Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HJT log - bepullin

  • Please log in to reply
2 replies to this topic

#1 bepullin


  • Members
  • 1 posts
  • Local time:02:22 AM

Posted 22 March 2005 - 05:46 PM

have difficulty with the home page and pop ups

Logfile of HijackThis v1.98.2
Scan saved at 3:37:10 PM, on 3/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ybxdm.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ybxdm.dll/sp.html#10001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ybxdm.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ybxdm.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ybxdm.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ybxdm.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ybxdm.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {F1B51150-D9B4-4CAE-8739-FCA1CC8D224D} - C:\WINDOWS\system32\iebe32.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [appde32.exe] C:\WINDOWS\system32\appde32.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

BC AdBot (Login to Remove)


#2 Eddo


  • Members
  • 7 posts
  • Local time:04:22 AM

Posted 22 March 2005 - 09:44 PM

For starters you should have both Spybot: Search and Destroy + Ad-Aware on your PC. They are 2 of the best anti-spyware programs available and are currently free.

Also, Spybot has something called 'Teatimer'. It loads when your start up your PC and stays resident in memory.. killing spyware as it downloads. Personally I bought Ad-aware and am running their 'Adwatch' (same idea as tea timer) and have had great results. Last few times I've checked my PC's there has not been a single spyware item on it.

Now.. that's just extra info for now. Those memery resident programs wont do much good since your are already infected. But should definately be installed AFTER you get rid of whatever is on your PC.

I'd suggest running both spybot and ad-aware and letting us know what they show up. After running them the 1st time.. delete the spyware and reboot. Then run them again and let us know what is still showing up.

Edit: Ah.. I just noticed the above Blue writing. Sorry mods. :thumbsup: You should remove that. I don't disagree that some advice can be destructive to a persons PC... but It's obvious you guys have your hands full and should not block others from helping.

Edited by Eddo, 22 March 2005 - 09:54 PM.

#3 Daisuke


    Cleaner on Duty

  • Members
  • 5,575 posts
  • Gender:Male
  • Location:Romania
  • Local time:02:22 AM

Posted 26 March 2005 - 06:15 AM

@Eddo, if you would like to be able to help with the HJT logs, then please personal message one of the staff members. If not, please refrain from posting to the live logs as it can cause only confusion.

@bepullin, Eddo did you a "favour", bumped your post and made it disappear from the unanswered topics list.
You have a very nasty infection. Post please a fresh hijackthis log if you still have the problem.

Download the latest version of HijackThis!: Download here HJT 1.99.1. Save it on your Desktop. You will need now to unzip hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups. You may need to use these backups.

First create a new folder:
A. Click My Computer icon on your desktop
B. Click C: drive
C. Click the File menu --> New --> Folder, a folder "New folder" will be created.
D. Rename it HJT

Unzip hijackthis.exe to the c:\HJT folder.

Run HijackThis.exe Press the Scan button, then Save Log.
Notepad will open.

In Notepad click
Edit menu --> Select All
Edit menu --> Copy

When responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and only cause a delay in the help you are receiving.

Right click in the message area and click on the paste option to paste the log into the post.[SIZE=7]

Edited by Daisuke, 26 March 2005 - 06:16 AM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users