hijackthis
Results 1 to 4 of 4

Thread: hijackthis

  1. #1
    Senior Member
    Join Date
    Jun 2004
    Posts
    137

    hijackthis

    guys help me with this.....

    Logfile of HijackThis v1.98.2
    Scan saved at 10:06:15 AM, on 8/1/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\PROGRAM FILES\ACCESS MANAGER\NEWADMIN.EXE
    C:\WINDOWS\SYSTEM\FGCGF27D.EXE
    C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
    C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\180SEARCHASSISTANT\SALM.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
    C:\HIJACK THIS\HIJACKTHIS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chikka.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skyinet.net:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 66.218.75.184 mail.yahoo.com
    O1 - Hosts: 213.219.251.80 go.com
    O1 - Hosts: 213.219.251.80 www.go.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\SYSTEM\AZESEARCH4.OCX
    O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\SYSTEM32\IASADA.DLL
    O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\PROGRAM FILES\180SEARCHASSISTANT\SALMHOOK.DLL
    O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\SYSTEM\AZESEARCH4.OCX
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [00saskda] "C:\PROGRAM FILES\ACCESS MANAGER\NEWADMIN.EXE" saskda
    O4 - HKLM\..\Run: [fgcgf27d] C:\WINDOWS\SYSTEM\fgcgf27d.exe
    O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
    O4 - HKLM\..\Run: [qdal] C:\WINDOWS\qdal.exe
    O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
    O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.78.97.2,202.78.97.41

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Looks like your PC is pretty messy.

    04 - HKLM\..\Run: [00saskda] "C:\PROGRAM FILES\ACCESS MANAGER\NEWADMIN.EXE" saskda
    O4 - HKLM\..\Run: [fgcgf27d] C:\WINDOWS\SYSTEM\fgcgf27d.exe
    O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
    O4 - HKLM\..\Run: [qdal] C:\WINDOWS\qdal.exe
    O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

    Those can all go.

    Been a while since I've seen the processes on Win98 but some of them can definately go.. others are questionable.

    C:\WINDOWS\SYSTEM\KERNEL32.DLL <-- a DLL is a running process?
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\ACCESS MANAGER\NEWADMIN.EXE
    C:\WINDOWS\SYSTEM\FGCGF27D.EXE
    C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
    C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\180SEARCHASSISTANT\SALM.EXE

    Most of those can go...

    Have you ran AdAware (I see it was open)... or Spybot.. or AntiSpyware? I'd boot into safe mode and run all three of them

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chikka.com/
    O1 - Hosts: 66.218.75.184 mail.yahoo.com
    O1 - Hosts: 213.219.251.80 go.com
    O1 - Hosts: 213.219.251.80 www.go.com
    O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\SYSTEM\AZESEARCH4.OCX
    O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\SYSTEM32\IASADA.DLL
    O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\PROGRAM FILES\180SEARCHASSISTANT\SALMHOOK.DLL
    O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\SYSTEM\AZESEARCH4.OCX
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
    O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

    Those can all be removed


    Assuming that skyinet is your internet then the others are fine...

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    137
    thanks.....

    my pc is kind a mess and the file sharing for windows is gone......

    where registry can i go to restore the file sharing??

    POST PLS. thanks

  4. #4
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,247
    Actually you can go to network settings under control panel and add network component. "File and Print Services"
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides