|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
07-03-2004, 11:10 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2004
Location: Colorado
Posts: 14
OS: 98
|
please check Hijack this log
I am not having any real problems with this machine, it just seems to be running a little slow and the sys. resources are at about 62. I have run Adaware and S&D, and AVG. The programs only found a few tracking cookies. Some lines on the Hijack report look supicious to me
Logfile of HijackThis v1.97.7 Scan saved at 11:05:49 AM, on 7/3/04 Platform: Windows 98 SE (Win9x 4.10.1998A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE E:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE E:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\POPUPKILLER.EXE C:\PROGRAM FILES\ISP50\BIN\PPSHARED.EXE C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE E:\PROGRAM FILES\POWERARCHIVER\POWERARC.EXE E:\TEMP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {AE86E781-E157-11D7-B6C0-444553540000} - C:\WINDOWS\SYSTEM\MOZ030715S.DLL O2 - BHO: (no name) - {AE86E782-E157-11D7-B6C0-444553540000} - C:\WINDOWS\SYSTEM\LSALRK.DLL O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\PROGRAM FILES\ISP50\BIN\BANDOBJECT.DLL O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - E:\PROGRA~1\ASHAMPOO\ASHAMP~1\POPUP.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\SYSTEM\PPCRunOnce.exe O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] E:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\PopUpKiller.exe O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "Bob de C" O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "Bob de C" O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.2424537037 O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab Thanks for looking it over. |
|
     
|
|
07-03-2004, 04:17 PM
|
#2 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,957
OS: Vista Home Premium, SP 27
|
You're welcome.
O2 - BHO: (no name) - {AE86E781-E157-11D7-B6C0-444553540000} - C:\WINDOWS\SYSTEM\MOZ030715S.DLL O2 - BHO: (no name) - {AE86E782-E157-11D7-B6C0-444553540000} - C:\WINDOWS\SYSTEM\LSALRK.DLL O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file) Open a new HJT log and check all of the above to be fixed. Then, with all windows closed, click "fix checked". As some of the files or folders you need to delete may be hidden do this: Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders", then “OK”. Next, please boot into safe mode, (see here for info if needed) and delete the entire contents of the C:\Windows\Temp folder, but not the folder itself. Next please find and delete the following bolded entries… None Then please reboot back into normal mode and go here and run the online virus scan. Please select the Autoclean option when prompted. Then please reboot once more and post a new log. |
|
|
|
|
| Thread Tools | |
|
|
