Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tried to read my own hijack [CLOSED]


  • This topic is locked This topic is locked

#1
wace9178

wace9178

    Member

  • Member
  • PipPip
  • 98 posts
Good morning. I'm tried to read my wifes hijack. Sorry about the(---xxx) but i didnt know how to underline the bad ones. please let me know how i did. I wont delete anything until i here from you. Some of it was pretty obvious and then again some wasn't.

Thank you very much.

Logfile of HijackThis v1.97.7
Scan saved at 6:30:26 AM, on 5/25/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\PROGRAM FILES\WZCBDL SERVICE\WZCBDL9X.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\D-LINK\AIR USB UTILITY\AIRCFG.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
C:\PROGRAM FILES\LYCOS\IEAGENT\LOADER.EXE
C:\PROGRAM FILES\COMET SYSTEMS\DM\BIN\DMSERVER.EXE
C:\WINUPDAT.EXE
C:\WINDOWS\SYSTEM\WUAUMQR.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\WINDOWS\DHBRWSR.EXE
C:\PROGRAM FILES\RRIM\AIM.EXE
C:\WINDOWS\APPLICATION DATA\UWUO.EXE
C:\WINDOWS\SYSTEM\WINTSU.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...yahoo.com---XXX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...arch.html---XXX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...yahoo.com---XXX
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)---XXX
R3 - URLSearchHook: (no name) - HRZR_PGYFRFFVBA - (no file)---XXX
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL---XXX
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)---XXX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\ADROAR.DLL (file missing)---XXX
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL---XXX
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL---XXX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)---XXX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL---XXX
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\ADROAR.DLL (file missing)---XXX
O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL---XXX
O4 - HKLM\..\Run: [D-Link Air USB Utility] c:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun---XXX
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [GAFULLV] C:\WINDOWS\SYSTEM\GAFULLV.exe---XXX
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
O4 - HKLM\..\Run: [winupdat] \winupdat.exe
O4 - HKLM\..\Run: [Winsock2 driver] WUAUMQR.EXE
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST---XXX
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe---XXX
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe---XXX
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe---XXX
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [WZCBDLService] c:\Program Files\WZCBDL Service\WZCBDL9X.exe---XXX
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [IM] C:\PROGRAM FILES\RRIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\RRIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Lult] C:\WINDOWS\Application Data\uwuo.exe
O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\SYSTEM\wintsu.exe
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [HRZR_PGYFRFFVBA] Ń"---XXX
O4 - HKCU\..\Run: [HRZR_PGYPHNPbhag:pgbe] ---XXX
O4 - HKCU\..\Run: [HRZR_HVGBBYONE] ---XXX
O4 - HKCU\..\Run: [HRZR_HVGBBYONE:0k1,120] ---XXX
O4 - HKCU\..\Run: [HRZR_HVGBBYONE:0k1,121] ---XXX
O4 - HKCU\..\RunOnce: [Winsock2 driver] WUAUMQR.EXE---XXX
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...yinst.cab---XXX
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...IE601.cab---XXX
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...ldApp.cab---XXX
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...raft1.cab---XXX
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn2.adsdk.co...r1132031209.EXE
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...v9VCM.CAB---XXX
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net---XXX
  • 0

Advertisements


#2
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Hey Wace,

It was a good start. However somethings you missed. Also, if you try to do it by yourself remember that you can load backups by going to the configuration tab in HiJack this.

You missed the following entries:
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
O4 - HKLM\..\Run: [Winsock2 driver] WUAUMQR.EXE
O4 - HKCU\..\Run: [Lult] C:\WINDOWS\Application Data\uwuo.exe
O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\SYSTEM\wintsu.exe
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...raft1.cab---XXX
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn2.adsdk.co...r1132031209.EXE

Go to add/remove programs and look for Lycos IE Agent and Comet Software and uninstall them.

also, i would run a trojan scan found at www.moosoft.com


If you use Yahoo! Companion and messenger then I dont believe you need to get rid of these entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...yahoo.com---XXX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...arch.html---XXX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...yahoo.com---XXX
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL---XXX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL---XXX


  • 0

#3
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP