Results 1 to 5 of 5
  1. #1
    Member
    Join Date
    Aug 2006
    Posts
    8
    Points
    0

    Default HijackThis log help please

    I am not experiencing any symptoms on my computer, but when I run a spyware scan with Freedom (from Adelphia), I get about 50 Midaddle spywares. I delete them all and when I run another scan the next day, there are about 50 more. I am including my HijackThis log. Please tell me what I need to do. TIA

    Logfile of HijackThis v1.99.1
    Scan saved at 1:10:00 AM, on 8/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    C:\WINDOWS\SYSTEM32\sistray.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\jffdvs\My Documents\Corel User Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsreader.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://softdev.adelphia.net/sdccommo...d/tgctlins.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Log appears to clean. No sign of Midaddle.

    Does spyware scan gives names and location/path to them?

    Suggest you do everything here:

    http://www.help2go.com/component/opt...wtopic/t,9709/

    BG

  3. #3
    Member
    Join Date
    Aug 2006
    Posts
    8
    Points
    0

    Default

    I was refered to this site and told there were very helpful experts that would help me with my problem. I found the existing post on Midaddle and tried to follow the instructions. They were worthless because none of the file names matched anything in my HijackThis log and I'm afraid to delete anything that might be important. In fact, HJT apparently didn't even find the invected file. When I post my log I get one response referring me back to the worthless instructions.

    Then I find the infected file on my own and post requesting help deleting it and I get a slap on the wrist for starting a new thread and the new thread, which has a much better chance of solving my problem gets locked. So are you here to help solve problems or to teach forum ediquette? so much for the helpful experts!

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default Re: HijackThis log help please

    Quote Originally Posted by jffdvs
    I run a spyware scan with Freedom (from Adelphia), I get about 50 Midaddle spywares. I delete them all and when I run another scan the next day, there are about 50 more.
    Hi

    We definately need to see a log from Freedom... which shows us exactly what you are seeing...

    I vaguely remember seeing this a while back ... and they are all false positives ... The files are legit and freedom is wrongly tagging them as midaddle... but we need the filenames and locations to check them out
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Please don't be upset....

    you are not being singled out... Basementgeek asked you very nicely to keep all your posts in one thread ... if your replies are spread about in different threads then we have a lot harder task to help you...

    ANYONE starting 2 threads will have the second one locked ... we need to keep all the information you give us together...

    Oh and I'm sorry my article on the removal of Midaddle were "worthless instructions" :cry:

    have a look at this thread :-

    http://www.help2go.com/component/opt...topic/t,18661/

    IN Particular post #7 to #10

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -