roovers Posted July 6, 2005 Share Posted July 6, 2005 Logfile of HijackThis v1.99.1 Scan saved at 9:33:57 PM, on 7/5/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\SPOOL32[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\MPREXE[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\MSTASK[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\KB891711\KB891711[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\SSDPSRV[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\ZONELABS\VSMON[Caution: ExecutableFile] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR[Caution: ExecutableFile] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR[Caution: ExecutableFile] C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER[Caution: ExecutableFile] C:\WINDOWS\TASKMON[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\SYSTRAY[Caution: ExecutableFile] C:\WINDOWS\RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\LOADQM[Caution: ExecutableFile] C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\QTTASK[Caution: ExecutableFile] C:\PROGRAM FILES\SAVE\SAVE[Caution: ExecutableFile] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC[Caution: ExecutableFile] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP[Caution: ExecutableFile] C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR[Caution: ExecutableFile] C:\PROGRAM FILES\PEERGUARDIAN2\PG2[Caution: ExecutableFile] C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST[Caution: ExecutableFile] C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\WMIEXE[Caution: ExecutableFile] C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY[Caution: ExecutableFile] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC[Caution: ExecutableFile] C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\DDHELP[Caution: ExecutableFile] C:\WINDOWS\TEMP\HIJACKTHIS[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw[Caution: ExecutableFile] /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon[Caution: ExecutableFile] O4 - HKLM\..\Run: [systemTray] SysTray[Caution: ExecutableFile] O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient O4 - HKLM\..\Run: [LoadQM] loadqm[Caution: ExecutableFile] O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save[Caution: ExecutableFile]" O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd[Caution: ExecutableFile] -startup O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON[Caution: ExecutableFile] /Consumer O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON[Caution: ExecutableFile] -service O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]" O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ[Caution: ExecutableFile]" -reg O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager[Caution: ExecutableFile]" -quiet O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp[Caution: ExecutableFile] O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2[Caution: ExecutableFile] O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST[Caution: ExecutableFile] O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA[Caution: ExecutableFile] O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/p ... der_v6.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - http://support.dell.com/systemprofiler/SysProfLcd.CAB Link to comment Share on other sites More sharing options...
Mercifull Posted July 6, 2005 Share Posted July 6, 2005 You should stop Quicktime loading in the system tray. Right click on the icon and go into the properties to stop it loading in there. That will save a bit of memory. C:\PROGRAM FILES\SAVE\SAVE[Caution: ExecutableFile] Also you have the Save! spyware so try going to the Add/Remove programs and seeing if its in there to remove. Then scan with Ad-aware and Spybot S&D. "Fix" this using HijackThis O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save[Caution: ExecutableFile]" O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST[Caution: ExecutableFile] Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
den160593 Posted July 6, 2005 Share Posted July 6, 2005 Another good Spyware Scanner and Protection is Microsoft AntiSpyware. Just download a free copy run a scan and set it to real time protection. You'll have protection and be spyware free in no time Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now