Mom in Laws' HJT log.

Discussion in 'adware, spyware & hijack cleaning' started by BlackHawk66, Jan 17, 2004.

Thread Status:
Not open for further replies.
  1. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    Hello again, all:

    Installed all my favorite programs on the MILs' computer today (SB S&D, Spyware Guard, Spyware Blaster, AdAware, Zonealarm) and cleaned out a bunch of nasties.

    Was hoping to have someone look at a HijackThis! log of her computer to make sure nothing is lingering.

    Thanks..

    BlackHawk
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi BlackHawk66,

    Sure. No problem. Post the log and we'll have a look.

    Regards,

    Pieter
     
  3. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    Re: It's not easy getting old.

    Hi Pieter,

    I could understand if I had a drinking problem, but... :doubt:

    Logfile of HijackThis v1.97.7
    Scan saved at 5:21:23 PM, on 01/17/2004
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\OPERA7\OPERA.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\SECURITY\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/gw/home.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ext/gw/home.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jnsi.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
    = http://www.gateway.net
    O2 - BHO: SpywareGuard Download Protection -
    {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM
    FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Norton Auto-Protect]
    C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Zone Labs Client]
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [TrueVector]
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN
    MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: SpywareGuard.lnk = C:\Program
    Files\SpywareGuard\sgmain.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O14 - IERESET.INF: START_PAGE_URL=www.gateway.com
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
    - http://support.gateway.com/support/profiler/PCPitStop.CAB

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter
    Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Thanks again, Pieter. You really make me look smart. (Smart enough to come here, anyway. ;)
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi BlackHawk66,

    And smart enough to clean out a computer. No active nasties in sight. :)

    I would however install IE6 SP1 to tighten security up a bit more. SpywareBlaster will be able to keep the tracking cookies out as well (that part doesn't work for IE5)

    Regards,

    Pieter
     
  5. BlackHawk66

    BlackHawk66 Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    33
    Location:
    Great White North
    Re: IE6

    Hi Pieter,

    Will do on the IE 6. Don't use it myself so I rarely think about it.

    Major thanks.

    BlackHawk

    BTW - What do you think of St. Anger?
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Re: IE6

    I had to get used to it, but love it now. :)
    And you're welcome.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.