Help with Hijackthis log
Results 1 to 5 of 5

Thread: Help with Hijackthis log

  1. March 4th, 2005, 11:20 AM #1
    Max
    Max is offline
    Registered User
    Join Date
    May 2002
    Posts
    11

    Help with Hijackthis log

    An online virus checker fond this but did not do anything with them.

    Incident Status Location
    -----------------------------------------------------------------------
    Adware:Adware/MediaTickets No disinfected Windows Registry
    ------------------------------------------------------------------------
    Adware:Adware/Coupons No disinfected C:\WINDOWS\cpbrkpie.ocx
    ------------------------------------------------------------------------
    Adware:Adware/SuperSpider No disinfected Windows Registry
    ------------------------------------------------------------------------
    Adware:Adware/Coupons No disinfected C:\WINDOWS\cpbrkpie.ocx
    I think it is some online coupon thing my wife ok'ed so she could print out a coupon. I am not sure how bad this, but I like to get it all out of my system.

    Here is the Hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:13:35 AM, on 3/4/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\Program Files\ResChanger XP\ResChangerXP.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\KeyMaestro\Multimedia Keyboard\MMKeybd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\KeyMaestro\Multimedia Keyboard\MEDIACTR.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\a2\a2guard.exe
    C:\PROGRA~1\KEYMAESTRO\ONSCRE~1\OSD.EXE
    C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
    C:\Program Files\KeyMaestro\Multimedia Keyboard\MMUSBKB2.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Downloads\Virus and Spyware stuff\hijackthis\HijackThis.exe

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

    5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

    files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\KeyMaestro\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics

    12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031705

    serial=DR12WTX-9999998-YSP lang=EN
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
    O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d

    series\FRU\Remind32.exe
    O4 - Startup: restart_vs.lnk = E:\Viewsonic.exe
    O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp

    officejet d series\Bin\hpoojd07.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

    Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://v5.windowsupdate.microsoft.co...?1109492289890
    O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) -

    http://www.evga.com/Support/SyScan/SyScan.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -

    http://a19.g.akamai.net/7/19/7125/40...3/cpbrkpie.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active

    Monitor\imonnt.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Thanks for your help,
    Max
    Reply With Quote Reply With Quote
  2. March 4th, 2005, 03:17 PM #2
    geoscomp
    geoscomp is offline
    Registered User geoscomp's Avatar
    Join Date
    Apr 2002
    Location
    Minnesota
    Posts
    2,340
    There is nothing untoward or malware-like in your hijack this log. Try an online scan such as trend-micro's housecall, which will give you to option of deleting the files if they cannot be disinfected, or manually delete them from safe mode.
    Computer Rescue Service

    "those who do not remember history are condemned to repeat it."
    Reply With Quote Reply With Quote
  3. March 4th, 2005, 09:53 PM #3
    flackt
    flackt is offline
    Registered User flackt's Avatar
    Join Date
    Jan 2001
    Location
    Shumway,IL,USA
    Posts
    66
    go to this site and paste your log into the box.

    online hijack analysis
    "Really???
    What Fun Is A Computer That Works?!?"

    PLEASE! Do not mistake my laziness for lack of concern!

    Proud member of the Vast Right Wing Conspiracy
    Reply With Quote Reply With Quote
  4. March 7th, 2005, 02:10 AM #4
    The Intimidator
    The Intimidator is offline
    Registered User
    Join Date
    Jan 2002
    Location
    San Diego CA USA
    Posts
    34
    Looks like you have the Yahoo Toolbar... Run Yahoo's Anti-Spy scanner. The latest version is v1.12.

    I was pleased when it found some stuff that my Ad-Aware, XoftSpy & HijackThis software did not find.
    How will all the racecar drivers measure themselves now that their "yardstick" is gone?

    We miss you Dale Earnhardt aka "The Intimidator" #3
    Reply With Quote Reply With Quote
  5. March 7th, 2005, 08:45 AM #5
    Max
    Max is offline
    Registered User
    Join Date
    May 2002
    Posts
    11
    Thanks for your help.

    Max
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. HijackThis log..What do i get rid of?
    By houllier* in forum Windows XP
    Replies: 7
    Last Post: July 18th, 2004, 04:44 PM
  2. All-find.net porn pop-up HijackThis log
    By Rev Fred in forum Spyware & Antivirus - Security
    Replies: 7
    Last Post: June 10th, 2004, 10:50 AM
  3. [RESOLVED] Creating/Maintaining log files
    By Deity in forum Programming And Web Design
    Replies: 3
    Last Post: September 10th, 2001, 10:16 PM
  4. Can't log on with Opera
    By jimmm33 in forum Comments and Suggestions
    Replies: 2
    Last Post: September 4th, 2001, 01:16 PM
  5. [RESOLVED] System won't log on automatically
    By ramyers in forum Networking
    Replies: 5
    Last Post: March 17th, 2001, 02:12 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules