Fresh reformat...fresh problems. HJT log.

Discussion in 'adware, spyware & hijack cleaning' started by BlackHawk66, Feb 9, 2004.

Thread Status:
Not open for further replies.
  1. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    Hello, all:

    Just reformatted my computer and am having a bad time of it. Hard lock-ups, blues screens, etc.

    Have run SB S&D, AdAware, Spyware Blaster.

    Did notice a folder in Explorer called "iGator", inside is an executable named "trickler3103_pic_fs_dmpt_3103"

    Could ya' have a look at my HJT log? I'm bummin'. :doubt:

    Thanks

    Logfile of HijackThis v1.97.6
    Scan saved at 9:42:52 PM, on 2/9/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\ESET\NOD32KRN.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ESET\NOD32KUI.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\OPERA7\OPERA.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\DOWNLOADEDPROGRAMS\SECURITY\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [NOD32kernel] C:\Program Files\Eset\nod32krn.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
     
  2. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    hey Blackhawk,

    are you sure you have posted the full HijackThis log??
    just check it.
     
  3. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    Hi.

    I am Mrs. Blackhawk. :D

    I just ran "Hijack This", myself, and got the exact same results as my hubby did, so I'm guessing it is the full log.

    Thanks again...
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Can you delete the iGator folder?
    The only possible problem I see in your log is that NOD is probably not checking your mail (IMON is not active)

    Regards,

    Pieter
     
  5. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    Hi, Pieter

    Deleted the iGator folder, and emptied the recycle bin. IMON is now active and I ran a new scan with the latest version of Hijack This. Like subratam said, looks kinda short......doesn't it o_O

    Logfile of HijackThis v1.97.7
    Scan saved at 9:47:56 AM, on 2/10/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\ESET\NOD32KRN.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ESET\NOD32KUI.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\OPERA7\OPERA.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\DOWNLOADEDPROGRAMS\SECURITY\HIJACK THIS 10FEB04\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [NOD32kernel] C:\Program Files\Eset\nod32krn.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

    This one >>>O10 - Broken Internet access because of LSP provider 'imon.dll' missing<<< says my programs will not be able to access the internet....yet I just updated NOD 32, SpywareGuard and downloaded the latest Hijack This. Only problem I am having there is getting skins for Opera.

    Anyway, Mrs. BlackHawk ran file checker this morning and found that "setupx.dll was corrupted. She restored it from the Windows disk and told me things have been running better. All of my problems seem to be with .dll's. msnp32.dll has really been a bugger. Tried to restore it to the Windows/System folder to no avail, still missing. So, I'm off to another forum to see if I can get these things networked.

    If there are any problems here, I'd appreciate you letting me know.

    Thanks, once again :)...

    BlackHawk
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi BlackHawk66,

    The fact that you did not have:
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    in your first log is the reason I knew IMON was not active. :D
    Don't worry about it. A known misunderstanding between NOD and HijackThis.

    About your log being short: I see a virusscanner and a firewall.
    That's enough to make me happy. :D
    Add SpywareGUard and you are using Opera in stead of IE and I'm practically jumping for joy.

    As you can tell it is one of the best logs I've seen all day.
    You keep everything updated and you should be fine.

    Regards,

    Pieter
     
  7. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    LOL

    I use what makes me happy.....Internet Explorer doesn't make me happy.

    Guess I just run a little lean on apps, eh. :D

    As always, thank you Pieter.
     
  8. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    BlackHawk,

    U r a penguin lover too :D ... hmm... looks like u are not someone who... is liked by the evils out thr in the web....

    cheers
     
  9. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    Hey, subratam...

    My "unpopular political leanings" and distaste for re-booting led an internet aquaintance to suggest I try Linux....Don't know whether to choke him or hug him. :D

    So far, not so good. Got Red Hat on a partition on this box with the wrong x86config file (I switched monitors and haven't been able to successfully reconfigure or save for the x-window system to work).

    The Windows install on the box which is the subject of this thread went critical and died yesterday..:'(Coincidentally, my Slackware box set, including "Slackware Essentials" arrived about an hour after the untimely event. A message from the great and all knowing Tux o_O

    Perhaps I will never know, but I'm not taking any chances. :D I will lock myself in here and not come out until I can do something more than edit lilo. :mad:

    I'm gonna be pasty this summer...

    Take care,

    BlackHawk
     
Thread Status:
Not open for further replies.