ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security
Hijackthis log Hijackthis log
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
Page 1 of 3 1 23
 
LinkBack Thread Tools Search this Thread Display Modes
Old 07-10-2005, 05:16 PM   #1 (permalink)
New Member
 
Join Date: Jul 2005
Posts: 10
Default Hijackthis log
Hi, I'm new here and looking for some help with this Hijackthis log because I have the lop toolbar....Hope I've done everything OK.......




Logfile of HijackThis v1.99.1
Scan saved at 16:13:37, on 10/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\PCD32\client32.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\system32\hpoinw07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\HEWLET~1\AiO\HPOFFI~1\Bin\hpoojd07.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Rices\My Documents\HJT 2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/s...en/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/s...en/default.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Face Junk Road Platform] C:\Documents and Settings\All Users\Application Data\second grey face junk\thunkfind.exe
O4 - HKLM\..\Run: [rmnuwra] c:\windows\system32\mtmmobb.exe r
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [PC-Duo System Snapshot] C:\PCD32\CLBOOT32.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/We...bridge-c10.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/u...sldbaccess.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/default.cab?...lobaljunkblend
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dbn283.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Client32 - Productive Computer Insight Ltd - C:\PCD32\client32.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: FW User to IP Address Translation (UmxUTA) - Unknown owner - C:\Program Files\Tiny Firewall Pro\umxuta.exe (file missing)



Any help would be very very much appreciated


Nick
thenacky is offline   Reply With Quote


Old 07-10-2005, 07:12 PM   #2 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 7,613
Default
I can see Lop in your log, but not Messenger Plus 3. Did you uninstall it? If so, reinstall Messenger Plus, make sure you accept the sponsor software. Then either uninstall the sponsor software (C2media) or if you don't use Messenger Plus, uninstall it making sure to take the sponsor software with it. Post a new log to make sure.
Buzz1927 is offline   Reply With Quote
Old 07-10-2005, 07:45 PM   #3 (permalink)
New Member
 
Join Date: Jul 2005
Posts: 10
Default
I did uninstall messenger plus...ill do what you said and post a new log
thenacky is offline   Reply With Quote
Old 07-10-2005, 07:56 PM   #4 (permalink)
New Member
 
Join Date: Jul 2005
Posts: 10
Default
Something weird just happened, I installed it and then went to uninstall it and it dissapeared from the add/remove programmes list (but it's still here )

?
thenacky is offline   Reply With Quote
Old 07-10-2005, 08:07 PM   #5 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 7,613
Default
That is weird. Ok, do it like this.
Open Hijackthis, click "Open the Misc Tools section"
Next to "Generate StartupList log", place a check next to "List also minor sections" (full) and "List empty sections (complete).
Then click "Generate StartupList log"
Click "Yes" to the box that pops-up.
Then copy and paste the notepad text that appears in your reply, along with a new Hijackthis log.
Buzz1927 is offline   Reply With Quote


Old 07-10-2005, 08:13 PM   #6 (permalink)
New Member
 
Join Date: Jul 2005
Posts: 10
Default
the start up list log is 39 000 characters and it says its too big to post.....
thenacky is offline   Reply With Quote
Old 07-10-2005, 08:16 PM   #7 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 7,613
Default
My mistake, scroll down to the section titled "Enumerating Task Scheduler jobs:" and post what's in there.
Buzz1927 is offline   Reply With Quote
Old 07-10-2005, 08:18 PM   #8 (permalink)
New Member
 
Join Date: Jul 2005
Posts: 10
Default
just this...

Enumerating Task Scheduler jobs:

A48791BC91E403EC.job
{FFCD6F3C-8BEE-4D8A-9379-9AC6AD72D9BD}_GX270_Rices.job


is that right?
thenacky is offline   Reply With Quote
Old 07-10-2005, 08:26 PM   #9 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 7,613
Default
Yes, that's what I wanted. Give me a few minutes to write the fix and I'll be back with you.
Buzz1927 is offline   Reply With Quote
Old 07-10-2005, 08:29 PM   #10 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 7,613
Default
Can you post a new Hijackthis log please, in case the entries have changed after installing Messenger Plus.
Buzz1927 is offline   Reply With Quote
Reply
Page 1 of 3 1 23

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT +1. The time now is 11:06 PM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 ©2009, Crawlability, Inc.
Copyright © 2002-2009 Computer Forum - Internet Business - Web Design Forum