1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack This Log for your perusal - tia!

Discussion in 'Virus & Other Malware Removal' started by Carolinamom1, Apr 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Carolinamom1

    Carolinamom1 Thread Starter

    Joined:
    Mar 8, 2004
    Messages:
    120
    Hey cool dudes!! ;)

    Had an odd thing pop up trying to access via Zone alarm today. Ran spybot and adaware with $teve's custom settings as noted in sticky.

    Can someone give me an a-ok on my HiJack This log?

    Thanks so much -

    Logfile of HijackThis v1.97.7
    Scan saved at 3:16:11 PM, on 4/21/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\OUTLOOK.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\WINWORD.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE

    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37904.6313657407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Leslie

    If you are going to be underestimated by people who speak more rapidly, the temptation is to speak slowly and strategically and outwit them. ----Doris Betts, on the Southern drawl
     
    Carolinamom1, Apr 21, 2004
    #1
  2. raybro

    raybro

    Joined:
    Apr 26, 2003
    Messages:
    5,836
    Looks good to me Leslie. Here are some things you can do to help stay clean:

    I advise the following to help prevent reinfection:

    You already have Spybot installed. It has an Immunize feature which will stop a lot of nasties from being installed on your computer. To activate it, open Spybot and click the Immunize icon in the left pane. Now click the Immunize button in the right pane.

    Next, download SpyWareBlaster Here. Install it and open the program. Click the Updates button and download the latest updates. While on the "Status" page, Now click the "Enable All Protection" link near the bottom of the window. This program will now be running in the background and adding to the protection provided by Spybot's Immunize feature for ActiveX nasties.

    Next, download IE-SPYAD Here. Follow the installation instructions on the site. This little item will install a TON of URL's in IE's Restricted sites list, thereby preventing your computer from accessing known bad sites from which nasties can be installed.

    Also, be very sure you have installed all the latest Critical Updates from the Windows Update site.

    You may also want to take a look at This thread.
     
    raybro, Apr 21, 2004
    #2
  3. Carolinamom1

    Carolinamom1 Thread Starter

    Joined:
    Mar 8, 2004
    Messages:
    120
    I appreciate all the help - I have Spywareblaster, will get updates.

    Thanks again - hope you have a great evening. ;)
     
    Carolinamom1, Apr 21, 2004
    #3
  4. raybro

    raybro

    Joined:
    Apr 26, 2003
    Messages:
    5,836
    Thanks - Already have had a great evening. Bedtime. Night... ;)
     
    raybro, Apr 21, 2004
    #4
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Hijack perusal
  1. bj nick

    New Laptop plagued by browser hijacker....help!

    bj nick, Nov 2, 2019, in forum: Virus & Other Malware Removal
    Replies:
    0
    Views:
    150
    bj nick
    Nov 2, 2019
  2. jspencer1985

    In Progress Please help, trying to figure out hijack

    jspencer1985, Jan 13, 2019, in forum: Virus & Other Malware Removal
    Replies:
    1
    Views:
    679
    askey127
    Jan 19, 2019
  3. PhoenixNEW

    New Possible hijacking of my PC by some nefarious people

    PhoenixNEW, Jan 6, 2019, in forum: Virus & Other Malware Removal
    Replies:
    0
    Views:
    389
    PhoenixNEW
    Jan 6, 2019
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222644

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice