Help Hijack Log

Avast WEBforum »
Other »
Viruses and worms (Moderators: Maxx_original, misak) »
Help Hijack Log

« previous next »

Print

Pages: [1] Go Down

Author Topic: Help Hijack Log (Read 4154 times)

0 Members and 1 Guest are viewing this topic.

saktl5

Guest

Help Hijack Log

« on: October 24, 2004, 07:49:43 AM »

Hi im a first time user of hijack this and am not sure what to delete, need help Thank You

Logfile of HijackThis v1.98.0
Scan saved at 1:35:29 AM, on 10/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
C:\PROGRAM FILES\WINDUPDATES\WINKA.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\WGR1LGQ6\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = +s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cbs.sportsline.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cbs.sportsline.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = +s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NORTON~3\NAVAPW32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindUpdates] C:\PROGRAM FILES\WINDUPDATES\WINUPDT.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .jsp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://128.11.20.135/tools/WONWebLauncherControl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver/rcriot/microsoft/wtinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/us/sa/common/common/bin/cabsa.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.ea.com/downloads/games/common/ieell.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2760fc9ff81108dad302/netzip/RdxIE601.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://tank.wizards.com/chat/data/html/user/msie/msichat.ocx
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone-dev.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: Yahoo! Chat 1.3 - http://cs8.chat.sc5.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/PPInstaller.exe
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud2.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=08684070fd49578d9cea50ae6b0acefcfbb84033807f5b0ac7f1263a2a3410a3530bb5d1d0c73631f955208ec57d9cb2ba04b99933536261:5384e68ecedbe601989f3130ba048162
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\PROGRA~1\COMMON~1\MICROS~1\REFERE~1\MSREF.DLL
O20 - AppInit_DLLs: APITRAP.DLL

Logged

Eddy

Avast Evangelist
Maybe Bot
Posts: 31079
Watching (over?) you

Re:Help Hijack Log

« Reply #1 on: October 24, 2004, 08:09:20 AM »

Here is the result of my HijackThis Log File Analyzer:

--------------------------------------------------------------------------------
CHECKING HIJACKTHIS AND INTERNET EXPLORER :
--------------------------------------------------------------------------------
You are using a old version of Hijackthis, please update.
You are using the latest version of Internet Explorer.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.

