Little help with a HJ log

Recently my sister gave me her PC to fix. She says
she has weird net problems. I said shes probably
hijacked. I ran SpyBot, AdAware, CWShredder,
and still some issues. Here's the log, any advice
would be helpful.

Logfile of HijackThis v1.97.7
Scan saved at 2:34:25 PM, on 5/10/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=1c99&s=consumer&i=enu
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\SEARCH~1\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\SEARCH~1\TOOLBAR.DLL/sa
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\SDPH20.DLL
O2 - BHO: (no name) - {FDCCC460-CF44-11D7-8CE7-0008C78FAC09} - C:\WINDOWS\SYSTEM\MSRAWT.DLL
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\ASHAMPOO\ASHAMP~1\POPUP.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\WINDOWS\TEMP\WTOOLSB.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\SEARCH~1\TOOLBAR.DLL
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRAM FILES\ASHAMPOO\ASHAMPOO WINOPTIMIZER PLATINUM SUITE\PopUpKiller.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Symantec\TalkWorks\WTNSETUP.EXE
O4 - Startup: Refresh.lnk = C:\WINDOWS\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\pptico.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O12 - Plugin for .98: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {16E349E0-702C-11CF-A3A9-00A0C9034920} - http://activex.microsoft.com/activex/controls/iexplorer/x86/iepreld.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38098.5145601852
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} - http://atwnt333.external.hp.com/bus-nacons/caller/SysQuery.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Busy day here today?

 

Hmm I think I can read what the boards say.

Well Xflat I did read that many times. Seeing that there were many posts for Hijack logs, I figured that there was help there. Sorry for thinking that. Next time I'll make the effort to go to a different forum. Maybe you missed that I ran SpyBot, AdAware, CWShredder, and still was having some issues. I did make sure that they were all updated.


Anyways, thanks chaslang, I'll give that a try.

 

Hey Allikzar,
Chill out and stick around X-flat was just reacting to what seems to be a glut of Hijack logs lately, and unfortunately 99% dont bother reading the F.A.Qs and just jump in with a log file which should only be used as a last resort
And the problem is because they havent bothered running Ad-Aware etc the log files can be very cluttered which can take us guys a long time to sort out

Im glad to see you drop into the 1% category who have made the effort, im sure The X man doesnt need me to speak on his behalf but i thought i would anyway, so stick around and youll find hes a top man here

Anyway follow Chaslangs excellent advice and if you still have any problems let us know

Just to add my 02 after reading through your log i would advice dumping all the lines with this in it is in fact spyware
htt://red.clientapps.yahoo.com/cus...//www.yahoo.com

and do you know what this is
O4 - Startup: Refresh.lnk = C:\WINDOWS\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\pptico.exe

 

Thanks G-Lee, I kind of figured that his response was due to all the other Hijack logs and spyware questions that have bombarded the board. It just ticked me off because it seemed like he didn't even read my original post and just "assumed" that I have no idea what a computer is.

But I+I survive, I'll pass all the info to my sister and hopefully we could get this figured out. Not sure what the pptico.exe is. Google comes up with no info on it. Well have to do more research on that.

 

Good spot Chas
i couldnt find squat on that so just thought id ask, guess Allikzars sister would know if thats what it is

 

Yea, saw that link and shes not a teacher in any way
so I think that she does not need that there. All the
other links we all in Korean, so I couldn't understand it.

Thanks again G-Lee and Chas