MY HJT log.

Question

Will someone please take a look at this for suspicious items? I am trying to get rid of an ezula that keeps loading. Thanks! Logfile of HijackThis v1.97.7 Scan saved at 10:38:59 AM, on 10/25/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NavNT tvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\PROGRA~1\NavNT\vptray.exe C:\Program Files\Common Files\Real\Update_OB ealsched.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\WINDOWS\System32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\NoPops\NoPops.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Support.com\bin gcmd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Paul\Application Data\oasc.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Palm\HOTSYNC.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Trillian rillian.exe C:\WINDOWS\System32\HPZipm12.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\l?gonui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\System32\wisptis.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG09.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {33FC672B-BD13-76EF-D423-10550DF62910} - C:\WINDOWS\System32\fwm.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] 'C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe' O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OB ealsched.exe' -osboot O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] 'C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe' O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NoPops] C:\Program Files\NoPops\NoPops.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [tgcmd] 'C:\Program Files\Support.com\bin gcmd.exe' /server /startmonitor /deaf O4 - HKLM\..\Run: [HP Component Manager] 'C:\Program Files\HP\hpcoretech\hpcmpmgr.exe' O4 - HKLM\..\Run: [HP Software Update] 'C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe' O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Aeaa] C:\Documents and Settings\Paul\Application Data\oasc.exe O4 - HKCU\..\Run: [Fbrl] C:\WINDOWS\System32\l?gonui.exe O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\System32\ezPopStub.exe /UninstPOP2 C:\Program Files\Web Offer O4 - Startup: Trillian.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=cc20f929261c5866fc5514e828fcb8fc6999e722299069d26f4c79cac0dae6efc9c7c5ee84ce6231d7680129b5ae66ff2168d1ff8a5308fe92dd50eb54c88162:bd8863bd1d4c50f2f5f6bb2aff93338e O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {8522F9B3-0000-0000-0000-000000000000} - http://38.144.58.87/se><><> [I changed this to post] O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.6299537037 O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

pskelley · Answer

Hello Pauleon, Welcome to Dell forum. The header from your log looks like this:

Logfile of HijackThis v1.97.7
Scan saved at 10:38:59 AM, on 10/25/2004
Platform: Windows XP (WinNT 5.01.2600) ( No SP10
MSIE: Internet Explorer v6.00 (6.00.2600. 0000)

Your HijackThis.exe is outdated, please update to the current version which is 1.98.2.
Open HJT, choose Confiq > Misc Tools > Check for update online.

You are seriously deficient in that you have no Ser Pack 1 or any of the critical browser updates. Please go to windows updates:
http://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=en-us and download and install all critical items suggested by windows for your computer.

Once this is complete, please follow the directions at the next link to download, update, install, configure properly and run both Ad-aware SE (freeware) abd Spybot S&D (freeware)
allowing the programs to remove all of the bad items they locate. Make sure you reboot between the two programs as indicated in the instructions and you need to know this about Spybot: Please note the free Spybot 1.3 does have a slight bug...it detects some DSO exploits falsely. Hopefully an upgrade will fix this.The problem is not serious and should not deter people from using Spybot.

Next run at least two of the following online free scanners allowing them to clean or fix anything they locate. If something can not be cleaned, make a note of what the item is (exact) and where the scan indicates it is located.
http://housecall.trendmicro.com/
http://www.pandasoftware.es/activescan/activescan-com.asp
http://www.bitdefender.com/scan/license.php

When the above instuctions are completed, please post a new log using REPLY to make sure you stay in this thread. Include with the log any feedback about any of the scans you completed and any other information about how the computer is functioning that you think might help.
Remember that you are our eyes, this cleanup will be a team effort and we can not be succesful without your help.

Thanks,,,pskelley
Dell Responder

Message Edited by pskelley on 10-25-2004 11:05 PM

Virus & Spyware

Was this post helpful?