I moved this to the Security forum and got rid of your other post where you forgot to attach the scan log. I'm on my way out the door but someone should be along to help you soon ... Good luck ...
-
IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
OOPS! Hijack scan info continued...
(*BLUSH!) I feel awefully intelligent. I guess in order to get help with what I need to do with the info I scanned with HI, I should post it shouldn't I. (Talk about a BrainFahrtte!)
Here it is:...
Logfile of HijackThis v1.96.4
Scan saved at 6:53:12 PM, on 08/09/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\TABLET.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\PROGRAM FILES\EPSON\INK MONITOR\INKMONITOR.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 9.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\VISIONEER ONETOUCH\ONETOUCHMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\IISYSTEM WIPER\SYSTEMWIPER.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\OFF THE WEB\HIJACK THIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiSAudio] C:\WINDOWS\SYSTEM\MP_S3.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashserv.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\RunOnce: [ICQ] C:\PROGRAM FILES\ICQ\ICQ.EXE -trayboot
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/ScanFile.CAB
Thanx again.
Here it is:...
Logfile of HijackThis v1.96.4
Scan saved at 6:53:12 PM, on 08/09/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\TABLET.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\PROGRAM FILES\EPSON\INK MONITOR\INKMONITOR.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\TEXTBRIDGE PRO 9.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\VISIONEER ONETOUCH\ONETOUCHMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\IISYSTEM WIPER\SYSTEMWIPER.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\OFF THE WEB\HIJACK THIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiSAudio] C:\WINDOWS\SYSTEM\MP_S3.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [Tablet] C:\WINDOWS\SYSTEM\Tablet.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashserv.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\RunOnce: [ICQ] C:\PROGRAM FILES\ICQ\ICQ.EXE -trayboot
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/ScanFile.CAB
Thanx again.
- Status
- Not open for further replies.
1 - 5 of 5 Posts
It's just a guess (since I've been stung by this before), that is if I understand your post correctly, but have you already started a post with a problem, and now you're starting another thread regarding the same problem?
I notice that you have started another thread entitled 'Kazaa & Internet speed' where e-liam asked you to post you HT log.
Please keep problems in one thread as double posting is confusing, and aggrevating for those trying to help since 2 people might end up fixing the same problem.
[edit: it seems that Bryan, you got there before me]
I notice that you have started another thread entitled 'Kazaa & Internet speed' where e-liam asked you to post you HT log.
Please keep problems in one thread as double posting is confusing, and aggrevating for those trying to help since 2 people might end up fixing the same problem.
[edit: it seems that Bryan, you got there before me]
I'm still new at this thing. Actually, I didn't even think you could continue in the same post. (Wasn't really watching <my bad>) Thanks for letting me know.
Re: Internet/Kazaa speed: I already had spybot, etc. installed and used. Found out that I had way too many things running and also my PC needed defragging. Also, I didn't know that Kazaa had an option to seek for other download sources when I right clicked on an item I was downloading. After I did this a few times, I noticed my download speeds got higher - at times from 14Kb/sec. to over 80Kb/sec. (Sometimes the simplest solutions are the best LOL)
I still need info on what to and what not to check off in my hijack this scan results, but from what I have seen so far, alot of you guys really know what you're talking about and I am grateful for that. Considering all the @#$%'s on line who want nothing more than to cause grief, it's great to have a site with people who are serious about helping one another. Thanx.
Re: Internet/Kazaa speed: I already had spybot, etc. installed and used. Found out that I had way too many things running and also my PC needed defragging. Also, I didn't know that Kazaa had an option to seek for other download sources when I right clicked on an item I was downloading. After I did this a few times, I noticed my download speeds got higher - at times from 14Kb/sec. to over 80Kb/sec. (Sometimes the simplest solutions are the best LOL)
I still need info on what to and what not to check off in my hijack this scan results, but from what I have seen so far, alot of you guys really know what you're talking about and I am grateful for that. Considering all the @#$%'s on line who want nothing more than to cause grief, it's great to have a site with people who are serious about helping one another. Thanx.
First you seem to have a virus.
Kernel32.exe Added as a result of a number of VIRUSES - such as BABYLONIA, KERNEL and HOOKER
I have no experience with Avant! AntiVirus, but make sure definitions are up to date!
Run an online virus scan at http://housecall.trendmicro.com/
If you have BugBear infection as I suspect get this onto your hard drive somewhere Bug Bear Removal Tool and then run it in the safe mode.
Back to your HT log. Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
SiS KHooker khooker.exe SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs. Go to MS Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Kernel32.exe Added as a result of a number of VIRUSES - such as BABYLONIA, KERNEL and HOOKER
I have no experience with Avant! AntiVirus, but make sure definitions are up to date!
Run an online virus scan at http://housecall.trendmicro.com/
If you have BugBear infection as I suspect get this onto your hard drive somewhere Bug Bear Removal Tool and then run it in the safe mode.
Back to your HT log. Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
SiS KHooker khooker.exe SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs. Go to MS Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
1 - 5 of 5 Posts
- Status
- Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
