Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Windows 95/98 > Hijack result help please

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Hijack result help please

Reply to Message Icon

Name: travipper
Date: February 5, 2004 at 14:30:27 Pacific
OS: 98se
CPU/Ram: intel 64
Comment:

Hello everyone. Could you check my log please as I'm not sure what needs removal.
I constantly use and update Adaware, spybot, CWShredder, cygate, AVG.
Many thanks.

Logfile of HijackThis v1.97.3
Scan saved at 11:20:48, on 6/02/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe
C:\PROGRAM FILES\GENIUS NETSCROLL + SERIES MOUSE\MOUSEELF.exe
C:\WINDOWS\SYSTEM\HPZTSB06.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
E:\MAILWASHER\MAILWASHER.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
E:\HIJACKTHIS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe"
O4 - HKLM\..\Run: [mouseElf] C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe
O4 - HKLM\..\Run: [Deskup] e:\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.exe -startgui
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM FILES\STAR DOWNLOADER\sdie.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security1.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37863.7174189815
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {774EB36D-C105-40CE-B6F7-8EBC0438B37B} (rcimport.rcemailctl) - http://jobs.realcontacts.com/rcemailctl.cab




Sponsored Link
Ads by Google

Response Number 1
Name: travipper
Date: February 5, 2004 at 14:32:41 Pacific
Reply:

Whoops! Sorry. shouldn't have posted this should I.


0

Response Number 2
Name: beansoup
Date: February 5, 2004 at 15:20:54 Pacific
Reply:

Hi ripper,

LOL Yeah, I think Comp.net, only wants it posted if someone asks for it:-) Stuff happens....Are you having problems??
Being that it's posted, I'll give my 2 cents..It looks okay to me...The thing I do is get a bunch of stuff into the "Ignore" list.( In HJT) Keeps the log slimmer...Anything your familiar with can go there..That way HJT won't put it in the log, everyime you run HJT...Makes life easier:-)If I get them, I dump the R's, 02's, 016's..

The list below can be found in HJT info tab..

The different sections of hijacking possibilities have been separated into these groups:
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols
O19 - User stylesheet hijack

You can get more detailed information about an item by selecting it from the list of found items or highlighting the relevant line above, and clicking 'Info on selected item'.

Good luck

beansoup


0

Response Number 3
Name: travipper
Date: February 5, 2004 at 15:49:14 Pacific
Reply:

Hi beansoup. Good to see you again. Thanks for this.
Any ideas on my "CD won't" post?
Cheers.


0

Response Number 4
Name: travipper
Date: February 5, 2004 at 15:58:31 Pacific
Reply:

I meant "CD nothing" post.


0

Response Number 5
Name: beansoup
Date: February 5, 2004 at 15:59:55 Pacific
Reply:

Same here ripper:-)

I assume you already checked the ribbon cable and MOBO connections..It is the secondary IDE? Anything else on the ribbon? If you have a burner, it should be Master=burner, and CD=slave...For starters..I'll see if I can find your original post..

beansoup


0

Related Posts

See More



Sponsored Link
Ads by Google
Reply to Message Icon

Teranews Problem explorer error message



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Windows 95/98 Forum Home


Sponsored links
Ads by Google


Results for: Hijack result help please
Help Please trojans adaware www.computing.net/answers/windows-95/help-please-trojans-adaware/162116.html

Dual Boot help PLEASE!!! www.computing.net/answers/windows-95/dual-boot-help-please/11636.html

new laptop w /w98....help please!!! www.computing.net/answers/windows-95/new-laptop-w-w98help-please/132146.html