C
Chris B
Hello,
I was wondering if anybody could analyze my Hijack This
Log. I know I have something to fix, but I'm not sure what
to fix. Any help would be apprieciated, thanks!
Chris B
Logfile of HijackThis v1.97.7
Scan saved at 10:43:09 AM, on 04/13/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchURL = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ym
sgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ym
sgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = C:\WINDOWS\system32
\blank.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = C:\WINDOWS\system32
\blank.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = C:\WINDOWS\system32
\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/y
msgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ym
sgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ym
sgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/y
msgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ym
sgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = C:\WINDOWS\system32
\searchbar.html
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ym
sgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,HomeOldSP = http://www.search-2003.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,SearchAssistant = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,CustomizeSearch = http://www.008i.com/search.html
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} -
(no file)
O2 - BHO: (no name) - {00000000-5eb9-11d5-9d45-
009027c14662} - (no file)
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - (no file)
O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-
CCE9EB4EDC2F} - C:\PROGRA~1\ADSHIELD\ADSHIELD\ADSHIELD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VoodooBanshee] rundll32.exe
3DBBps.dll,BansheeLoadSettings
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6
\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [Weather] C:\PROGRAM
FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Windows Guardian.lnk = C:\Program Files\the
HelpSpot!\Fawgrd32.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2
\Stms.exe
O8 - Extra context menu item: Add to &Block List... -
C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... -
C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option
&Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O8 - Extra context menu item: Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .wma: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1
\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.a
pple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?38052.3141782407
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}
(YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/y
mmapi_416.dll
I was wondering if anybody could analyze my Hijack This
Log. I know I have something to fix, but I'm not sure what
to fix. Any help would be apprieciated, thanks!
Chris B
Logfile of HijackThis v1.97.7
Scan saved at 10:43:09 AM, on 04/13/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchURL = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ym
sgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ym
sgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = C:\WINDOWS\system32
\blank.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = C:\WINDOWS\system32
\blank.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = C:\WINDOWS\system32
\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/y
msgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ym
sgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ym
sgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/y
msgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ym
sgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = C:\WINDOWS\system32
\searchbar.html
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ym
sgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,HomeOldSP = http://www.search-2003.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchAssistant = C:\WINDOWS\system32
\searchbar.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,SearchAssistant = http://www.008i.com/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer,CustomizeSearch = http://www.008i.com/search.html
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} -
(no file)
O2 - BHO: (no name) - {00000000-5eb9-11d5-9d45-
009027c14662} - (no file)
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - (no file)
O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-
CCE9EB4EDC2F} - C:\PROGRA~1\ADSHIELD\ADSHIELD\ADSHIELD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VoodooBanshee] rundll32.exe
3DBBps.dll,BansheeLoadSettings
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6
\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [Weather] C:\PROGRAM
FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Windows Guardian.lnk = C:\Program Files\the
HelpSpot!\Fawgrd32.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2
\Stms.exe
O8 - Extra context menu item: Add to &Block List... -
C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... -
C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option
&Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O8 - Extra context menu item: Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .wma: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\Program
Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1
\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.a
pple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?38052.3141782407
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}
(YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/y
mmapi_416.dll