-
August 1st, 2005, 03:08 AM
#1
Senior Member
hijackthis
guys help me with this.....
Logfile of HijackThis v1.98.2
Scan saved at 10:06:15 AM, on 8/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ACCESS MANAGER\NEWADMIN.EXE
C:\WINDOWS\SYSTEM\FGCGF27D.EXE
C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\180SEARCHASSISTANT\SALM.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chikka.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skyinet.net:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\SYSTEM\AZESEARCH4.OCX
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\SYSTEM32\IASADA.DLL
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\PROGRAM FILES\180SEARCHASSISTANT\SALMHOOK.DLL
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\SYSTEM\AZESEARCH4.OCX
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [00saskda] "C:\PROGRAM FILES\ACCESS MANAGER\NEWADMIN.EXE" saskda
O4 - HKLM\..\Run: [fgcgf27d] C:\WINDOWS\SYSTEM\fgcgf27d.exe
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [qdal] C:\WINDOWS\qdal.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.78.97.2,202.78.97.41
-
August 1st, 2005, 03:47 AM
#2
Hey Hey,
Looks like your PC is pretty messy.
04 - HKLM\..\Run: [00saskda] "C:\PROGRAM FILES\ACCESS MANAGER\NEWADMIN.EXE" saskda
O4 - HKLM\..\Run: [fgcgf27d] C:\WINDOWS\SYSTEM\fgcgf27d.exe
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [qdal] C:\WINDOWS\qdal.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
Those can all go.
Been a while since I've seen the processes on Win98 but some of them can definately go.. others are questionable.
C:\WINDOWS\SYSTEM\KERNEL32.DLL <-- a DLL is a running process?
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ACCESS MANAGER\NEWADMIN.EXE
C:\WINDOWS\SYSTEM\FGCGF27D.EXE
C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\180SEARCHASSISTANT\SALM.EXE
Most of those can go...
Have you ran AdAware (I see it was open)... or Spybot.. or AntiSpyware? I'd boot into safe mode and run all three of them
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chikka.com/
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\SYSTEM\AZESEARCH4.OCX
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\SYSTEM32\IASADA.DLL
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\PROGRAM FILES\180SEARCHASSISTANT\SALMHOOK.DLL
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\SYSTEM\AZESEARCH4.OCX
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
Those can all be removed
Assuming that skyinet is your internet then the others are fine...
Peace,
HT
-
August 1st, 2005, 04:11 AM
#3
Senior Member
thanks.....
my pc is kind a mess and the file sharing for windows is gone......
where registry can i go to restore the file sharing??
POST PLS. thanks
-
August 1st, 2005, 02:43 PM
#4
Actually you can go to network settings under control panel and add network component. "File and Print Services"
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|