 |  |  |  |  |  |  |  |
HJT log - 3/15/2005
 |
My system is acting like it is under the control of spyware. It stops the execution of Avast! I have Ad-Aware and Spybot up to date. AVG7 is also up to date.
I am pasting my HJT log.
Thanks for your assistance.
Frank
====
Logfile of HijackThis v1.99.1
Scan saved at 3:39:12 PM, on 3/15/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WIN98\SYSTEM\KERNEL32.DLL
C:\WIN98\SYSTEM\MSGSRV32.EXE
C:\WIN98\SYSTEM\SPOOL32.EXE
C:\WIN98\SYSTEM\MPREXE.EXE
C:\WIN98\SYSTEM\mmtask.tsk
C:\WIN98\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TINY PERSONAL FIREWALL\PERSFW.EXE
C:\WIN98\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WIN98\SYSTEM\RPCSS.EXE
C:\WIN98\EXPLORER.EXE
C:\WIN98\TASKMON.EXE
C:\WIN98\SYSTEM\SYSTRAY.EXE
C:\WIN98\MIXER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WIN98\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
D:\PROGRAM FILES\PALM\HOTSYNC.EXE
D:\PROGRAM FILES\REDSTRIKE\ULTRAWIPE\LAUNCHER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
D:\PROGRAM FILES\CRIMSON EDITOR\CEDT.EXE
C:\WIN98\SYSTEM\RNAAPP.EXE
C:\WIN98\SYSTEM\TAPISRV.EXE
D:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WIN98\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
N1 - Netscape 4: user_pref("browser.startup.homepage", "about:blank"); (C:\Program Files\Netscape\Users\frank1\prefs.js)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\PROGRA~1\FRESHD~1\FRESHD~2\FDCATCH.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WIN98\SYSTEM\NZDD0.DLL
O2 - BHO: (no name) - {AB77A7BF-8C5B-486A-B547-F9AD2B41A904} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WIN98\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ashMaiSv] D:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [avast! Web Scanner] D:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PersFw] C:\Program Files\Tiny Personal Firewall\persfw.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WIN98\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\Diskeeper\DkService.exe
O4 - HKLM\..\RunServices: [avast!] D:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [FUIClearHis] D:\PROGRAM FILES\FRESHDEVICES\FRESHUI\FRESHUI.EXE 0 1 2 3 4 6 7 8 9 10 11 12 13 14 16 17
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: HotSync Manager.lnk = ?
O4 - Startup: Ultra Wipe Launcher.lnk = D:\PROGRA~1\REDSTR~1\ULTRAW~1\LAUNCHER.EXE
O8 - Extra context menu item: Open Frame in &New Window - C:\WIN98\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WIN98\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WIN98\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WIN98\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WIN98\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WIN98\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WIN98\Web\imglist.htm
O8 - Extra context menu item: Download with &FD - D:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
O8 - Extra context menu item: Download &All by FD - D:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WIN98\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify148.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.nevadadot.com/ACGM/Acgm.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 65.73.236.3,64.122.22.130
I am pasting my HJT log.
Thanks for your assistance.
Frank
====
Logfile of HijackThis v1.99.1
Scan saved at 3:39:12 PM, on 3/15/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WIN98\SYSTEM\KERNEL32.DLL
C:\WIN98\SYSTEM\MSGSRV32.EXE
C:\WIN98\SYSTEM\SPOOL32.EXE
C:\WIN98\SYSTEM\MPREXE.EXE
C:\WIN98\SYSTEM\mmtask.tsk
C:\WIN98\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TINY PERSONAL FIREWALL\PERSFW.EXE
C:\WIN98\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WIN98\SYSTEM\RPCSS.EXE
C:\WIN98\EXPLORER.EXE
C:\WIN98\TASKMON.EXE
C:\WIN98\SYSTEM\SYSTRAY.EXE
C:\WIN98\MIXER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WIN98\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
D:\PROGRAM FILES\PALM\HOTSYNC.EXE
D:\PROGRAM FILES\REDSTRIKE\ULTRAWIPE\LAUNCHER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
D:\PROGRAM FILES\CRIMSON EDITOR\CEDT.EXE
C:\WIN98\SYSTEM\RNAAPP.EXE
C:\WIN98\SYSTEM\TAPISRV.EXE
D:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WIN98\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
N1 - Netscape 4: user_pref("browser.startup.homepage", "about:blank"); (C:\Program Files\Netscape\Users\frank1\prefs.js)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\PROGRA~1\FRESHD~1\FRESHD~2\FDCATCH.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WIN98\SYSTEM\NZDD0.DLL
O2 - BHO: (no name) - {AB77A7BF-8C5B-486A-B547-F9AD2B41A904} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WIN98\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ashMaiSv] D:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [avast! Web Scanner] D:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PersFw] C:\Program Files\Tiny Personal Firewall\persfw.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WIN98\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\Diskeeper\DkService.exe
O4 - HKLM\..\RunServices: [avast!] D:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [FUIClearHis] D:\PROGRAM FILES\FRESHDEVICES\FRESHUI\FRESHUI.EXE 0 1 2 3 4 6 7 8 9 10 11 12 13 14 16 17
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: HotSync Manager.lnk = ?
