HijackThis Help

Ok, I don't know where I could of fit this particular thread, so I put it in here.

Has anyone ever downloaded a program called HijackThis? HijackThis is a program that lets you scan and delete stuff you don't want (hijacked toolbars, ad-aware etc etc).

Does anyone have any knowledge about this program, because when I scan I do not know what to delete, if I delete something I need it will corrupt the motherboard.

I will show you my logfile:

"Logfile of HijackThis v1.98.2
Scan saved at 21:34:53, on 24/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com...[SUB_PRD]&clcid=[SUB_CLSID]&pver=[SUB_PVER]&ar=home
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O3 - Toolbar: Norton AntiVirus - [42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6] - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - [62999427-33FC-4baf-9C9C-BCE6BD127F08] - (no file)
O3 - Toolbar: &Google - [2318C2B1-4965-11d4-9B18-009027A5CD4F] - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ukyujo] C:\WINDOWS\System32\xyohkz.exe
O4 - HKLM\..\Run: [Does vc] C:\PROGRA~1\BIASLO~1\Hold Book.exe
O4 - HKLM\..\Run: [data bits dart cash] C:\Documents and Settings\All Users\Application Data\MOVE IDLE DATA BITS\Rdr phone.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - [08B0E5C0-4FCB-11CF-AAA5-00401C608501] - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - [08B0E5C0-4FCB-11CF-AAA5-00401C608501] - (no file)
O9 - Extra button: Messenger - [FB5F1910-F110-11d2-BB9E-00C04F795683] - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - [FB5F1910-F110-11d2-BB9E-00C04F795683] - C:\Program Files\Messenger\msmsgs.exe"


Thank's for you help.

[edit on 24-9-2004 by Minime]

I dont know if this helps but you could probably get rid of all that extra stuff just dont delete anything that sounds important like the first one that looks like your homepage when I scaned I deleted you just have to read it and see where it goes

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

and the other message ones

These entries would concern me a bit. I don't recognize them, and they might be some randomly named worm files:

• O4 - HKLM\..\Run: [ukyujo] C:\WINDOWS\System32\xyohkz.exe
  
• O4 - HKLM\..\Run: [Does vc] C:\PROGRA~1\BIASLO~1\Hold Book.exe
  
• O4 - HKLM\..\Run: [data bits dart cash] C:\Documents and Settings\All Users\Application Data\MOVE IDLE DATA BITS\Rdr phone.exe

Someone else might know what they are and post, but a quick web search didn't get me any hits. Check the system out with antivirus/spyware tools. Might be a good idea to an online virus scan (in case something has messed with your Symantec scanner). Good luck!

Trend Housecall
Panda Scanner

There is one thing that catches my eye...wsaupdater.exe. You cant just delete it from Hijackthis cuz it appended itself to the userinit.exe. Here are directions to remove it safely. It may be a solution to a different problem, but it still says how to remove it. Also, you have a toolbar with no name...but doing a check on the GUID says that its The DAP Toolbar...am I right?

If you are afraid of worms and trojans and such you should download Bazooka spyware scanner and recemmond getting Antivir it helps It helped me or if you want to delete something from it just click "Info on selected item"