Help with Hijack Log

Discussion in 'adware, spyware & hijack cleaning' started by infini, Jan 5, 2004.

Thread Status:
Not open for further replies.
  1. infini

    infini Registered Member

    Joined:
    Oct 11, 2002
    Posts:
    111
    This is my lgo after running hijack. The version of internet explorer is not mentioned because i uninstaled it. Do you know if there is an option in winsock to show strange or missing files?


    Logfile of HijackThis v1.97.7
    Scan saved at 4:08:25 μμ, on 5/1/2004
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Unable to get Internet Explorer version!


    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\MYFILES\2XEXPLORER\2XEXPLORER.EXE
    C:\HIJACKTHIS.EX


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Infini

    That's quite a brief log you got :)

    I'm not sure how to guide you on the Winsock question so stick around for further input from some of our experts. Regarding your HJT log, I would suggest closing all other apps/windows and selecting and fixing the following

    O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o

    This utility is when upgrading from Win3.1/WFW to 95/98 and should not be needed to be envoked on your machine

    Regards,

    Dan
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi infini,

    An easy to use program to have a quick look at the winsock is LSPfix from http://www.cexx.org/lspfix.htm

    I do have a list of programs adding files to the winsock somewhere. Let me know if you need it. I would have to do some digging.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.