[Hijack this Log] -
Hijack this Log
Discuss Hijack this Log
Posted by: daddy_ray
I need someone to confirm that I have a clean pc. I believe I do, but a little confirmation would be nice. Obviously, I have a lot of stuff running. Ask jeeves, msn, google, cnet, norton toolbars. I have a netsape, mozilla, and ie browser. Any assistance would be greatly appreciated. Thanks, Ray
Logfile of HijackThis v1.98.2
Scan saved at 06:40:08 PM, on 1/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.1001\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://minisearch.startnow.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://minisearch.startnow.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://minisearch.startnow.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [url]http://minisearch.startnow.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ptktzkxk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine:// C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csea
rchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ptktzkxk.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.111-deleon.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-US\MSNTB.DLL
O3 - Toolbar: CNET SearchBar - {862fb893-b24b-4fad-80d3-a1158eb34db4} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNETSEARCHBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Ask Jeeves Bar - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - C:\WINDOWS\SYSTEM\ASKBARAB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /scheduler
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.111-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.111-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.111-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.111-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.111-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: Ask Jeeves Search - res://C:\WINDOWS\SYSTEM\ASKBARAB.DLL/cmd-search-selection
O8 - Extra context menu item: Dictionary Search - res://C:\WINDOWS\SYSTEM\ASKBARAB.DLL/cmd-search-selection-word
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Turbo Memory Charger - {ECC5778A-6E89-BFCE-13CE-81F134789E7B} - C:\PROGRAM FILES\TURBO MEMORY CHARGER\TURBOMEMORYCHARGER (file missing)
O9 - Extra 'Tools' menuitem: Turbo Memory Charger - {ECC5778A-6E89-BFCE-13CE-81F134789E7B} - C:\PROGRAM FILES\TURBO MEMORY CHARGER\TURBOMEMORYCHARGER (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - [url]http://www.webshots.com/samplers/WSDownloader.ocx[/url]
O16 - DPF: {862FB893-B24B-4FAD-80D3-A1158EB34DB4} (CNET SearchBar) - [url]http://www.search.com/cnetsearchbar.cab[/url]
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - [url]http://www.live365.com/players/play365.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab[/url]
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - [url]http://fdl.msn.com/zone/datafiles/heartbeat.cab[/url]
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} (AJ Installer Control) - [url]http://sp.ask.com/docs/toolbar/download/askbar-inst.cab[/url]
Posted by: MicroBell
Run hijackthis and fix the following entrys..
[b]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://minisearch.startnow.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://minisearch.startnow.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://minisearch.startnow.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [url]http://minisearch.startnow.com[/url][/b]
minisearch is a search page hijack. Other than that..your mostly clean...however I would recommend you remove all the toolbars. Please note the following about toolbars and your ISP carrier.
[color=blue][b]**Note** ToolBars…[/b]
While these are useful you must be made aware that many contain adware/spyware and monitor your browsing habits as it collects your browsing habits and reports them back to the toolbar sites for 3rd party advertising and tracking purposes..ect. Many say they are not spyware..but they are. I would recommend you remove them or at the very least [b]READ[/b] their privacy polices very carefully. The following violate their own privacy polices in the way the toolbar collects data and sends it back to their site. I’m only listing the main ones as there are too many to list.
[b]MSN ToolBar
Yahoo ToolBar
Ebay ToolBar
Aim/AOL ToolBar
Myway ToolBar[/color][/b]
=========================================
[color=navy][b]BroadJump[/b] - Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit. I would ask your ISP on how to remove it and why they installed it in the first place. Please do not uninstall the program, since it looks like it is required for your internet connection. This especially applies to those who use[b] SBC[/b] as their ISP (Internet Service Provider). If they can't/won't resolve this problem for you, then it's time to switch to another provider that don't embed this spyware in their program. You will most likely also have[b] Support.com[/b] installed. The same situation applies here also. Try to find out how to remove it from your ISP. Don't uninstall it yourself.[/color]
Posted by: southernlady
Closing this thread due to lack of activity. Liz