rygon Posted August 24, 2004 Share Posted August 24, 2004 cheers sigma. i got that btto thing the other day...i deleted the file vut didnt know i fhad to delete a registry as well. Quote Link to comment Share on other sites More sharing options...
Steve Posted August 24, 2004 Author Share Posted August 24, 2004 Yeah that's why Hijack This! is so good mate. Just by checking the boxes and hitting Fix Checked, it will sort it all for you pretty much. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted August 24, 2004 Share Posted August 24, 2004 yeah i have registry mechanic. you recommend something different?<{POST_SNAPBACK}>Â RegSupreme, JV16 PowerTools, RegSeeker, RegVac. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted August 24, 2004 Share Posted August 24, 2004 My tiny log! Logfile of HijackThis v1.97.7Scan saved at 17:47:05, on 24/08/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeE:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEE:\Program files\Mozilla Firefox\firefox.exeE:\Program files\Hijack This!\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ukR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.ukR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ukR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.ukR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://192.168.1.2/O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocxO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [smcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startguiO9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093065838125   WTF is O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx? Quote Link to comment Share on other sites More sharing options...
Steve Posted August 24, 2004 Author Share Posted August 24, 2004 That log is RIDDLED with spyware Dee! Delete all of it...........Actually man, that's how a log SHOULD look (as you know). Â msdxm.ocx is an ActiveX control used by Windows Media Player. I don't know exactly what it's for but I do know it should be left alone. I think it's to do with integrating WMP into IE and other browsers in some way but I'm not sure. Quote Link to comment Share on other sites More sharing options...
Chee Posted August 24, 2004 Share Posted August 24, 2004 Ok, do me next (aye yo!) :50_50:  Logfile of HijackThis v1.97.7Scan saved at 21:08:26, on 24/08/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\htpatch.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\MSI\PC Alert 4\PCAlert4.exeC:\Program Files\WallMaster\wallmast.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Sony\SonicStage\Omgjbox.exeC:\WINDOWS\System32\imapi.exeC:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exeC:\Program Files\Mozilla Firefox\firefox.exeD:\JTCD\Applications\HiJack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtramsn.co.nz/home/O1 - Hosts: 38.115.131.131 sk2.slsk.orgO1 - Hosts: 38.115.131.131 www.slsk.orgO1 - Hosts: 38.115.131.131 mail.slsk.orgO1 - Hosts: 38.115.131.131 server.slsk.orgO2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dllO2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dllO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exeO4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P38 "EPSON Stylus Photo 820 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo 820"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exeO8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.htmlO8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.htmlO8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htmO8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)O9 - Extra button: Research (HKLM)O9 - Extra button: Messenger (HKLM)O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cabO16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1092858340593O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c1...all/xscan53.cabO16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cabO16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...8072.0368634259O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CABO16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{735ED00C-BC0A-4C6C-95C9-CAC94C833E0E}: NameServer = 62.241.160.200 158.43.240.3 Quote Link to comment Share on other sites More sharing options...
Steve Posted August 24, 2004 Author Share Posted August 24, 2004 What's this btw?...............  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://192.168.1.2/  I've never seen a line like that in a log before! EDIT - This is directed at Dee! Quote Link to comment Share on other sites More sharing options...
Steve Posted August 24, 2004 Author Share Posted August 24, 2004 OK Chee, your log is clean of spyware but there are a couple of things I think you could/should do........... These entries in your hosts file........ O1 - Hosts: 38.115.131.131 sk2.slsk.orgO1 - Hosts: 38.115.131.131 www.slsk.orgO1 - Hosts: 38.115.131.131 mail.slsk.orgO1 - Hosts: 38.115.131.131 server.slsk.org Any idea what they are for? They refer to the old Soulseek site which is now a very dodgy site that almost certainly attempts to install something nasty. The IP address 38.115.131.131 cannot be resolved using a reverse DNS lookup. Very odd. These entries alone are unlikely to cause you any problems though - I just thought it was odd they were there, unless you've put them there to block that particular site in some way? You have MSN Messenger set to start when your PC boots. I assume you want it to do that, but if not turn it off in the options menu. Do you still have Get Right on your machine? I see you have the Net Transport download manager installed. If Get Right has been uninstalled then have Hijack This! fix these entries............ O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm If you still have Get Right and use it, then leave those entries alone. You don't need these entries so fix these.......... O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Nero still works without NeroCheck running at bootup and the Quicktime updater is just a resource hog. One last thing - your version of Java is out of date. You have version j2re1.4.2_04 installed, but j2re1.4.2_05 is available on the Java.com website. I have no idea why the updater doesn't pick this up. The new version of Java fixes a security vulnerability so it's definitely worth installing. Remember to close all browser windows before clicking Fix Checked if you decide to do any of the above with Hijack This! Quote Link to comment Share on other sites More sharing options...
