Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Is my log clean ? [RESOLVED]


  • This topic is locked This topic is locked

#1
Streamsz

Streamsz

    Member

  • Member
  • PipPip
  • 30 posts
I just formatted my c: HD and reinstalled Win98 SE to start with a clean system.
After only a couple of hours needed to download the various progs listed in the "You must read this..." post, Ad-Aware was already finding major threats !

Can you tell me if the following Hijack This log is clean ?

I am also concerned by the presence of the loadqm and msnappau processes (apparently installed by MSN) : are they perfectly sure ? Also, are they necessary ?

Thank you very much


Logfile of HijackThis v1.99.1
Scan saved at 18:51:04, on 9/09/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\FR-BE\MSNAPPAU.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SKYR@CER UTILITY\WLANMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\NETTOYAGE\HIJACK THIS\HIJACKTHIS1991.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\FR-BE\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Nettoyage\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\FR-BE\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\fr-be\msnappau.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Skyr@cer Configuration Utility.lnk = C:\Program Files\Skyr@cer Utility\WLANMON.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab

Edited by Streamsz, 09 September 2005 - 12:59 PM.

  • 0

Advertisements


#2
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Streamsz,

Your log looks clean. :tazz:

However, to double check, please run this online scan, save the results and post them here:

http://www.pandasoft.../activescan.htm

As for msnappau.exe and loadqm.exe, if you want to fix them open HijackThis and click Scan. Put a check next to the ones you'd like to fix:


O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\fr-be\msnappau.exe" Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to "update" the toolbar. Complete waste of resource.
O4 - HKLM\..\Run: [LoadQM] loadqm.exe Installed with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. So you may need it if you use MSN Explorer, otherwise not needed.

Close all other windows except HijackThis and click Fix Checked. Reboot.

Then please post the Panda results for me..
  • 0

#3
Streamsz

Streamsz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Armo

Thanks for your reply.
I ran Panda ActiveScan but I could not find the way to save results :tazz:
In any case the scan found no virus or other malware...

If I use Hijack This to remove msnappau and sthg goes wrong, is there a way to restore things as they were before ?

Thanks again
  • 0

#4
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Streamsz,

Sure, HijackThis saves backups of fixes as long as it's in a permanent folder. That's why we insist on users saving it into a permanent folder.

To restore the backups:[list]
[*]Open HiJackThis
[*]Click on "View the list of Backups"
[*]Place a check mark next to the item to restore
[*]Click Restore
[*]Click Yes
[*]Reboot your computer

You couldn't save Panda results cause there was nothing to save, since it didn't find anything.. :tazz:
  • 0

#5
Streamsz

Streamsz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Armo

Thank you for your help and advice.
I think you can now CLOSE this topic :tazz:

All the best
  • 0

#6
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please take the following into consideration to maintain a clean computer.

Now you should go get a firewall. Pick one of these, they are all free.

Zonealarm
Sygate

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#7
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP