Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - Hops (please help!)


  • This topic is locked This topic is locked
1 reply to this topic

#1 hops

hops

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 07 October 2004 - 04:08 PM

Hi,

I posted my Hijack this log the other day, but I was using HJT from the desk top. I have corrected that, and used CWShredder. I have had very large problems with Spyware, which I believe stemmed form the Spybot Virus. I am also currently using AdAware and Sybot Search and Destroy. Included is my new HJT log.

Any help is greatly appreciated.

thanks,
Hops

Logfile of HijackThis v1.98.2
Scan saved at 2:08:01 PM, on 10/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\netclnt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINNT\System32\WinSound1.exe
C:\WINNT\System32\winserv.exe
C:\WINNT\System32\wuamgrd.exe
C:\WINNT\System32\cmpbk324.exe
C:\WINNT\System32\ccTrust5.exe
C:\WINNT\System32\xolpagnt.exe
C:\WINNT\System32\zipec6.exe
C:\WINNT\System32\winserv.exe
C:\Documents and Settings\Administrator\Application Data\v?fifo.exe
C:\WINNT\System32\l?gonui.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\HJT\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\NTreg.exe
c:\netstar.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iinstall.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINNT\System32\toyzul.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\jyfvt.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINNT\EliteToolBar\EliteToolBar version 53.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINNT\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [Sound System] WinSound1.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [Windows System Serivce] winserv.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\Run: [NbKBvxo12.exe] C:\documents and settings\administrator\local settings\temp\NbKBvxo12.exe
O4 - HKLM\..\Run: [a2pZEEw4.exe] C:\documents and settings\administrator\local settings\temp\a2pZEEw4.exe
O4 - HKLM\..\Run: [bb51ecd7fc58] C:\WINNT\System32\cmpbk324.exe
O4 - HKLM\..\Run: [21d3354f1008] C:\WINNT\System32\ccTrust5.exe
O4 - HKLM\..\Run: [URo.exe] C:\documents and settings\administrator\local settings\temp\URo.exe
O4 - HKLM\..\Run: [R81Q.exe] C:\documents and settings\administrator\local settings\temp\R81Q.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [UCkrGI.exe] C:\documents and settings\administrator\local settings\temp\UCkrGI.exe
O4 - HKLM\..\Run: [WhenUSearchWHSE] C:\Program Files\WhenUSearch\whse.exe
O4 - HKLM\..\Run: [wFmg32U] xolpagnt.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Sys29] c:\winnt\system32\winbjs32.exe
O4 - HKLM\..\Run: [nzwuymznngxw] C:\WINNT\System32\toyzul.exe
O4 - HKLM\..\RunServices: [Sound System] WinSound1.exe
O4 - HKLM\..\RunServices: [Windows System Serivce] winserv.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] xvshost.exe
O4 - HKCU\..\Run: [Windows System Resource Service] srss.exe
O4 - HKCU\..\Run: [ho5mRSY8U] zipec6.exe
O4 - HKCU\..\Run: [Windows System Serivce] winserv.exe
O4 - HKCU\..\Run: [Sound System] WinSound1.exe
O4 - HKCU\..\Run: [Arma] C:\Documents and Settings\Administrator\Application Data\v?fifo.exe
O4 - HKCU\..\Run: [Nfgaqvt] C:\WINNT\System32\l?gonui.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\maxspeed.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:08:19 PM

Posted 07 October 2004 - 05:48 PM

hops

Please don't open a new topic !

You should reply here:
http://www.bleepingcomputer.com/forums/ind...?showtopic=3287

Click the Add Reply button and post your log.

This topic is closed.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users