O4 - Startup: Ultra Wipe Launcher.lnk = D:\PROGRA~1\REDSTR~1\ULTRAW~1\LAUNCHER.EXE
O8 - Extra context menu item: Open Frame in &New Window - C:\WIN98\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WIN98\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WIN98\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WIN98\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WIN98\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WIN98\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WIN98\Web\imglist.htm
O8 - Extra context menu item: Download with &FD - D:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
O8 - Extra context menu item: Download &All by FD - D:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WIN98\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify148.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.nevadadot.com/ACGM/Acgm.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 65.73.236.3,64.122.22.130
You have some things to fix there, but before you do you should put HijackThis into it's own folder. To do this, right-click on your desktop, select New, Folder; give the new folder a name (like HJT or Hijackthis); after you've named it, drag the hijackthis.exe icon on your desktop into this new folder.
Then, close all browser windows, scan with HJT, and post a new log.
Then, close all browser windows, scan with HJT, and post a new log.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Here is the new log you requested. Thanks for your help.
====
Logfile of HijackThis v1.99.1
Scan saved at 8:44:39 PM, on 3/16/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WIN98\SYSTEM\KERNEL32.DLL
C:\WIN98\SYSTEM\MSGSRV32.EXE
C:\WIN98\SYSTEM\MPREXE.EXE
C:\WIN98\SYSTEM\mmtask.tsk
C:\WIN98\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TINY PERSONAL FIREWALL\PERSFW.EXE
C:\WIN98\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WIN98\SYSTEM\RPCSS.EXE
C:\WIN98\EXPLORER.EXE
C:\WIN98\TASKMON.EXE
C:\WIN98\SYSTEM\SYSTRAY.EXE
C:\WIN98\MIXER.EXE
C:\WIN98\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
D:\PROGRAM FILES\PALM\HOTSYNC.EXE
D:\PROGRAM FILES\REDSTRIKE\ULTRAWIPE\LAUNCHER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WIN98\SYSTEM\RNAAPP.EXE
C:\WIN98\SYSTEM\TAPISRV.EXE
C:\WIN98\DESKTOP\HJT 1.99\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
N1 - Netscape 4: user_pref("browser.startup.homepage", "about:blank"); (C:\Program Files\Netscape\Users\frank1\prefs.js)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\PROGRA~1\FRESHD~1\FRESHD~2\FDCATCH.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WIN98\SYSTEM\NZDD0.DLL
O2 - BHO: (no name) - {AB77A7BF-8C5B-486A-B547-F9AD2B41A904} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WIN98\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ashMaiSv] D:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [avast! Web Scanner] D:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [KeyStone Version Control] d:\Program Files\Keystone Learning\MeasureUp\cdtpUpdater.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PersFw] C:\Program Files\Tiny Personal Firewall\persfw.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WIN98\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\Diskeeper\DkService.exe
O4 - HKLM\..\RunServices: [avast!] D:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [FUIClearHis] D:\PROGRAM FILES\FRESHDEVICES\FRESHUI\FRESHUI.EXE 0 1 2 3 4 6 7 8 9 10 11 12 13 14 16 17
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: HotSync Manager.lnk = ?
