HijackThis Log

Discussion in 'adware, spyware & hijack cleaning' started by konin, Mar 4, 2004.

Thread Status:
Not open for further replies.
  1. konin

    konin Guest

    Alright everyone how are ya all im doing alright but i seem to be having some problems with my homepage i had perviously had it hijacked and i posted my log and was helped by someone greatly and i thought it was fixed and it worked for a couple of days but now my homepage is again being hijacked again so here is my hijack this log if i could get someone to look it over and tell me what to fix that would be great, i havent done anything else yet sides scan it, i havent ran CWShedder or anything if someone could help me out so we could fix this thing for good that would be much appreciated
    Logfile of HijackThis v1.97.5
    Scan saved at 3:45:22 PM, on 3/4/2004
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\Program Files\STOPzilla!\szntsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\loadqm.exe
    C:\Program Files\STOPzilla!\Stopzilla.exe
    C:\Program Files\AIM\aim.exe
    C:\WINNT\System32\olehelp.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\home\Desktop\Jeff's Stuff\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bizonio.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://bizonio.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bizonio.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bizonio.com/index.htm
    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\System32\StopzillaBHO.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1424.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
    O4 - HKLM\..\Run: [Image] rundll32 C:\WINNT\image.dll,Install
    O4 - HKLM\..\Run: [SSL] C:\WINNT\svchost.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [olehelp] C:\WINNT\System32\olehelp.exe
    O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINNT\image.dll,Install
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    o another thing that might help is that i want my homepage set at msn but it keeps going to thie bizonio page or whatever it is thanks again hope to hear back from ya
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi konin,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bizonio.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://bizonio.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bizonio.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bizonio.com/index.htm

    O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch

    O4 - HKLM\..\Run: [Image] rundll32 C:\WINNT\image.dll,Install
    O4 - HKLM\..\Run: [SSL] C:\WINNT\svchost.exe

    O4 - HKCU\..\Run: [olehelp] C:\WINNT\System32\olehelp.exe
    O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINNT\image.dll,Install

    Then download, unzip and run: http://www.computercops.biz/zx/phoenix22/cws.zip
    Use the Fix button and follow the instructions provided by the program.
    Do not use an old version, download the new one.

    Then reboot and delete:
    C:\WINNT\svchost.exe <= NOTE, the one in that directory. Do NOT try to delete C:\WINNT\system32\svchost.exe

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.