hijack this!

Status
Not open for further replies.

vandit

In the zone
my hijack this file is as given below,...........am I infected by a virus or something??how to know....bcause my comp has been behaving strangely from past few days...
Logfile of HijackThis v1.97.7
Scan saved at 11:57:39 PM, on 07-Jul-06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\POWERS.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
E:\PROGRAMS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *in.rediff.com/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *in.rediff.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = *in.rediff.com/index.html
R3 - URLSearchHook: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\PROGRAM FILES\REDIFF TOOLBAR\REDIFFTOOLBAR.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {5F48C39E-5581-4701-9A76-96A6E25E5BCC} - C:\PROGRA~1\SURFGH~1\SGENGINE.DLL
O2 - BHO: (no name) - {4A41E0D2-D514-4ca6-A494-7EB8420A865F} - C:\PROGRA~1\REDIFF~2\REDIFF~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: & SurfGhost - {0A4DC360-26A5-4FC1-8FB2-ADD00738A99B} - C:\PROGRA~1\SURFGH~1\SURFGH~1.DLL
O3 - Toolbar: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\PROGRAM FILES\REDIFF TOOLBAR\REDIFFTOOLBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PowerS] "C:\WINDOWS\PowerS.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Samsung Internet Keyboard.lnk = C:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: &Search - *bar.mywebsearch.com/menusearch.html?p=ZNfox000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Rediff Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: Rediff Toolbar (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - *download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - *www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
 

anandk

Distinguished Member
infected with mywebsearch toolbar, which some consider bundled spyware. shud u wish to remove it, go to Start->Settings->Control Panel and double click on Add/Remove Programs. Then find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it.
also check this *www.securemost.com/articles/rm_wywebsearch.htm
otherwise seems ok :)
 
OP
vandit

vandit

In the zone
My web search toolbar???? there is no such option in add\remove....moreover spybot-search and dest. also doesn't detect any such prob.
 

shoegoe

Broken In
vandit said:
my hijack this file is as given below,...........am I infected by a virus or something??how to know....bcause my comp has been behaving strangely from past few days...

What kinda unusual?....
 

anandk

Distinguished Member
fix these entries from ur hijackthis logfile :

O8 - Extra context menu item: &Search - *bar.mywebsearch.com/menusearch.html?p=ZNfox000

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - *www.ysbweb.com/ist/softwares/...sb_1002535.cab

schedule a boottime scan of spybot; else try spyware doctor or adaware to remove it. more info *www.pchell.com/support/mywebsearch.shtml
 
Status
Not open for further replies.
Top Bottom