Help with Hijack Log

Discussion in 'adware, spyware & hijack cleaning' started by infini, Jan 5, 2004.

Thread Status:
Not open for further replies.
  1. infini

    infini Registered Member

    Joined:
    Oct 11, 2002
    Posts:
    110
    This is my lgo after running hijack. The version of internet explorer is not mentioned because i uninstaled it. Do you know if there is an option in winsock to show strange or missing files?


    Logfile of HijackThis v1.97.7
    Scan saved at 4:08:25 μμ, on 5/1/2004
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Unable to get Internet Explorer version!


    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\MYFILES\2XEXPLORER\2XEXPLORER.EXE
    C:\HIJACKTHIS.EX


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Infini

    That's quite a brief log you got :)

    I'm not sure how to guide you on the Winsock question so stick around for further input from some of our experts. Regarding your HJT log, I would suggest closing all other apps/windows and selecting and fixing the following

    O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o

    This utility is when upgrading from Win3.1/WFW to 95/98 and should not be needed to be envoked on your machine

    Regards,

    Dan
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi infini,

    An easy to use program to have a quick look at the winsock is LSPfix from http://www.cexx.org/lspfix.htm

    I do have a list of programs adding files to the winsock somewhere. Let me know if you need it. I would have to do some digging.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.