Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
55 Posts
Discussion Starter · #1 ·
Hello,

The machine that I'm currently using has been having performance slowdown problems of late and I would like, with your help if i may, to check to see if there is anything on here that shouldn't be. I ran 3 or 4 of your recommended programs (AdAware, TrendMicro, Symantec, and BitDefender, to be specific) and caught a few things, but I'd like to post a HJT log here and ask for help to make sure there's not something I've missed. Also, I intend to add the ZoneLabs firewall to this system (which was recommended to me for my own computer and works great) and just want to make sure the system is clean before I do so.

Thanks in advance for your help,
Chris

The HJT Log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 2:10:41 AM, on 10/21/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\AOL COMPUTER CHECK-UP\ACCAGNT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1100820692\EE\AOLHOSTMANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1100820692\EE\AOLSERVICEHOST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.covcable.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_5_5_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100820692\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Startup: StormTracker 46 Instant Weather.lnk = C:\Program Files\StormTracker 46 Instant Weather\TrueWeather.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.4.49/squelchies/squelchies-ob-assets.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.3.0.46/worldclass/worldclass-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.0.46/peaks/peaks-ob-assets.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.3.4.49/popfu/popfu-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.5.28/whackdown/whackdown-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.3.0.46/holdem/holdem-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.27/gin/gin-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.0.46/flinger/flinger-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.3.0.46/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.3.0.46/superbingo/superbingo-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.3.0.46/mahjong/mahjong-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.5.28/wordjong/wordjong-ob-assets.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.5.42/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.0.46/mlslots/mlslots-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.2.4.23/jumbee/jumbee-ob-assets.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spider/spider-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.5.28/freecell/freecell-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.3.4.64/nascar/nascar-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.1.3.21/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.2.1.34/bingo/bingoe-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.2.1.41/spades/spades-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.1.3.21/checkers2/checkers-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.2.2.66/backgammon/backgammon-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.3.0.46/aces/aces-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.42/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.5.28/paigow/paigow-ob-assets.cab
O16 - DPF: Tube Runner by pogo - http://aol.pogo.com/applet-6.2.5.28/tube/tube-ob-assets.cab
O16 - DPF: All-Star Football Challenge by pogo - http://game1.pogo.com/applet-6.2.0.37/allstarfb2/allstarfb2-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.0.41/turbo21/turbo21-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.21/poppit/poppit-ob-assets.cab
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.2.4.23/threepoint/threepoint-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.0.46/lottso/lottso-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.5.28/domino/domino-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.5.28/hearts/hearts-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.3.0.46/blackjack/blackjack-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.1.4.29/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://playweb17.pogo.com/applet-6.1.4.29/animal/animal-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.com/applet-6.1.4.29/roulette/roulette-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harvest/harvest-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.21/chess2/chess2-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.1.5.21/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.1.5.28/greenback/greenback-ob-assets.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slots/showbiz-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.2.5.28/topdown2/topdown2-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.5.28/omaha/omaha-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.com/applet-6.2.1.34/sawgrass/sawgrass-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.1.34/slots/scifi-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.41/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pinochle/pinochle-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.2.2.66/simball/simball-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.48/cribbage/cribbage-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.5.28/pool2/pool-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.3.0.46/poppazoppa/poppazoppa-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.2.4.23/euchre/euchre-ob-assets.cab
O16 - DPF: {5A447319-0EA2-447B-A063-A5F849B097D0} (ScanZillaLE Class) - https://www.stopzilla.com/scanner/binaries/SZScanLE.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.2.4.23/pebble/pebble-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slots/alibaba-ob-assets.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
 

·
Administrator
Joined
·
4,870 Posts
Hi there and welcome to TSF

I don't see anything really major in your log at all. All the programs you have run seem to have kept the malware at bay. Lets just have a deep dive and see if there is anything lurking.
_________________________________________________

Download SilentRunners.vbs - Right click & choose Save As... SilentRunners.vbs

Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts
Double-click SilentRunners.vbs to run it. This will take a few minutes.
When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply.
_________________________________________________

Download StartDreck
  1. Unzip to its own folder and start the program:
  2. Press 'Config'
  3. Press 'Unmark All'
  4. Check the following boxes only:

    • Registry > Run Keys
    • System/drivers > Running processes

  5. Press 'Ok'
Press Save and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.
_________________________________________________

and for good measure

Please do an online scan at Panda ActiveScan

  1. Click on the Scan your PC button & a pop up window shall appear. *Ensure that your pop up blocker doesn't block it*
  2. Click On Next
  3. Enter your e-mail address & click Send. *It will begin downloading Panda's ActiveX controls which are about 8MB in size*
  4. In the next window, & checkmark the following:
    • Disinfect automatically
    • Scan compressed files
    • Scan e-mail files
    • Detect unknown viruses (Heuristic)
    • Detect spyware

  5. Begin the scan by selecting All My Computer

    You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

  6. If it finds any malware, it will offer you a report. Click on See report
  7. Then click Save report
_________________________________________________

Paste the results of the Silent Runners log, StartDreck log and Panda Scan here together with a new HiJack This log.
_________________________________________________
 

·
Registered
Joined
·
55 Posts
Discussion Starter · #3 ·
Hi, and thanks again for your help.

I tried to download both Silent Runners and StartDreck, but when I click the link, after a few moments I get the following message.

"Internet Explorer Cannot download Silent Runners.vbs from www.silentrunners.org (or StartDreck, as the case may be)

Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found"

I went directly to both sites and tried to use their Download links and got the same message.

I suspected perhaps that the security settings on the machine were too high and lowered them to Medium-Low and still got the same message. Perhaps this isnt the problem?

Do you have any suggestions on alternate ways to get these programs?
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hi,

That website was experiencing some difficulties this afternoon, please try again. :smile:
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top