HijackThis Log Help?

[BuddhaTB]

Can someone help me here with my HijackThis log? My homepage keeps getting changed to a Smart-Security.com associated webpage. Also there seems to be a smart-security ad that covers my desktop completely. Here is my HijackThis log. I would be greatful if someone can help me out. Thanks. If you need more info or a screen shot, let me know.


Logfile of HijackThis v1.97.7
Scan saved at 11:54:39 AM, on 6/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\eBayBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\eBayBand.dll
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: eBay Toolbar.LNK = ?
O4 - Global Startup: Real-time Monitor.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: eBay Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/c ... /nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potd_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/clas ... ,3,2,20802
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab

[TheCDBurner]

First off, I'm not familar with HijackThis program, but:

Sounds like you've got some spyware; try Spybot Search & Destroy. It'll find ANYTHING.

Linky:
http://security.kolla.de/

[tazdevl]

First off, I'm not familar with HijackThis program, but:

Sounds like you've got some spyware; try Spybot Search & Destroy. It'll find ANYTHING.

Linky:
http://security.kolla.de/

HijackThis is a log program that takes a snapshot of your system. Very helpful when trying to identify where your system is compromised or may be infected.

Actually SnD won't, though a combination of SnD, Adware and SpySweeper do a fairly good job.

Try posting your log at these foruns.

http://www.wilderssecurity.com/index.php?

http://www.dslreports.com/forums/all

I'd also recommend getting something like Spywareblaster or SpySweeper and a better AV to keep this from happening in the future. Your AV is pretty old and these days it's a good idea to have something that relies on more than just signatures, like heuristics. My recommendation would be Kaspersky Personal 5.0, which does a solid job against viruses, worms, trojans and offers an extended signature DB which helps combat pornware, adware and other forms of riskware.

30 day free trial www.kaspersky.com Update released today, so install the trial version, then the update.

[BuddhaTB]

2 Days and no one has helped me yet on either forum.

I'm getting pretty desperate here to fix the stupid problem.

[georgeg]

Can someone help me here with my HijackThis log?

The best place I've seen for online help with Hijack This logs is on the TechSupport Guys forums on http://www.helponthe.net/

Give them a try.

[BuddhaTB]

Finally found the solution to my problem by reading some other posts in the TechSupport Guys Forum.
http://forums.techguy.org/t242795.html
http://forums.techguy.org/t242377.html


Thank You georgeg for the suggestion!

[UALOneKPlus]

wow, sorry I didn't read this in time to help you BuddhaTB.

For the future, friends of mine highly recommend Adaware, Spybot Search and Destroy, and admuncher (paid version).

If you need more help, just let me know!

[BuddhaTB]

I use ad-aware, spybot S&D, spywareblaster on a daily basis now.

SpywareBlaster is one hell of a program and everyone should use it.