Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help, many problems


  • Please log in to reply
1 reply to this topic

#1 barbaric56

barbaric56

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 24 December 2004 - 07:54 PM

My computer is going crazy. There are lots of pop ups that spybot will not get rid of, my homepage always is about.blank. Please help, here is my hijack this log.

Logfile of HijackThis v1.99.0
Scan saved at 7:54:47 PM, on 12/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\documents and settings\barbara hagy\local settings\temp\MnnP1z.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\documents and settings\barbara hagy\local settings\temp\uW3h.exe
C:\documents and settings\barbara hagy\local settings\temp\mboRmq.exe
C:\documents and settings\barbara hagy\local settings\temp\NPIv.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\d?dplay.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
c:\windows\1WIR.exe
C:\Documents and Settings\Barbara Hagy\Application Data\rrup.exe
C:\WINDOWS\System32\wuauclt.exe
C:\TOSHIBA\Ivp\netint\netint.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\WINDOWS\System32\uzkc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Barbara Hagy\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5064F492-1CD8-497B-A70C-3C8CE613770A} - C:\WINDOWS\System32\lcloa.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\System32\WStart.dll (file missing)
O2 - BHO: (no name) - {A3DFDA85-1D92-4E28-8C0C-522574ACDC8A} - C:\WINDOWS\System32\msacrohlp.dll
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\u27xo.dll
O2 - BHO: (no name) - {BA0D726E-B9AA-B621-8E8D-E6ABAD7805C5} - C:\WINDOWS\System32\osgye.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Barbara Hagy\Local Settings\Temp\Zd8.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MnnP1z] C:\documents and settings\barbara hagy\local settings\temp\MnnP1z.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [uW3h] C:\documents and settings\barbara hagy\local settings\temp\uW3h.exe
O4 - HKLM\..\Run: [mboRmq] C:\documents and settings\barbara hagy\local settings\temp\mboRmq.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NPIv] C:\documents and settings\barbara hagy\local settings\temp\NPIv.exe
O4 - HKLM\..\Run: [1WIR] c:\windows\1WIR.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\djtopr1150.exe"
O4 - HKLM\..\RunOnce: [p4xr2y.exe] C:\WINDOWS\System32\p4xr2y.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [Rmhdfk] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [Osus] C:\Documents and Settings\Barbara Hagy\Application Data\rrup.exe
O4 - HKCU\..\RunOnce: [p4xr2y.exe] C:\WINDOWS\System32\p4xr2y.exe /k
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//paxan/main.chm::/load.exe
O16 - DPF: {FDDCE9FE-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstallerRaptor.cab
O18 - Filter: text/html - {9C0152CD-B8ED-4FC7-8E49-C6AE7EF2B438} - C:\WINDOWS\System32\lcloa.dll
O18 - Filter: text/plain - {9C0152CD-B8ED-4FC7-8E49-C6AE7EF2B438} - C:\WINDOWS\System32\lcloa.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:09:31 AM

Posted 24 December 2004 - 11:13 PM

Are you using these other programs?
aČ free-a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. aČ fills this gap.
Ad-Aware-A good program similar to SpyBot S & D.
SpywareBlaster-A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.
SpywareGuard-A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.

If not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...

Download them, update them, and then run them.

Post your log in the HJT forum, here. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users