Help me with Hijack log please. (computer #2)

Discussion in 'adware, spyware & hijack cleaning' started by fzl20, Jun 25, 2004.

Thread Status:
Not open for further replies.
  1. fzl20

    fzl20 Registered Member

    May 23, 2004
    Logfile of HijackThis v1.97.7
    Scan saved at 9:00:36 PM, on 6/25/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Queen\My Documents\download\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
    O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\System32\414n8hwrjz.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [regsvc32] C:\WINDOWS\system32\regsvc32.exe
    O4 - HKLM\..\Run: [MSRegSvc] C:\WINDOWS\system32\regsvc32.exe
    O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [jopa] C:\WINDOWS\System32\sysstartup.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
    O4 - HKCU\..\Run: [jopa] C:\WINDOWS\System32\sysstartup.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
    O4 - Global Startup: winlogin.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero3000\MPURLGET.HTM
    O8 - Extra context menu item: SaveHeroplayer Online - C:\HEROSOFT\Hero Super Player\MPURLGET.HTM
    O9 - Extra button: Short Message (HKLM)
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: hero player (HKLM)
    O9 - Extra 'Tools' menuitem: hero player (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

    I have posted my log before and I still haven't received any response. I apprecaite your help.
  2. snapdragin

    snapdragin Administrator

    Feb 16, 2002
    Southern Ont., Canada
    Re: Help me with Hijack log please.

    Hi fzl20,

    I'm confused now what computer you are referring two. You did receive help in this thread:

    But it looks like you were posting separate threads for different computers and not specifying which thread belonged to which computer. That makes it terribily confusing for those that will help you and causes time wasted on trying to hunt down and merge duplicated threads for the same computer with the same infection.

    Please stay in one thread for one computer. If you are posting for an entirely different computer, then please specify that in the title of the thread, for example, "this is computer #2". If you help us, we can help you.

    Now, is this log you posted related to the computer and the same infection as the one in the above link? If yes, then I will merge this one to that thread. Please let me know. :)


  3. fzl20

    fzl20 Registered Member

    May 23, 2004
    Re: Help me with Hijack log please.

    I separated the threads for my two computers but Pieter combined it. Anyway, Computer# 1 is fixed. Computer#2 is the one that I have trouble fixing, as per your instructions. The thread I posted here is for Computer#2. I hope this clears it up for you. I am very sorry about the confusion. Please let me know what to do. I have trouble fixing this one. Thanks.
Thread Status:
Not open for further replies.