Re: Spyware blaster causing main automation error(hijackThis log posted)

Discussion in 'adware, spyware & hijack cleaning' started by nickv_uk, Jun 4, 2004.

Thread Status:
Not open for further replies.
  1. nickv_uk

    nickv_uk Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    1
    Hello I am suffering a similar problem this is Hijack This log.

    Hope you can help Thanks Nick

    Logfile of HijackThis v1.97.7
    Scan saved at 02:12:42, on 05/06/04
    Platform: Windows 98 SE (Win9x 4.10.2222B)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\PWSTRAY.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\MSSQL7\BINN\SQLSERVR.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    D:\MY DOWNLOAD FILES\FXSASSER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.co.uk/news/en/uk/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~2\FDCATCH.DLL
    O2 - BHO: (no name) - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\PROGRAM FILES\COMPASS\CMPSIE.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe
    O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
    O4 - HKLM\..\Run: [Registry Crawler] C:\PROGRA~1\RCRAWLER\RCrawler.exe -TRAYONLY
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
    O4 - HKCU\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\RunOnce: [System Mechanic Registry Compact Handler] C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC 4 PROFESSIONAL\SYSMECH4.EXE /REMOVEREGCOMPACT
    O4 - Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
    O4 - Startup: Lmgrd.lnk = C:\FlexLM\LMGRD.EXE
    O4 - Startup: PCTime.lnk = C:\Program Files\PCTime\PCTime.exe
    O4 - Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe
    O4 - Startup: Pervassive - Btrieve Engine.lnk = C:\PVSW\Bin\W3dbsmgr.exe
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Homepage (HKCU)
    O9 - Extra button: BT (HKCU)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
     
    Last edited by a moderator: Jun 4, 2004
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi nickv_uk :)

    Welcome to Wilders.

    I split your HJT log off that other thread and moved it to the Hijack cleaning forum for better attention. ;)


    snowbound
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi nickv_uk,

    Download PrcView here: http://www.spywareinfoforum.com/~merijn/files/pv.zip and unzip it to the desktop.

    Be sure to have exactly 1 explorer window open, then double click on the runme.bat and choose option 1

    Repeat the procedure for 1 IE window and option 2

    Post the resulting logs.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.