Help with Hijackthis!! LOG

Discussion in 'Computer Support' started by Warren Briggs, Jun 9, 2004.

  1. Can someone please tell me what I should fix on this HijackThis! Log?
    Thanks for all your help.

    Logfile of HijackThis v1.97.7
    Scan saved at 8:03:22 PM, on 6/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\xerox\Pagis\Monitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\My Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    file:///C:/Toms%20New%20Computer%20Files/bookmark.htm
    R3 - Default URLSearchHook is missing
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} -
    C:\Program Files\ClearSearch\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no
    file)
    O2 - BHO: MyWebSearch Search Assistant BHO -
    {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program
    Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} -
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA}
    - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Xerox WorkCentre 480cx Monitor] RUNDLL32.EXE
    C:\WINDOWS\System32\X480SHLL.DLL,AutoUpdatePnPValue
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [ezsrobgv] C:\WINDOWS\ezsrobgv.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program
    Files\Cosmi\HelpExpress\Owner\HXIUL.EXE
    O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program
    Files\Cosmi\HelpExpress\Owner\Client\HelpExp.exe
    O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program
    Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program
    Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Pagis Scheduler.lnk = C:\Program
    Files\xerox\Pagis\Monitor.exe
    O8 - Extra context menu item: &Search -
    http://bar.mywebsearch.com/menusearch.html?p=ZRzfw013
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet
    Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/058f999d768bd3078004/netzip/RdxIE601.cab
    O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} -
    http://69.56.176.227/webplugin.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
    - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38103.5306481481
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class)
    - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D92C4D39-269E-4177-849C-594326F3FDE0}:
    NameServer = 209.193.4.7 209.193.4.8
     
    Warren Briggs, Jun 9, 2004
    #1
    1. Advertising

  2. Warren Briggs

    Boomer Guest

    (Warren Briggs) wrote:

    > Can someone please tell me what I should fix on this HijackThis!
    > Log? Thanks for all your help.
    >
    > Logfile of HijackThis v1.97.7

    [snip]

    If you don't get a reply shortly you can post this at
    http://www.lavasoftsupport.com/index.php

    HTH
     
    Boomer, Jun 9, 2004
    #2
    1. Advertising

  3. Warren Briggs

    discogail Guest

    W/ all other browser wundows closed.....& only HijackThis running......check
    off:

    R3 - Default URLSearchHook is missing
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} -
    C:\Program Files\ClearSearch\CSIE.DLL (file missing)
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no
    file)
    O2 - BHO: MyWebSearch Search Assistant BHO -
    {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program
    Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} -
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA}
    - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
    O4 - HKLM\..\Run: [ezsrobgv] C:\WINDOWS\ezsrobgv.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program
    Files\Cosmi\HelpExpress\Owner\HXIUL.EXE
    O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program
    Files\Cosmi\HelpExpress\Owner\Client\HelpExp.exe
    O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
    O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program
    Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program
    Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search -
    http://bar.mywebsearch.com/menusearch.html?p=ZRzfw013
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/058f999d768bd3078004/netzip/RdxIE601.cab
    O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} -
    http://69.56.176.227/webplugin.cab

    "Fix Checked"...........Reboot to SAFE mode
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    Show hidden files and folders-->
    http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    Go to:
    C:\Program Files & delete the ClearSearch folder...the MyWebSearch folder
    C:\WINDOWS & delete emsw.exe...ezsrobgv.exe...... (if found)
    c: & delete the freescan folder
     
    discogail, Jun 9, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ~*Eternity*~

    Help with HijackThis! Log

    ~*Eternity*~, May 14, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    806
    Toolman Tim
    May 15, 2004
  2. nik_marquise

    HijackThis help . . . not log file . . . Help

    nik_marquise, Jun 8, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    382
    °Mike°
    Jun 8, 2004
  3. Mocha

    A Little Help With My Hijackthis Log please

    Mocha, Jun 10, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    496
    °Mike°
    Jun 11, 2004
  4. Adamnation

    HijackThis Log Help

    Adamnation, Jul 2, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    540
    °Mike°
    Jul 2, 2004
  5. Andrew Spiehler

    Need help with Hijackthis log

    Andrew Spiehler, Jul 31, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    475
    °Mike°
    Jul 31, 2004
Loading...

Share This Page