Hijack This - Log

C

Chris B

Hello,

I was wondering if anybody could analyze my Hijack This
Log. I know I have something to fix, but I'm not sure what
to fix. Any help would be apprieciated, thanks!

Chris B


Logfile of HijackThis v1.97.7
Scan saved at 10:43:09 AM, on 04/13/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchURL = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ym
sgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ym
sgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = C:\WINDOWS\system32
\blank.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = C:\WINDOWS\system32
\blank.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = C:\WINDOWS\system32
\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/y
msgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ym
sgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ym
sgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/y
msgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ym
sgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = C:\WINDOWS\system32
\searchbar.html
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ym
sgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,HomeOldSP = http://www.search-2003.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,SearchAssistant = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,CustomizeSearch = http://www.008i.com/search.html
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} -
(no file)
O2 - BHO: (no name) - {00000000-5eb9-11d5-9d45-
009027c14662} - (no file)
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - (no file)
O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-
CCE9EB4EDC2F} - C:\PROGRA~1\ADSHIELD\ADSHIELD\ADSHIELD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VoodooBanshee] rundll32.exe
3DBBps.dll,BansheeLoadSettings
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6
\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [Weather] C:\PROGRAM
FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Windows Guardian.lnk = C:\Program Files\the
HelpSpot!\Fawgrd32.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2
\Stms.exe
O8 - Extra context menu item: Add to &Block List... -
C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... -
C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option
&Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O8 - Extra context menu item: Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .wma: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1
\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.a
pple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?38052.3141782407
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}
(YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/y
mmapi_416.dll
 
F

Frank Saunders, MS-MVP

Chris B said:
Hello,

I was wondering if anybody could analyze my Hijack This
Log. I know I have something to fix, but I'm not sure what
to fix. Any help would be apprieciated, thanks!

Chris B
Click to expand...

**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/
 
J

Jacked B-4

-----Original Message-----
Hello,

I was wondering if anybody could analyze my Hijack This
Log. I know I have something to fix, but I'm not sure what
to fix. Any help would be apprieciated, thanks!

Chris B


Logfile of HijackThis v1.97.7
Scan saved at 10:43:09 AM, on 04/13/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchURL = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ ym
sgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ ym
sgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = C:\WINDOWS\system32
\blank.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = C:\WINDOWS\system32
\blank.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = C:\WINDOWS\system32
\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp /y
msgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ ym
sgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ ym
sgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp /y
msgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ ym
sgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = C:\WINDOWS\system32
\searchbar.html
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ ym
sgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,HomeOldSP = http://www.search-2003.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,SearchAssistant = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,CustomizeSearch = http://www.008i.com/search.html
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6- 00500487BDBA} -
(no file)
O2 - BHO: (no name) - {00000000-5eb9-11d5-9d45-
009027c14662} - (no file)
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - (no file)
O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-
CCE9EB4EDC2F} - C:\PROGRA~1 \ADSHIELD\ADSHIELD\ADSHIELD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VoodooBanshee] rundll32.exe
3DBBps.dll,BansheeLoadSettings
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6
\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [Weather] C:\PROGRAM
FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Windows Guardian.lnk = C:\Program Files\the
HelpSpot!\Fawgrd32.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2
\Stms.exe
O8 - Extra context menu item: Add to &Block List... -
C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... -
C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option
&Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O8 - Extra context menu item: Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .wma: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1
\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/s wf
lash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info ..a
pple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl. CA
B?38052.3141782407
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}
(YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse /y
mmapi_416.dll


.
If I were you i'd check every damn one of those boxes
Click to expand...
you have listed!Start over new,every time you go and
start a service it will start over,in that log file,Only
thing is you'll have to reset your home page which looks
like Yahoo,also may have to restart your antivirus(which
I don't see listed,maybe Voodoo has it shut off)If you
dont have one get a year FREE from
http://www.my-etrust.com/microsoft/index.cfm?
it's a link from microsoft's update page,if you'ld like
to follow it thru yourself.I had to start clean after my
14 yaer old fixed me up with plenty of jacks,best thing
to do is check 'em all,if something don't work right,you
can always go back and removed ones and replace them one
at a time(doubt you'll do that after you get it humming
along without all that junk)!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

elite***32.exe [*** = random char] and EliteToolBar - please help remove 2
HijackThis Log 1
PLS HELP...(about: blank) 1
Search Engine Hijack (qhosts?), HijackThis.log. 3
Homepage changing to http://296f8.ilxt.info/index.php?aid=20009 1
Browser has been hijacked 5
Not able to open multiple IE windows 4
IE6.0 SP1 probs HJthis Log incl. 2

Top