[Resolved] Hijack This log?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
Joined
Dec 9, 2000
Messages
45,855
That's your entire system32 file list???

And again, dvk01 is right, we are not seeing the RunOnce location of the Registry if this is an old HijackThis version.
 

TIII

Thread Starter
Joined
Oct 1, 2003
Messages
12
Its not the whole list just the most current dates.
My version is not the newest version I cant seem to find a link
to download a new one?
 

TIII

Thread Starter
Joined
Oct 1, 2003
Messages
12
Thanks for your help Rollin' Rog . Ill post a new Hijack log and start from scratch.


Logfile of HijackThis v1.97.2
Scan saved at 2:07:41 PM, on 10/1/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Honda\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [3ARD3CY5P2ZL#G] C:\WINDOWS\System32\KioiNq4.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
 
Joined
Dec 9, 2000
Messages
45,855
Well unless tunnel vision has got me in its grips again, it looks like all that is left is the orphan registry entry.

O4 - HKLM\..\Run: [3ARD3CY5P2ZL#G] C:\WINDOWS\System32\KioiNq4.exe

I'd check and "fix" that, reboot and keep your fingers crossed. Also, just for good measure, before rebooting

open a cmd prompt and enter:

del C:\WINDOWS\System32\KioiNq4.exe

Hopefully you will get a file not found message.
 

TIII

Thread Starter
Joined
Oct 1, 2003
Messages
12
Yep it seems to be gone thanks again.

What about this?O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab


Logfile of HijackThis v1.97.2
Scan saved at 2:24:08 PM, on 10/1/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Documents and Settings\Honda\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Glad that this one is solved , lets hope we can have the same good result with the others that have the same problem
 

TIII

Thread Starter
Joined
Oct 1, 2003
Messages
12
Logfile of HijackThis v1.97.2
Scan saved at 2:24:08 PM, on 10/1/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Documents and Settings\Honda\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

Im talking about this entry

http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Any O16 dpf can be removed safely, myspeedbar should go as it's not being used and isn't wanted also fix the updreg one as well it's a reminder to register a sound card, definitely not needed


O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/m...etup1.0.0.3.cab
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Nerocheck NeroCheck.exe

(Ahead Software) Background Task installed by Nero’s CD Burning software. Straight from Ahead software : "The NeroCheck program looks for known driver conflicts with our Nero software. So that when a Nero Log file is printed, at the very bottom of the Nero log file you will find a list of drivers we have found on your system that could be causing conflicts, if you are running into problems.".

Recommendation :
If Nero is working on your system then you do not need NeroCheck to run. Disable it with Starter unless you experience problems with Nero, in which case re-enable NeroCheck to see what the log file reports.


*********
You may want to stop that from running at each startup too.
 

TIII

Thread Starter
Joined
Oct 1, 2003
Messages
12
Thanks Derek

Should I run permanent IE immunity in spybot immunity tab

It also says permanently running bad dowload blocker for IE

Any advice on what to do with spybot or some other software
to prevent future problems would be great

Thanks Todd
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
running immunity and bad download blocker helps

but like anything it's the operator at the keyboard who has the most effect.

spybot's blockers work to a point, but if it isn't in it's database it can't block so don't rely on it to stop everything and be careful what you download.


Make sure your security settings in IE are correctly set especially active X downloads which should be at prompt for signed active X and disabled for UNSIGNED active X, that way you decide if you want to download not the scum who attempt to infect you.
 
Joined
Dec 9, 2000
Messages
45,855
Good to come back and see this fixed. I'm sure we saved at least 5 additional go-rounds on this with dvk01's timely heads-up.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top