Help with Hijack This! Log fixes

Computing.Net > Forums > Security and Virus > Help with Hijack This! Log fixes

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Help with Hijack This! Log fixes

Name: FOXTAIL91
Date: December 28, 2003 at 10:39:29 Pacific
OS: Windows 98 SE
CPU/Ram: Intel Pentium II/160 MB R

Comment:

I downloaded and ran Hijack This! because I have been having issues with Google loading on IE as well as an d.exe icon that appears on my desktop. I ran AVG Virus Scan as well as Adaware,and CWShredder. The d.exe file doesn't show up, and Google is loading properly again. But I wanted help with the Hijack this Logfile to see if there was more I could fix.
Here is the log file for hijack this on my system. Can someone help me in identifying what I should fix? Thanks in advance!
FOXTAIL
Logfile of HijackThis v1.97.7
Scan saved at 10:25:34 AM, on 12/28/2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
D:\AVG 6.0 ANTI-VIRUS(FREE ED)\AVGCC32.exe
D:\QUICKEN\QAGENT.exe
D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.exe
D:\CLYSMIC\LUNAR ALMANACK\LUNABAR.exe
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.0.exe
F:\PALM\HOTSYNC.exe
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.exe
F:\FINEPIXVIEWER\QUICKDCF.exe
C:\WINDOWS\SYSTEM\MRTMNGR.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe
D:\ICQ\ICQ.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\TEMP\HIJACKTHIS.exe
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\IPHLPSVR.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-dot.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.search-dot.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-dot.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-dot.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-dot.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-dot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-dot.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-dot.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-dot.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-dot.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBAT5\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [WheelMouse] C:\WHEELM~1\wh_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [AVG_CC] D:\AVG6~1.0AN\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QAGENT] D:\QUICKEN\QAGENT.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] D:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O4 - HKCU\..\RunOnce: [ICQ] D:\ICQ\ICQ.exe -trayboot
O4 - Startup: Lunabar Taskbar Icon.lnk = D:\clySmic\Lunar Almanack\Lunabar.exe
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
O4 - Startup: HotSync Manager.lnk = F:\Palm\HOTSYNC.exe
O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
O4 - Startup: Exif Launcher.lnk = F:\FinePixViewer\QuickDCF.exe
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: SmartWhois (HKLM)
O9 - Extra button: SmartWhois (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .hiv: C:\WINDOWS\DOWNLOADED PROGRAM FILES\nphijkjv.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: BBSetup - http://download.bonzi.com/freebuddy/wd/bbsetup.exe
O16 - DPF: {607DF741-7D0A-11D4-9EDC-005004189684} - http://www.ucmore.com/download/UCmoreIE5x.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {99B42120-6EC7-11CF-A6C7-00AA00A47DD2} (Label Object) - http://activex.microsoft.com/controls/iexplorer/x86/ielabel.cab
O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} (McAfee Clinic AV Installer Control) - http://download.mcafee.com/molbin/clinic/virusscan/mgavinst.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://128.167.56.50/tools/WONWebLauncherControl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003031901/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {BC26D98E-4F8E-11D4-B523-94ED45C04971} (PrintQuickActiveXSetup Class) - http://www.pqvalet.com/plugin/win/ie/printQuick.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37890.4266666667
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://H:\Bin\html\files\MotivePreQual.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt2_x.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {EBC448F6-3C86-4689-8F5A-088B87E5C725} (Wonderhorse Listener ActiveX Control 1.2) - http://talkradio.alternacast.net/talkradio/clients/listener/bin/whlisten12.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab

Sponsored Link

Ads by Google

Response Number 1

Name: Abnormal
Date: December 28, 2003 at 15:49:48 Pacific

Reply:

Hi,
First, move Hijack This to a permanent directory like c:\program files\hijack this\hijackthis.exe. This way you can undo any changes if something goes wrong.
Check the boxes next to these lines, click "fix checked" and reboot your system.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-dot.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.search-dot.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-dot.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-dot.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-dot.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-dot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-dot.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-dot.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-dot.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-dot.com/search.html
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O16 - DPF: BBSetup - http://download.bonzi.com/freebuddy/wd/bbsetup.exe
O16 - DPF: {607DF741-7D0A-11D4-9EDC-005004189684} - http://www.ucmore.com/download/UCmoreIE5x.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab
Evil Stop Sign
Those are what I think must go, I may have missed something.
Start your computer in safe mode,
navigate to C:\Documents and Settings\All Users\Start Menu\Programs\Startup, and delete winlogon.exe
Good luck

abnormal

Help with VLookup setupreg.hiv Winantivirus Pro + what do I do with a hijack this log	How to scan a slaved drive with hijack this? delete your computer is infected. windows has detected spyware infection pr do this before posting a hijack this log
See More

TDS-3 won't update

Norton 2003

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Help with Hijack This! Log fixes

Plse help with Hijack This log

Summary

www.computing.net/answers/security/plse-help-with-hijack-this-log/8622.html

Help with Hijack This Log File

Summary

www.computing.net/answers/security/help-with-hijack-this-log-file/9949.html

help with hijack this log

Summary

www.computing.net/answers/security/help-with-hijack-this-log/17764.html

From the Geek Dictionary
ROFL - ROFL is an acronym used for Rolling On the Floor Laughing. Expresses great ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
SoundMAX -- PLEASE HELP.

Where is the mount point of IPhone

web camera wont install

Problem in boot

acer laptop 1710 black screen

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE