1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

(Solved) My Log

Discussion in 'Virus & Other Malware Removal' started by Bengaul, Apr 25, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Bengaul

    Bengaul Thread Starter

    Joined:
    Oct 22, 2003
    Messages:
    179
    Would anyone be so kind as to have a look at my HJT log, I have had a problem with spy/ad ware recently, and hope I am free of it now!

    Thanks.


    Logfile of HijackThis v1.97.7
    Scan saved at 6:36:29 PM, on 4/25/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOGWAT95.EXE
    C:\PROGRAM FILES\COMPUTERASSOCIATES\INOCULATEIT\ISRV95.EXE
    C:\PROGRAM FILES\COMPUTERASSOCIATES\INOCULATEIT\REALMON.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\ATI2CWAD.EXE
    C:\WINDOWS\SYSTEM\ATIPTKAD.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE
    C:\WINDOWS\DESKTOP\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\TEMP\ICSUPP95.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\BENDOC\HJT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.btopenworld.com/searchpane
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btinternet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
    F1 - win.ini: run=hpfsched
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.1.4.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LogWatch] C:\WINDOWS\LogWat95.exe
    O4 - HKLM\..\Run: [InoculateIT Scanning Service] C:\Program Files\ComputerAssociates\InoculateIT\isrv95.exe
    O4 - HKLM\..\Run: [InoculateIT Realtime Monitor] C:\Program Files\ComputerAssociates\InoculateIT\realmon.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [AtiCwd32] Ati2cwad.exe
    O4 - HKLM\..\Run: [AtiKey] atiptkad.exe
    O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [InterCheckMonitor] "C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" -minimised
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
    O4 - Startup: Microsoft Office.lnk = c:\WINDOWS\Application Data\Microsoft\Installer\{90170409-6000-11D3-8CFE-0050048383C9}\misc.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\WINDOWS\Desktop\Winzip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/01d684ac8802fad58516/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37939.4011226852
     
  2. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Bengaul
    It also seems you also have a problem with a trojan on your system...
    C:\WINDOWS\TEMP\ICSUPP95.EXE

    The ICSUPP95.EXE is associated with several differently named trojans and what also makes it suspicious is it is running from a temp file.

    You may want to see if you can run and Online virus scan Found Here

    If it finds anything let it help you fix it.

    Here is one of the trojans that use ICSUPP95.EXE tab
    http://www.f-secure.com/v-descs/bagle_w.shtml

    If for some reason you cannot run the scanner come back and we will see what else we can try.

    Dave
     
  3. Bengaul

    Bengaul Thread Starter

    Joined:
    Oct 22, 2003
    Messages:
    179
    Hi did what you said, took a while!

    File is still there. Should I just delete it from my temp folder?
     
  4. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Bengaul
    Yes try that and lets see if it by chance creates a nag from some other program trying to load it and saying that it cannot be found.
    If the file is gone and no nag then rerun HiJack and see if it is not listed.

    Dave
     
  5. Bengaul

    Bengaul Thread Starter

    Joined:
    Oct 22, 2003
    Messages:
    179
    Yep somethings useing it! It wont let me get rid of it. What should I do now??
     
  6. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Start in Safemode by restarting system and keep tapping the F8 key until selection screen appears then select safemode.
    Try deleting it now.

    Dave
     
  7. Bengaul

    Bengaul Thread Starter

    Joined:
    Oct 22, 2003
    Messages:
    179
    Thats got it!! Many thanks for your help.
     
  8. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Bengaul

    Good! Hopefully we will not see much of that one on your system again!

    Take care and will consider matter solved.

    Dave
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223718

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice