|
|
|
|
#1 (permalink) |
|
New Member
![]() Join Date: Jul 2005
Posts: 10
|
Hi, I'm new here and looking for some help with this Hijackthis log because I have the lop toolbar....Hope I've done everything OK.......
Logfile of HijackThis v1.99.1 Scan saved at 16:13:37, on 10/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\PCD32\client32.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\WINDOWS\system32\hpoinw07.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\HEWLET~1\AiO\HPOFFI~1\Bin\hpoojd07.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\System32\svchost.exe c:\progra~1\intern~1\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Rices\My Documents\HJT 2\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/s...en/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/s...en/default.htm R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Face Junk Road Platform] C:\Documents and Settings\All Users\Application Data\second grey face junk\thunkfind.exe O4 - HKLM\..\Run: [rmnuwra] c:\windows\system32\mtmmobb.exe r O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [PC-Duo System Snapshot] C:\PCD32\CLBOOT32.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/We...bridge-c10.cab O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/u...sldbaccess.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/default.cab?...lobaljunkblend O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dbn283.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Client32 - Productive Computer Insight Ltd - C:\PCD32\client32.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: FW User to IP Address Translation (UmxUTA) - Unknown owner - C:\Program Files\Tiny Firewall Pro\umxuta.exe (file missing) Any help would be very very much appreciated Nick |
|
|
|
|
|
#2 (permalink) |
|
Digaredd
![]() Join Date: May 2005
Location: Melbourne AU
Posts: 7,613
|
I can see Lop in your log, but not Messenger Plus 3. Did you uninstall it? If so, reinstall Messenger Plus, make sure you accept the sponsor software. Then either uninstall the sponsor software (C2media) or if you don't use Messenger Plus, uninstall it making sure to take the sponsor software with it. Post a new log to make sure.
|
|
|
|
|
|
#5 (permalink) |
|
Digaredd
![]() Join Date: May 2005
Location: Melbourne AU
Posts: 7,613
|
That is weird. Ok, do it like this.
Open Hijackthis, click "Open the Misc Tools section" Next to "Generate StartupList log", place a check next to "List also minor sections" (full) and "List empty sections (complete). Then click "Generate StartupList log" Click "Yes" to the box that pops-up. Then copy and paste the notepad text that appears in your reply, along with a new Hijackthis log. |
|
|
|
![]() |
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|