Hello, was wondering if this is a normal occurance or is someone messing with my PC.

Thurs. night I downloaded the trial version of Pest Patrol to test it out. Scanned the HDD and it brought up all kinds of stuff. Probably around 14 to 16 pests and whatever (not all were adware). As this is a trial version it cannot quarantine or delete so I figured I would run it again after I got home from work Fri., copy everything down then manually remove them.

Did a full scan when I got home and it detected only two (2) threats. Both adware.
Do so many just die when you shut down? Or would someone have to remove them?
I wish I had copied all the names then.

I am running Zone Alarm Pro, the latest version of SpyBot S & D, and the anti-virus program with Fix-It Utilities.
All recently updated.

Also what would cause the font in notepad to just suddenly change? When I started to type in it Fri. evening the font was set to 'fixedsys'. I have never used anything other than 'Times New Roman' since when I first ever used notepad.
Is someone messing with this? That's the first time I've ever seen that happen.

I do know the people who take care of this apt. building take the liberty to go into homes when they want while people
are at work.


Here's my HJT log. doesn't look like much, but what do I know.

Logfile of HijackThis v1.97.7
Scan saved at 7:32:08 PM, on 4/25/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\VCOM\FIX-IT\MXTASK.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MEMOKIT\MEMOKIT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\Run: [RCScheduleCheck] C:\PROGRAM FILES\VCOM\RECOVERY COMMANDER\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\FIX-IT\MEMCHECK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Fix-It.lnk = C:\Program Files\VCOM\Fix-It\mxtask.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37987.2332291667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\Corel\Bryce 5\Help\wwhelp2.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

thanks in advance for any responses or ideas.
cyberstuck

I do know the people who take care of this apt. building take the liberty to go into homes when they want while people
That is illegal, check your lease.

WIN98 has no real protection against someone turning on a PC and running it. I would perhaps set a BIOS password on the system to prevent use if that is your concern.

Pest Patrol has problems with false positives.
I use Adaware v6.0, Spybot S&D v1.2, SpywareBlaster v3.0, and IE-Spyads, A-squared trojan finder, ZA free firewall, and more.

Someone will read your HJT log and comment. Please do not try to fix anything until they comment and advise safe removals.

thanks for the reply.

next to Napa huh? how 'bout that, I'm next to Hollywood....(Fl.)
Yeah, Windows 98 is a joke as far as any kind of security.

I think you're right about the Pest Patrol issue. Started to scan with SpyBot when it informed me PP would detect a couple of things that should probably be ignored. Just find it strange that Pest Patrol would find so many threats when first run, then the next evening find only two adware programs.

thanks again

I didn't check all your Running Processes closely, but your HJT log looks clean. I would suggest sticking to Spybot and AdAware. PestPatrol is famous for false positives and it just isn't worth the anxiety it causes....

[QUOTE]Originally posted by cyberstuck
[B]

I do know the people who take care of this apt. building take the liberty to go into homes when they want while people
are at work.
_________________

#1. You can disable your computer by taking either the power cord or the monitor cord with you to work. Take both to work if you're comfortable with the gymnastics of doing that everyday. If you're not comfortable with that, go by the local geek shop and ask them if they have a faulty or broken mouse or keyboard you could have and tell them why--if they are true to form they will help you in any way the can. I would. I like to think we all would. If you're comfortable doing it-- if you can--just disable the mouse at night before you shut down or before you leave. (I dk how to do that on Win 98se, I'm Win Me)

#2. Talk to your local police precinct community relations program, and they can probably tell you (a) where you can hook up with tennants rights group, and (b) where you can rent a minicam with a motion sensor. . . one of those spy equipment shops. . .all kinds of toys. . . .

I'd also buy and install an interior flip-down door stop and a can of irridescent spray paint, and keep it handy, by the bed. . . .wherever. I despise that kind of insidious bs.....

Doesn't Win98se have an on/off password for the screen saver?

One other thing, depending on whether or not you have IE set to dump the cache on exit PP (and any other scanner) could detect more if you did the scan with IE open and while online.

Thanks for the input.

Hey Donn, know where I can pick up a used Howitzer?

Originally posted by cyberstuck
Thanks for the input.

Hey Donn, know where I can pick up a used Howitzer?

Now now, let's think of the innocents......and besides, unless you use smokeless powder those things tend to set off the smoke alarms. . . .

Best bet is a broken mouse or keyboard and put the good ones somewhere safe or in the trunk of the car. Good luck, as above. . .

Now now, let's think of the innocents......and besides, unless you use smokeless powder those things tend to set off the smoke alarms. . . .

yeah, and they're loud too! Just kidding though.
thanks again for the tips

Personally I would think a phaser (set to stun), some strong stimulants and about 96 hours worth of Disney movies would work.......

Originally posted by mjc
...about 96 hours worth of Disney movies would work.......

:eek: :eek:

How cruel! I'm allerting the mods over this :mad:

:D ;)

mjc is a mod and I think 96 hours of disney is a bit tame let's try 96 hours of sesame street

5 minutes of 'Home and Away' (Or any australian soap for that matter) and you can have most people screaming "Dear lord someone please shoot me!":p

Originally posted by tweeky
mjc is a mod and I think 96 hours of disney is a bit tame let's try 96 hours of sesame street

No dissin' da Sesame Street! Bigbird rocks! :D

Muppet show is cool too... ;)

Originally posted by mjc
Personally I would think a phaser (set to stun),

I never realised Xerox printers (http://www.fujixerox.com.au/products/office_product.jsp?features=colour%20print&id=249) had a stun setting. How innovative.:eek:

Originally posted by Abbadon
Bigbird rocks!

Personally I prefer the SnuffleUpagus. (Or however you spell that whacky critters name).:D :D

Originally posted by pave spectre
5 minutes of 'Home and Away' (Or any australian soap for that matter) and you can have most people screaming "Dear lord someone please shoot me!"

I watch home and away and neighbours and I don't want to shoot myself. :)

Originally posted by Abbadon
Bigbird rocks!

I can't stand big bird, I've also heard they use sesame street as a form of torture to get prisoners to confess and as a form of brainwashing. :D :D :D :D

Just make them read the "Nothing to say" thread over and over again for three Months.

If they were not completely insane by then, they would surely be on their knees begging for mercy. :p

Or, Press any key till I return you ""sob"" :D :D ;)

Stefanus :cool:

best security is to take the hdd out, easy with a removable bay.

;)

Originally posted by pave_spectre


I never realised Xerox printers (http://www.fujixerox.com.au/products/office_product.jsp?features=colour%20print&id=249) had a stun setting. How innovative.:eek:



No one did. . . until they revealed it to us.

Originally posted by mjc
One other thing, depending on whether or not you have IE set to dump the cache on exit PP (and any other scanner) could detect more if you did the scan with IE open and while online.

I did PP with IE open on line. Still (2nd time this week) gives me a bogus read on netPal and CWS.GoogleMS.3. I checked the registry key it indicated for--it isn't there...no evidence of either in search or in HJT log. I don't have any symtoms either, pages turning a bit slow, but that comes and goes. Adaware, Spybot...data miners only.

Originally posted by cyberstuck
Hello, was wondering if this is a normal occurance or is someone messing with my PC.



Check out this thread and see if one of these programs will secure the box for you, check out the last post for '1st Guard Security':

http://www.pcguide.com/vb/showthread.php?s=&threadid=29418