Hijacklog

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Gary300

Thread Starter
Joined
Jul 4, 2003
Messages
183
Here is a copy of my Hijacklog, I posted a thread on here about having a Trojan Horse virus. Well, I'm glad to say both virus' are gone, but here is a copy of my hijacklog, can anyone tell me if I have something in there I shouldn't?

Thanks,
Gary
 

Gary300

Thread Starter
Joined
Jul 4, 2003
Messages
183
Logfile of HijackThis v1.97.2
Scan saved at 6:18:54 PM, on 9/21/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
C:\WINDOWS\TEMP\QZTEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\Tuner\bin\motmon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [PopUpInspector] C:\PROGRAM FILES\GIANT COMPANY SOFTWARE INC\POPUP INSPECTOR\POPUPINSPECTOR.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Linked Ima&ges - C:\Program Files\IEimage\IEimage.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Stop popups from this web page - C:\PROGRAM FILES\GIANT COMPANY SOFTWARE INC\POPUP INSPECTOR\denysite.htm
O9 - Extra button: Linked Images (HKLM)
O9 - Extra 'Tools' menuitem: Linked Ima&ges (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37879.7596990741
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/07124716c0e15f7def01/netzip/RdxIE601.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab



haha!!! I'm retarded...lol!
 
Joined
Mar 25, 2001
Messages
3,334
Gary, If you want to keep the ewebsearch stuff then leave the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ewebsearch.net/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL


That would just leave the following to remove:

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/07124716c0e15f...ip/RdxIE601.cab


....close your browser, check the item(s) in HJT, click Fix, then reboot.

:)
 

Triple6

Moderator
Joined
Dec 26, 2002
Messages
52,930
First Name
Rob
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

The first 2 I would uncheck, the next three are optional. The office stuff doesn't need to start at boot. And the MYWEBSEARCH is just another search bar which I personally can live without but if you find handy you can keep it. Other than that it looks ok, we'll see what others suggests.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top