|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
01-22-2005, 02:12 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2005
Posts: 2
OS: Win98
|
HiJack This Log - Please help
Hello,
This is the result of my latest HiJack This log. I've done nothing to my system because I don't have enough confidence to delete anything. Any help with the log would be greatly appreciated. Thanks very much. Tanus Logfile of HijackThis v1.99.0 Scan saved at 4:53:04 PM, on 1/22/05 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\WS_FTP PRO\FTPSCHED.EXE C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE C:\WINDOWS\SYSTEM\MSDTCW.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\Tools_95\Register\REMIND.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\PWSTRAY.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE C:\PROGRAM FILES\WS_FTP PRO\FTPQUEUE.EXE C:\WINDOWS\SYSTEM\3CMLNKW.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\TOOLS_95\IMGICON.EXE C:\PROGRAM FILES\COAST\COAST WEBMASTER 5.0\WEBMON.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://localhost/ F1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRA~1\WS_FTP~1\WSBHO2K0.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX (file missing) O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [PWSTray] PwsTray.exe O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s O4 - HKLM\..\Run: [ftpqueue] C:\PROGRAM FILES\WS_FTP PRO\ftpqueue.exe -tray O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start O4 - HKLM\..\RunServices: [ftpqueue] C:\PROGRAM FILES\WS_FTP PRO\FTPSCHED.EXE O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exe O4 - Startup: Windows Explorer.lnk = C:\WINDOWS\EXPLORER.EXE O4 - Startup: COAST WebMonitor.lnk = C:\Program Files\COAST\COAST WebMaster 5.0\WebMon.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab |
|
     
|
|
01-22-2005, 02:15 PM
|
#2 (permalink) |
|
Knower of all that is MS
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro
|
It looks pretty clean. Do you have a specific complaint?
====== Some tools to run: Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.
__________________
 GO BIG BLUE!! |
|
|
|
|
01-22-2005, 02:33 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jan 2005
Posts: 2
OS: Win98
|
Thank you for your almost immediate reply and analysis.
I'll be downloading the recommendations you made, but in the meantime I'll answer your question about specific complaintes. I've not been able to get MSN Messenger running for some time and suspected some malware on my system. A scan by Bazooka turned up a couple of things but Lavasoft really showed up a lot of items which I've deleted. Because there were so many items detected, I got suspicious that there may be more impeding the MSN operation, and ran Hijack this to see what else was there. However, if you think the log is clean, I'll just keep going in a different direction and try something else. Thaks again. Tanus |
|
|
|
|
01-22-2005, 02:43 PM
|
#4 (permalink) |
|
Knower of all that is MS
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro
|
Well, to be a bit more certain.....
Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies.
__________________
GO BIG BLUE!! |
|
|
|
|
| Thread Tools | |
|
|