--------------------------------------------------------------------------------
THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :
--------------------------------------------------------------------------------
\program files\windupdates\winupdt.exe
\program files\windupdates\winka.exe
r1 - hkcu\software\microsoft\internet explorer\main,default_search_url = +s
r1 - hkcu\software\microsoft\internet explorer\search,searchassistant = +s
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hkcu\software\microsoft\internet explorer\main,local page =
r0 - hklm\software\microsoft\internet explorer\main,local page =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
r3 - default urlsearchhook is missing
o2 - bho: msntoolbandbho - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o3 - toolbar: msn - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o4 - hklm\..\run: [windupdates] c:\program files\windupdates\winupdt.exe
o9 - extra button: (no name) - {cd67f990-d8e9-11d2-98fe-00c0f0318afe} - (no file)
o16 - dpf: {a031d222-b496-11d2-9cc8-00105a10aaf6} (wonweblauncher class) - http://128.11.20.135/tools/wonweblaunchercontrol.cab
o16 - dpf: {11260943-421b-11d0-8eac-0000c07d88cf} (ipix activex control) - http://www.ipix.com/viewers/ipixx.cab
o16 - dpf: {fa13a9fa-ca9b-11d2-9780-00104b242ea3} - http://www.wildtangent.com/install/wdriver/rcriot/microsoft/wtinst.cab
o16 - dpf: {c2fcef52-ace9-11d3-bebd-00105aa9b6ae} (symantec rufsi registry information class) - http://security2.norton.com/us/sa/common/common/bin/cabsa.cab
o16 - dpf: {33288993-5664-11d4-8b5b-00d0b73b3518} (ell class) - http://www.ea.com/downloads/games/common/ieell.cab
o16 - dpf: {525a15d0-4938-11d4-94c7-0050da20189b} (snoopyctrl class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
o16 - dpf: {17163bb4-107e-11d4-9b76-006097df2317} (eabootstrap class) - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
o16 - dpf: {41f17733-b041-4099-a042-b518bb6a408c} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/quicktimeinstaller.exe
o16 - dpf: {9a54032d-31f7-400d-b184-83b33bde65fa} (msn file upload control) - http://sc.communities.msn.com/controls/fileuc/msnupld.cab
o16 - dpf: {ae1c01e3-0283-11d3-9b3f-00c04f8ef466} (heartbeatctl class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
o16 - dpf: {33e54f7f-561c-49e6-929b-d7e76d3afeb1} (pool control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
o16 - dpf: {56336bcb-3d8a-11d6-a00b-0050da18de71} (rdxie class) - http://207.188.7.150/2760fc9ff81108dad302/netzip/rdxie601.cab
o16 - dpf: {430dde24-c051-11cf-95be-0020aff75e4f} (ichat xchat control) - http://tank.wizards.com/chat/data/html/user/msie/msichat.ocx
o16 - dpf: yahoo! chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
o16 - dpf: {27527d31-447b-11d5-a46e-0001023b4289} (cogsmanager class) - http://gamingzone-dev.ubisoft.com/dev/packages/gsmanager.cab
o16 - dpf: yahoo! chat 1.3 - http://cs8.chat.sc5.yahoo.com/c174/chat.cab
o16 - dpf: yahoo! dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
o16 - dpf: yahoo! chinese checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
o16 - dpf: yahoo! literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
o16 - dpf: yahoo! go fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
o16 - dpf: {90c9629e-cd32-11d3-bbfb-00105a1f0d68} (installshield international setup player) - http://www.installengine.com/engine/isetup.cab
o16 - dpf: {d3d83e08-54d1-4e9d-8eaf-9f979d139294} (maxissimcityscapetelex control) - http://simcity.ea.com/scape/teleport/maxissimcityscapetelex.cab
o16 - dpf: {e855a2d4-987e-4f3b-a51c-64d10a7e2479} (epsimagecontrol class) - http://tools.ebayimg.com/eps/activex/epscontrol_v1-0-3-0.cab
o16 - dpf: {78a730d4-0df3-4b65-8dd2-bfcd433cee30} - http://www.surfsecret.com/inst/ppinstaller.exe
o16 - dpf: yahoo! poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
o16 - dpf: yahoo! mlb stattracker - http://aud2.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
o16 - dpf: {fa3662c3-b8e8-11d6-a667-0010b556d978} (iwinampactivex class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
o16 - dpf: yahoo! pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
o16 - dpf: {4c39376e-fa9d-4349-bacc-d305c1750ef3} (epuimagecontrol class) - http://tools.ebayimg.com/eps/wl/activex/epuwalcontrol_v1-0-3-9.cab
o16 - dpf: yahoo! gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
o16 - dpf: {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} - http://public.windupdates.com/get_file.php?bt=ie&p=08684070fd49578d9cea50ae6b0acefcfbb84033807f5b0ac7f1263a2a3410a3530bb5d1d0c73631f955208ec57d9cb2ba04b99933536261:5384e68ecedbe601989f3130ba048162
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
o16 - dpf: {d719897a-b07a-4c0c-aea9-9b663a28dfcb} (itunesdetector class) - http://ax.phobos.apple.com.edgesuite.net/detection/itdetector.cab

Also do a online analyses of the log HERE

Logged

Online scanners (URL/File/Java/others) - INDEPENDENT support (chat for Windows, Windows apps, and many other things), just state the problem/ask your question in the channel and have patience
NO SECURITY TOOL PROTECTS A SYSTEM AGAINST THE STUPIDITY OF A USER

Print

Pages: [1] Go Up

« previous next »

Avast WEBforum »
Other »
Viruses and worms (Moderators: Maxx_original, misak) »
Help Hijack Log

SMF 2.0.18 | SMF © 2015, Simple Machines
XHTML
RSS
WAP2

Page created in 0.055 seconds with 22 queries.