HijackThis log

  1. 28-10-2004  #1
    scott
    scott is offline Junior Member

    HijackThis log

    i keep on running spybot but i am unable to get rid of elite toolbar and its associated registry entries. i can remove the tool bar from add/remove programs but its still in registry and elsewhere on the pc but i just cant get rid. each time spybot says it may still be in memory so restart pc and try again but the same message appears. as you can probably see from my log i have a pop-up blocker running but it doesnt seem to work!!

    this is my HhijackThis log:
    Logfile of HijackThis v1.98.2
    Scan saved at 23:58:48, on 28/10/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\NEW\WINDOWS\System32\smss.exe
    C:\NEW\WINDOWS\system32\winlogon.exe
    C:\NEW\WINDOWS\system32\services.exe
    C:\NEW\WINDOWS\system32\lsass.exe
    C:\NEW\WINDOWS\system32\svchost.exe
    C:\NEW\WINDOWS\System32\svchost.exe
    C:\NEW\WINDOWS\system32\spoolsv.exe
    C:\NEW\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\NEW\WINDOWS\System32\wuauclt.exe
    C:\NEW\WINDOWS\System32\Winregs32.exe
    C:\NEW\WINDOWS\System32\nisvse.exe
    C:\NEW\WINDOWS\FVProtect.exe
    C:\NEW\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S 10IC2.EXE
    C:\NEW\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Tweak-XP Pro\AdBlocker.exe
    C:\Program Files\Tweak-XP Pro\popup.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\NEW\WINDOWS\System32\wmplayer612.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\NEW\WINDOWS\system32\notepad.exe
    C:\HijackThis\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing
    O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\NEW\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
    O4 - HKLM\..\Run: [Microsoft Update Machine] Winregs32.exe
    O4 - HKLM\..\Run: [Windows Media Player 6.1.2] wmplayer612.exe
    O4 - HKLM\..\Run: [Windows Compliant] nisvse.exe
    O4 - HKLM\..\Run: [Norton Antivirus AV] C:\NEW\WINDOWS\FVProtect.exe
    O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\NEW\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S 10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
    O4 - HKLM\..\Run: [NavRegReminder] "C:\NEW\WINDOWS\temp\NavBrowser.exe" /r /i "C:\NEW\WINDOWS\temp\NavLoad.ini"
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
    O4 - HKLM\..\RunServices: [Windows Media Player 6.1.2] wmplayer612.exe
    O4 - HKLM\..\RunServices: [Windows Compliant] nisvse.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\NEW\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Windows Compliant] nisvse.exe
    O4 - HKCU\..\Run: [Windows Media Player 6.1.2] wmplayer612.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] Winregs32.exe
    O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro\AdBlocker.exe"
    O4 - HKCU\..\Run: [Pop-Up-Blocker] "C:\Program Files\Tweak-XP Pro\popup.exe"
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098905488426
  2. 29-10-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Download the Netsky Worm Removal Tool from here.

    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
    R3 - Default URLSearchHook is missing
    O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\NEW\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
    O4 - HKLM\..\Run: [Microsoft Update Machine] Winregs32.exe
    O4 - HKLM\..\Run: [Windows Media Player 6.1.2] wmplayer612.exe
    O4 - HKLM\..\Run: [Windows Compliant] nisvse.exe
    O4 - HKLM\..\Run: [Norton Antivirus AV] C:\NEW\WINDOWS\FVProtect.exe
    O4 - HKLM\..\Run: [NavRegReminder] "C:\NEW\WINDOWS\temp\NavBrowser.exe" /r /i "C:\NEW\WINDOWS\temp\NavLoad.ini"
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
    O4 - HKLM\..\RunServices: [Windows Media Player 6.1.2] wmplayer612.exe
    O4 - HKLM\..\RunServices: [Windows Compliant] nisvse.exe
    O4 - HKCU\..\Run: [Windows Compliant] nisvse.exe
    O4 - HKCU\..\Run: [Windows Media Player 6.1.2] wmplayer612.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] Winregs32.exe

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Run the Netsky Removal Tool you download earlier and let it search your system and remove your infection.

    Delete the following files:
    C:\NEW\WINDOWS\System32\Winregs32.exe
    C:\NEW\WINDOWS\System32\nisvse.exe
    C:\NEW\WINDOWS\System32\wmplayer612.exe
    C:\NEW\WINDOWS\EliteToolBar

    Reboot and post a fresh log
  3. 30-10-2004  #3
    scott
    scott is offline Junior Member
    thanks, i will get on to that.
  4. 30-10-2004  #4
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Post back when done...
+ Reply to Thread
« Hijack this log | probs with ad intelligence & more »