Chee Posted August 24, 2004 Share Posted August 24, 2004 Wicked. Cheers mate! Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted August 24, 2004 Share Posted August 24, 2004 What's this btw?...............  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://192.168.1.2/  I've never seen a line like that in a log before! EDIT - This is directed at Dee!<{POST_SNAPBACK}> That's my modem, it's an ADSL modem (USB), and it connects to that IP. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted August 24, 2004 Share Posted August 24, 2004 Here is the logfile again. Dunno why it was running before, I think I'd just connected to the net at the time and the login page was open in IE.   Logfile of HijackThis v1.97.7Scan saved at 21:54:55, on 24/08/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEE:\Program Files\Sygate\SPF\smc.exeE:\Program files\Hijack This!\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ukR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.ukR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ukR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.ukR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://192.168.1.2/O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocxO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [smcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startguiO9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093065838125 Quote Link to comment Share on other sites More sharing options...
iexist Posted November 1, 2004 Share Posted November 1, 2004 yo...(whoever can help with this) my pc is acting fluky again.. i just ran hijackthis. i dont know how to read this stuff tho..this is a log right after a reboot...thanks in advance.. Logfile of HijackThis v1.98.2Scan saved at 11:11:20 AM, on 11/1/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\FSI\F-Prot\F-StopW.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\FSI\F-Prot\F-Sched.exeC:\WINDOWS\system32\rmctrl.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\User\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXEO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLLO4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exeO4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab Quote Link to comment Share on other sites More sharing options...
Steve Posted November 1, 2004 Author Share Posted November 1, 2004 Do you have PowerDVD installed on your machine mate? Quote Link to comment Share on other sites More sharing options...
iexist Posted November 2, 2004 Share Posted November 2, 2004 yeah sig Quote Link to comment Share on other sites More sharing options...
Steve Posted November 4, 2004 Author Share Posted November 4, 2004 There's nothing there related to spyware mate. What are the symptoms you're getting? Quote Link to comment Share on other sites More sharing options...
iexist Posted November 4, 2004 Share Posted November 4, 2004 i think its my real time scanner....fprot...i disabled it now everything is fine..i think im currently in the process of forming my future pc.. in hopes of getting it in a month Quote Link to comment Share on other sites More sharing options...
Steve Posted November 13, 2004 Author Share Posted November 13, 2004 How come you don't have SP2 anymore Dee? Was that version of Windows with the slipstreamed SP2 no good? I installed it on a mate's computer and so far so good, but I haven't tried it myself yet. Quote Link to comment Share on other sites More sharing options...
Phology Posted November 13, 2004 Share Posted November 13, 2004 (edited) have a look doc! :49_49:  Logfile of HijackThis v1.98.2Scan saved at 20:24:19, on 13/11/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\hphmon05.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\system32\pcs\pcsvc.exeC:\Program Files\Common Files\Dpi\dpi.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\System32\avicap32.exeC:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exeC:\Program Files\Microsoft Money\System\mnyexpr.exeC:\Program Files\ClockSync\Sync.exeC:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Owner\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=9705R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT OpenworldR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = GILESDESKTOP:8080R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLLO2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dllO2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dllO3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exeO4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exeO4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exeO4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exeO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [Trickler] "c:\program files\divx\divx pro codec\gain_trickler_3202.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [bae5c3e65007] C:\WINDOWS\System32\avicap32.exeO4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimizeO4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exeO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /qO4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...6/OCI/setup.exeO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exeO16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cabO18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll is it serious? :s Edited November 13, 2004 by Dj Phology Quote Link to comment Share on other sites More sharing options...
Steve Posted November 13, 2004 Author Share Posted November 13, 2004 Christ, that's a big one. There's definitely some stuff in there that has to go. Gimme a few minutes and I'll post what to do. Quote Link to comment Share on other sites More sharing options...
Phology Posted November 13, 2004 Share Posted November 13, 2004 :thumbs_up: Quote Link to comment Share on other sites More sharing options...
Steve Posted November 13, 2004 Author Share Posted November 13, 2004 Actually mate - download Ad-aware, install it, update it and scan your machine. Remove everything it finds (it will find stuff!) then reboot. As soon as your PC has booted, run HijackThis again and get a new log. Don't start any other programs up or they also appear in the log. Then post the log here. .:. AD-AWARE (Left click) .:. Quote Link to comment Share on other sites More sharing options...
Guest Deeswift Posted November 13, 2004 Share Posted November 13, 2004 How come you don't have SP2 anymore Dee? Was that version of Windows with the slipstreamed SP2 no good? I installed it on a mate's computer and so far so good, but I haven't tried it myself yet.<{POST_SNAPBACK}>Â Huh? I think you must have gotten the wrong end of the stick mate, I have XP Pro SP2 on here and it's working great. Quote Link to comment Share on other sites More sharing options...
Steve Posted November 13, 2004 Author Share Posted November 13, 2004 Yeah it's my mistake. I saw this in your log: -Â Platform: Windows XP SP1 (WinNT 5.01.2600)Â Â But I didn't notice the date was back in August. I thought it was the more recent log you'd posted. Quote Link to comment Share on other sites More sharing options...
Phology Posted November 13, 2004 Share Posted November 13, 2004 hmm doesnt wana download.. Quote Link to comment Share on other sites More sharing options...
Steve Posted November 13, 2004 Author Share Posted November 13, 2004 Try here: -Â http://www.lavasoftusa.com/support/download/Â There's several links about half way down the page. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.