ctrocks21 Posted July 7, 2006 Report Share Posted July 7, 2006 Logfile of HijackThis v1.99.1Scan saved at 10:01:01 PM, on 7/6/2006Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXEC:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\SK9910DM.EXEC:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXEC:\WINDOWS\SYSTEM\HIDSERV.EXEC:\WINDOWS\TASKMON.EXEC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXEC:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXEC:\PROGRAM FILES\PINNACLE\INSTANTCDDVD\INSTANTWRITE\IWCTRL.EXEC:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXEC:\PROGRAM FILES\AIM\AIM.EXEC:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\INTERVIDEO\COMMON\BIN\WINCINEMAMGR.EXEC:\PROGRAM FILES\AOL COMPANION\COMPANION.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXEC:\PROGRAM FILES\NETGEAR\WG111V2 CONFIGURATION UTILITY\RTLWAKE.EXEC:\PROGRAM FILES\NETGEAR\WG111V2 CONFIGURATION UTILITY\RTWLAN.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXEC:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ext/gw/home.htmlR3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLLO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLLO3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLLO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIETO4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -sO4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [Hidserv] Hidserv.exe runO4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXEO4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exeO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\SYSTEM\PSDrvCheck.exeO4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exeO4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exeO4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exeO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottimeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -regO4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXEO4 - HKLM\..\RunServices: [schedulingAgent] mstask.exeO4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exeO4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exeO4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeO4 - HKCU\..\Run: [iW_DROP_ICON] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdiscO4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\RunOnce: [{D32470A1-B10C-4059-BA53-CF0486F68EBC}] RunDll32.exe C:\WINDOWS\TEMP\4.0.0.9-EasyShrx.Dll,_UninstallPlatform@16 C:\WINDOWS\All Users\Application Data\Kodak\EasyShareSetupO4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exeO4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exeO4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exeO4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Startup: PowerReg Scheduler.exeO4 - Startup: Reboot.exeO4 - Startup: WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exeO8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTMO8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTMO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htmlO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXEO9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXEO9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTMO9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTMO9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTMO9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTMO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXEO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLLO16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CABO16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.105/20130287e10e97185a00/netzip/RdxIE.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.79.downloads.estara.co...651050OneCC.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net Link to post Share on other sites
Matt Posted July 7, 2006 Report Share Posted July 7, 2006 Hi and welcome to Besttechie!Please print out all directions given, for use if/when you cannot access this page.Please scan with HJT and place a check next to the following items:O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeThen, make sure all browser windows and other applications are closed, and click the Fix Checked button.Boot into Safe Mode:Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Once in safe mode, find and delete the following folders:C:\PROGRA~1\SAVE\C:\Program Files\Viewpoint\Reboot your computer normally.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan reportPost back with a new HJT log and the Panda Report.Matt Link to post Share on other sites
robroy Posted July 8, 2006 Report Share Posted July 8, 2006 Matt, my friend said thank you. The Panda activescan did not find any problems.He appears to be ok now so I am closing the topic. Link to post Share on other sites
Recommended Posts