1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Nedd analysis of results from a Hijackthis scan

Discussion in 'Virus & Other Malware Removal' started by mclaffy, Jan 24, 2005.

Thread Status:
Not open for further replies.
  1. mclaffy

    mclaffy Thread Starter

    Joined:
    Jan 24, 2005
    Messages:
    1
    Sent: Monday, January 24, 2005 3:29 PM
    Subject: Can you help me analyze this log from Hijackthis


    Logfile of HijackThis v1.99.0
    Scan saved at 10:13:17 AM, on 1/24/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\WZCBDL SERVICE\WZCBDL9X.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\DAEMON.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\PROGRAM FILES\D-LINK\AIR UTILITY\AIRCFG.EXE
    C:\WINDOWS\SYSTEM\USBMONIT.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
    C:\PROGRAM FILES\VISIONEER ONETOUCH\ONETOUCHMON.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\KDX\KHOST.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\D-LINK\D-LINK DWL-650 CONTROL UTILITY\CONFIG.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\D-LINK AIRPLUS XTREME G DWL-G650\AIRPLUS.EXE
    C:\PROGRAM FILES\SCANSOFT\PAPERPORT\CONFIG\EREG\REMIND32.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\1100796466\EE\AOLHOSTMANAGER.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\1100796466\EE\AOLSERVICEHOST.EXE
    C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hp.com/omnibook
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caida.org/cgi-bin/stock.cgi
    O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: Tickle Helper Class - {0BAA159B-8413-4538-AF57-161AE135D11E} - C:\PROGRAM FILES\TICKLE\TICKLE HELPER.5.DLL
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Tickle Toolbar - {B9FC2096-9B8F-4193-81C6-C9D5C266D2F0} - C:\PROGRAM FILES\TICKLE\TICKLE TOOLBAR.5.DLL (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [AtiGart] c:\Ati\Gart\AtiGart.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [D-Link Air Utility] c:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\KDX\KHOST.EXE
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100796466\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plab.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [WZCBDLService] c:\Program Files\WZCBDL Service\WZCBDL9X.exe
    O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Configuration Utility.lnk = C:\Program Files\D-Link\D-Link DWL-650 Control Utility\Config.exe
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Startup: D-Link AirPlus Xtreme G DWL-G650 Adapter Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G DWL-G650\AirPlus.exe
    O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/10e1d485f8899d9d4e06/netzip/RdxIE601.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} (Diagmgr Class) - http://isupport4.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
    O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\PROGRAM FILES\FIDELITY INVESTMENTS\FIDELITY ACTIVE TRADER\SYSTEM\ATNGPROT.DLL
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,272
    First Name:
    Derek
    The only thing I can see that might be unwanted is the Tickle toolbar/BHO

    I'm not convinced it's 100% kosher, but I couldn't say it's bad either

    Unless you use it and want it uninstall it from add/remove programs in control panel

    Download and unzip or install this program/application if you haven't already got it. If you have it, then make sure it is updated and configured as described

    AdAware SE from http://www.lavasoft.de/support/download
    and while you are at the adaware site download and install http://www.lavasoft.de/software/addons/vx2cleaner.shtml
    and run it before the main adaware scan and follow it's directions
    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
    the current ref file should read at least SE1R25 11.01.2005 or a higher number/later date

    Set up the Configurations as follows:

    General Button
    Safety:
    Check (Green) all three.

    Click on "Proceed"

    Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

    Click on "Scan Now"

    Run the scanner using the Full Scan (Perform full system scan) mode.

    When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/322965

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice