hijack this log

[roovers]

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 9:33:57 PM, on 7/5/05

 

 

 

Platform: Windows 98 SE (Win9x 4.10.2222A)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

 

 

 

C:\WINDOWS\SYSTEM\MSGSRV32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\SPOOL32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\MPREXE[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\MSTASK[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\KB891711\KB891711[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\SSDPSRV[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\ZONELABS\VSMON[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\mmtask.tsk

 

 

 

C:\WINDOWS\EXPLORER[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\TASKMON[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\SYSTRAY[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\RUNDLL32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\LOADQM[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\QTTASK[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\SAVE\SAVE[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\PEERGUARDIAN2\PG2[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\WMIEXE[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\DDHELP[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\TEMP\HIJACKTHIS[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/

 

 

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

 

 

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

 

 

 

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw[Caution: ExecutableFile] /autorun

 

 

 

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [systemTray] SysTray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme

 

 

 

O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient

 

 

 

O4 - HKLM\..\Run: [LoadQM] loadqm[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd[Caution: ExecutableFile] -startup

 

 

 

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] start

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON[Caution: ExecutableFile] /Consumer

 

 

 

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme

 

 

 

O4 - HKLM\..\RunServices: [schedulingAgent] mstask[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON[Caution: ExecutableFile] -service

 

 

 

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ[Caution: ExecutableFile]" -reg

 

 

 

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager[Caution: ExecutableFile]" -quiet

 

 

 

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2[Caution: ExecutableFile]

 

 

 

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST[Caution: ExecutableFile]

 

 

 

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

 

 

 

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

 

 

 

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/p ... der_v6.cab

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

 

 

 

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab

 

 

 

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - http://support.dell.com/systemprofiler/SysProfLcd.CAB

[Mercifull]

You should stop Quicktime loading in the system tray. Right click on the icon and go into the properties to stop it loading in there. That will save a bit of memory.

 

 

 

 

 

 

 

C:\PROGRAM FILES\SAVE\SAVE[Caution: ExecutableFile]

 

 

 

Also you have the Save! spyware so try going to the Add/Remove programs and seeing if its in there to remove. Then scan with Ad-aware and Spybot S&D.

 

 

 

 

 

 

 

"Fix" this using HijackThis

 

 

 

O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save[Caution: ExecutableFile]"

 

 

 

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST[Caution: ExecutableFile]

[den160593]

Another good Spyware Scanner and Protection is Microsoft AntiSpyware.

 

 

 

 

 

 

 

Just download a free copy run a scan and set it to real time protection. You'll have protection and be spyware free in no time