O4 - Startup: Ultra Wipe Launcher.lnk = D:\PROGRA~1\REDSTR~1\ULTRAW~1\LAUNCHER.EXE
O8 - Extra context menu item: Open Frame in &New Window - C:\WIN98\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WIN98\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WIN98\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WIN98\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WIN98\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WIN98\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WIN98\Web\imglist.htm
O8 - Extra context menu item: Download with &FD - D:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
O8 - Extra context menu item: Download &All by FD - D:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WIN98\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify148.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.nevadadot.com/ACGM/Acgm.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 65.73.236.3,64.122.22.130
====
Logfile of HijackThis v1.99.1
Scan saved at 8:44:39 PM, on 3/16/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WIN98\SYSTEM\KERNEL32.DLL
C:\WIN98\SYSTEM\MSGSRV32.EXE
C:\WIN98\SYSTEM\MPREXE.EXE
C:\WIN98\SYSTEM\mmtask.tsk
C:\WIN98\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TINY PERSONAL FIREWALL\PERSFW.EXE
C:\WIN98\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WIN98\SYSTEM\RPCSS.EXE
C:\WIN98\EXPLORER.EXE
C:\WIN98\TASKMON.EXE
C:\WIN98\SYSTEM\SYSTRAY.EXE
C:\WIN98\MIXER.EXE
C:\WIN98\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
D:\PROGRAM FILES\PALM\HOTSYNC.EXE
D:\PROGRAM FILES\REDSTRIKE\ULTRAWIPE\LAUNCHER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WIN98\SYSTEM\RNAAPP.EXE
C:\WIN98\SYSTEM\TAPISRV.EXE
C:\WIN98\DESKTOP\HJT 1.99\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
N1 - Netscape 4: user_pref("browser.startup.homepage", "about:blank"); (C:\Program Files\Netscape\Users\frank1\prefs.js)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\PROGRA~1\FRESHD~1\FRESHD~2\FDCATCH.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WIN98\SYSTEM\NZDD0.DLL
O2 - BHO: (no name) - {AB77A7BF-8C5B-486A-B547-F9AD2B41A904} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WIN98\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ashMaiSv] D:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [avast! Web Scanner] D:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [KeyStone Version Control] d:\Program Files\Keystone Learning\MeasureUp\cdtpUpdater.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PersFw] C:\Program Files\Tiny Personal Firewall\persfw.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WIN98\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\Diskeeper\DkService.exe
O4 - HKLM\..\RunServices: [avast!] D:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [FUIClearHis] D:\PROGRAM FILES\FRESHDEVICES\FRESHUI\FRESHUI.EXE 0 1 2 3 4 6 7 8 9 10 11 12 13 14 16 17
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: HotSync Manager.lnk = ?
O4 - Startup: Ultra Wipe Launcher.lnk = D:\PROGRA~1\REDSTR~1\ULTRAW~1\LAUNCHER.EXE
O8 - Extra context menu item: Open Frame in &New Window - C:\WIN98\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WIN98\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WIN98\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WIN98\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WIN98\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WIN98\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WIN98\Web\imglist.htm
O8 - Extra context menu item: Download with &FD - D:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
O8 - Extra context menu item: Download &All by FD - D:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WIN98\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify148.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.nevadadot.com/ACGM/Acgm.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 65.73.236.3,64.122.22.130
Sorry for the delay in responding to this.
Avast and AVG are two seperate antivirus programs (as far as I know); having both on your system may cause the problem you described. You should choose the one you prefer and uninstall the other.
Fresh Devices information:
Low threat - Low risk threats pose a very low risk or no immediate danger to your computer or your privacy, however these types of applications may profile user online habits, but only according to specific privacy policies stated in the applications End-User License. These types of threats generally borderline on being a threat to being a standard application that has a complex license agreement that you knowingly installed. You should examine their EULA, terms of service agreement, or privacy policy; if you like the program... keep it.
You can find some info on Netzip (this entry in your HJT log: O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WIN98\SYSTEM\NZDD0.DLL) at this site:
http://www.grc.com/downloaders.htm
Scan with hijackthis and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O2 - BHO: (no name) - {AB77A7BF-8C5B-486A-B547-F9AD2B41A904} - (no file)
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
Be sure to close all windows other than HJT before hitting the Fix button.
Of the O8 entries, did you set up any of these yourself? Also the O16 entries, are these sites you visit?
Avast and AVG are two seperate antivirus programs (as far as I know); having both on your system may cause the problem you described. You should choose the one you prefer and uninstall the other.
Fresh Devices information:
Low threat - Low risk threats pose a very low risk or no immediate danger to your computer or your privacy, however these types of applications may profile user online habits, but only according to specific privacy policies stated in the applications End-User License. These types of threats generally borderline on being a threat to being a standard application that has a complex license agreement that you knowingly installed. You should examine their EULA, terms of service agreement, or privacy policy; if you like the program... keep it.
You can find some info on Netzip (this entry in your HJT log: O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WIN98\SYSTEM\NZDD0.DLL) at this site:
http://www.grc.com/downloaders.htm
Scan with hijackthis and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O2 - BHO: (no name) - {AB77A7BF-8C5B-486A-B547-F9AD2B41A904} - (no file)
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
Be sure to close all windows other than HJT before hitting the Fix button.
Of the O8 entries, did you set up any of these yourself? Also the O16 entries, are these sites you visit?
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
|
Similar Threads
- hjt log (Viruses, Spyware and other Nasties)
- Please Check this HJT Log!!! (Viruses, Spyware and other Nasties)
- Pls help with this HJT log (Viruses, Spyware and other Nasties)
- Need help wit Winpup32,hjt log included. (Viruses, Spyware and other Nasties)
- friends problem, HJT log (Viruses, Spyware and other Nasties)
- HJT log help pls (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Hotoffers.info Won't Go Away!!
- Next Thread: computer identification
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
