Mom in Laws' HJT log.

Discussion in 'adware, spyware & hijack cleaning' started by BlackHawk66, Jan 17, 2004.

Thread Status:
Not open for further replies.
  1. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    Hello again, all:

    Installed all my favorite programs on the MILs' computer today (SB S&D, Spyware Guard, Spyware Blaster, AdAware, Zonealarm) and cleaned out a bunch of nasties.

    Was hoping to have someone look at a HijackThis! log of her computer to make sure nothing is lingering.

    Thanks..

    BlackHawk
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi BlackHawk66,

    Sure. No problem. Post the log and we'll have a look.

    Regards,

    Pieter
     
  3. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    Re: It's not easy getting old.

    Hi Pieter,

    I could understand if I had a drinking problem, but... :doubt:

    Logfile of HijackThis v1.97.7
    Scan saved at 5:21:23 PM, on 01/17/2004
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\OPERA7\OPERA.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\SECURITY\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/gw/home.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ext/gw/home.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jnsi.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
    = http://www.gateway.net
    O2 - BHO: SpywareGuard Download Protection -
    {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM
    FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Norton Auto-Protect]
    C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Zone Labs Client]
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [TrueVector]
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN
    MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: SpywareGuard.lnk = C:\Program
    Files\SpywareGuard\sgmain.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O14 - IERESET.INF: START_PAGE_URL=www.gateway.com
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
    - http://support.gateway.com/support/profiler/PCPitStop.CAB

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter
    Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Thanks again, Pieter. You really make me look smart. (Smart enough to come here, anyway. ;)
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi BlackHawk66,

    And smart enough to clean out a computer. No active nasties in sight. :)

    I would however install IE6 SP1 to tighten security up a bit more. SpywareBlaster will be able to keep the tracking cookies out as well (that part doesn't work for IE5)

    Regards,

    Pieter
     
  5. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    Re: IE6

    Hi Pieter,

    Will do on the IE 6. Don't use it myself so I rarely think about it.

    Major thanks.

    BlackHawk

    BTW - What do you think of St. Anger?
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Re: IE6

    I had to get used to it, but love it now. :)
    And you're welcome.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.