« previous next »
Pages: 1 [2]

Author Topic: Help with IF01.exe problem  (Read 1000 times)

leonlojup

  • Guest
Help with IF01.exe problem
« Reply #20 on: July 23, 2005, 12:15:21 AM »
OK, I had thought about that, but wanted to wait until you suggested it.  Is there anything else that I can do once I uninstall all of AOL's stuff to ensure that all associated files, especially whatever hijacked it is gone for good?

Thanks.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help with IF01.exe problem
« Reply #21 on: July 23, 2005, 12:18:48 AM »
The only other thing I can suggest
After you uninstall AOL
Restart your computer
You can try running a Free reg cleaner through your machine

Here's a link to a free one
RegSeeker 1.45
http://www.hoverdesk.net/freeware.htm

Open the RegSeeker Folder and double click on RegSeeker.exe
Click on
"Clean the Registry" on the left menu
Ensure there is a check in "Backup before Deletion" on the bottom left
Then click OK on the right

Let it finish scanning
When it's done
Click "Select All" Near the bottom
and then Right click in the Results pane and click
"Delete Selected Items"
Exit RegSeeker
Restart the computer

Make sure your programs are all working, I've never had a problem with it, this is just precautionary
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

leonlojup

  • Guest
Help with IF01.exe problem
« Reply #22 on: July 23, 2005, 12:43:31 PM »
Well after some work I got all the AOL files removed and ran RegSeeker.  It found 544 blue and red entries and I deleted them all.

Machine seems sluggish though and the hard drive really wants to work overtime, seems to be running alot especially when I load AOL and when I run Adaware or Defrag.

Is there a site where I can go to read up on this aspect of keeping my machine clean and hopefully being able to help others?

Here is a copy of the latest HJT log, which no longer sports the 014 entry or anything below that.  Does that sound strange to you?

Logfile of HijackThis v1.99.1
Scan saved at 12:12:24 PM, on 7/23/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MEMOREX\TRAVELDRIVE2B\SHWICON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ShowIcon_Memorex_USB Product Driver v2.13r002] C:\Memorex\TravelDrive2B\shwicon.exe -t"Memorex\USB Product Driver v2.13r002"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .qt: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

I think that AOL companion will disappear on the next run as I stopped it from running after I ran the log.

Any other hints, tips or suggestions?

Really would like to learn more about this subject.

Thanks.
Logged

leonlojup

  • Guest
Help with IF01.exe problem
« Reply #23 on: July 24, 2005, 10:09:50 AM »
Got the Sygate firewall downloaded, installed and it is up and running as I type.  Really appreciate your suggesting it.

I tried yesterday to access Trend Mirco's Housecall, and after 2 hours of trying to get a summary I had to stop the program.  I will try again later today if I get the time.

Any other thoughts, comments would be appreciated.

Thanks again for all your hard work and effort.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help with IF01.exe problem
« Reply #24 on: July 24, 2005, 12:25:18 PM »
If you would like to analyze your own logs
Take a look at this link

http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm
http://www.bleepingcomputer.com/forums/tutorial42.html

Glad you installed Sygates'
It's a great program
I should of linked you to the homepage so you could of done some readup
But I didn't want you to install the newest version until there was a fix for the 98 problem
I don't believe it's been rectified as of yet

Trend Micro's is a good online scanner
But you could try one at Panda's or BitDefenders
The links are in my signature below
Post back the findings if any bad guys are found
« Last Edit: July 24, 2005, 12:26:17 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

leonlojup

  • Guest
Help with IF01.exe problem
« Reply #25 on: July 26, 2005, 08:42:35 PM »
I have some new issues with what I believe is this same problem.  I cannot run Adaware in Safe Mode.  I get an error "Fatal Exception 0D occurred at F000:00000GAB.  Application will be terminated".  Have never been able to run Adaware in SAFE MODE.  I unchecked the two options on the second page the one time I got that far.  Still no go.

I can run Grisoft and SpyBot in SAFE MODE and they run OK and show no errors.

I have had issues with the "CloseProgram" folder where I have to delete several programs and leave only Explorer and systray before I can get online.  I thought this was a one time thing, but seems now if I want to get online I have to open "closeProgram" and close all other programs to get online.  Any thoughts?

The programs are:
RNAAPP
SHWICON
AOLTRAY
GBMENU
STARTER

If you want me to post another HJT log let me know.  Any other items that you want done, just ask.

Thanks.
Logged
Pages: 1 [2]
« previous next »