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ Yahoo! Pager] "C:\PROGRA~1\ Yahoo! \MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ChikkaIM] C:\PROGRA~1\Chikka\Chikka.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe thank you again... |
Cead (10513) | ||
| 461492 | 2006-06-08 13:06:00 | Hi Your log is good,the infection gone. To open Explorer right click Start and go to Explore in the drop menu |
Pancake (6359) | ||
| 461493 | 2006-06-08 13:09:00 | Just as a bit more info for you . . . . It is very important not only to keep Sun Java up to date but also to remove older versions which have security holes and can be exploited by malware such as Vundo . Please follow the steps to remove older version Java components 1 . Close any open programs you may have running, especially your web browser 2 . Click Start > Control Panel * Depending on your OS or configuration, you may have to click Start > Settings > Control Panel 3 . Open Add or Remove Programs * If you have Windows 98 or Windows 2000, open Add/Remove Programs 4 . Click once on any item listing Java Runtime Environment in the name * Not every version of Java will begin with "Java" so be sure to read each entry in the list 5 . Click the Remove or Change/Remove button 6 . Follow steps 4 and 5 as many times as necessary to remove all versions of Java . ** If you are asked to reboot at any point during the uninstallations, please do so . Then go back to Add/Remove and continue with the removals . 7 . Next, navigate to and delete:C:\Program Files\Java <<<<<<this folder if found 8 . Reboot your PC once all Java components have been removed . 9 . Proceed with reinstalling Java by going to This site ( . java . com/en/download/index . jsp" target="_blank">www . java . com) and downloading the latest version ( Version 5 . 0 Update 7 ) from the website . Save it, do not run it . When the download is complete, close the browser and install it . |
Pancake (6359) | ||
| 461494 | 2006-06-08 14:11:00 | thank you sooo much pancake... you save my COMPUTER thank you again... i cant seem to find anything with Java, all i can see is windows xp... is that bad? And this i keep wondering about this question.... how do you know if your computer is free of infection or viruses or any keylogger? cuz for the last few days i havent logged on to any of personal accounts... |
Cead (10513) | ||
| 1 2 3 | |||||