1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

tell me im clean - HT log check

Discussion in 'Virus & Other Malware Removal' started by abbyk, Sep 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    Hello everyone,

    I cleaned up a friends pc with ur help, thought u could check the HT log 4 my own pc to make sure spybot & ad-aware missed nothing.

    Logfile of HijackThis v1.96.4
    Scan saved at 04:01:18, on 16/09/03
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\CNXDSLTB.EXE
    C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE
    C:\WINDOWS\SYSTEM\HFFSRV.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\WINDOWS\SYSTEM\CnxDslTb.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [HFFSRV.EXE] C:\WINDOWS\SYSTEM\HFFSRV.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM FILES\STAR DOWNLOADER\sdie.htm
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...www.thermaltake.com/3d/xaserIII/xaserIII.html
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37875.801087963

    Big thankU in advance
    abbyk
     
  2. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Hi abbyk ,

    superwebsearch is a Home Page Hijacker , Close all browser windows , Scan Hijack This , put a check in the following and hit fix ,

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/

    Shutdown & Reboot your computer

    Next , Download SpywareBlaster v2.6.1 and SpywareGuard v2.2 for the prevention of both Spyware Active X installation and running , and Browser Hijacking protection in real-time http://www.wilderssecurity.net/index.html

    Good luck
     
  3. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    Hey willdo BlueSpruce - thanks

    4 my knowledge can u tell me how this hijacker works ?

    I have google as my homepage always and dont seem to have any hijack/redirected stuff going on.


    abbyk
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
  5. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    Hello again $teve :)

    I thought at 1st the link u posted wasnt relevent to my query on the http://www.superwebsearch.com/ie/ entries, but maybe it is.

    Are you suggesting that was some kind of spyware tracker ?

    And thanks 4 noticing no AV in the log. I do use AVG6 but prefer to run it manually. The fewer background processes the better, eh ?

    abbyk
     
  6. abbyk

    abbyk Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    541
    Just uncovered a clue to why and what the supersearch is about.

    It seems a freeware/adware app called indexview or index-dat viewer ( which i remember testing 4 a friend) was the cause.

    Check the penultimate post at http://beta.experts-exchange.com/Operating_Systems/Win98/Q_20704657.html

    I never use the IE search toolbar anyway, but that would have invoked the supersearch adware redirect.

    Am I getting warm ?

    abbyk
     
  7. Metallica

    Metallica Malware Specialist

    Joined:
    Jan 28, 2003
    Messages:
    692
  8. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
  9. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    abby..yes,your very warm;)
     
  10. Metallica

    Metallica Malware Specialist

    Joined:
    Jan 28, 2003
    Messages:
    692
  11. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    thats what i thought.
    (y)
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165140

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice