1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

hjt help

Discussion in 'Malware and Virus Removal Archive' started by stitch, 2005/09/26.

  1. 2005/09/26
    stitch

    stitch Inactive Thread Starter

    Joined:
    2003/09/13
    Messages:
    302
    Likes Received:
    0
    Hi dont suppose anyone could have alook at this hjt log file could they, it looks real busy to me and im not seeing the wood for the trees as such lol.
    stich
    thanks everyone


    Logfile of HijackThis v1.99.1
    Scan saved at 21:00:13, on 26/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
    C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
    C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\windows\system32\dxvid.exe
    C:\WINDOWS\system32\v7iqj72s.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\winupdates\winupdates.exe
    C:\WINDOWS\system32\p2pnetworking.exe
    C:\Documents and Settings\David\Application Data\ceum.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSPS~1.EXE
    C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\David\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yvqsiujbxazmplfq.uk/yihu2P7d8IzcWkbC24voCCQms6nsy0_y8QGYRhBiJsH06BiSbcHhq_mJVumKsp9_.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.co.uk/msntoday/msntoday.asp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    O2 - BHO: (no name) - {274DCFDE-D9F6-ECDE-C624-CCB0F23F09AF} - C:\DOCUME~1\David\APPLIC~1\ELSETO~1\Second Grid.exe
    O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {BC633806-F691-FD17-E465-FD7AE4B00DC4} - C:\WINDOWS\system32\btafa.dll (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [czwtyr] C:\WINDOWS\czwtyr.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe "
    O4 - HKLM\..\Run: [glwjmgeb] c:\windows\system32\glwjmgeb.exe /install
    O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
    O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe "
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm
    O4 - HKLM\..\Run: [v7iqj72s] C:\WINDOWS\system32\v7iqj72s.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
    O4 - HKLM\..\Run: [SEND THIS SKIP INFO] C:\Documents and Settings\All Users\Application Data\Jumptypesendthis\Pilefour.exe
    O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
    O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
    O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\David\LOCALS~1\Temp\AcsInstall.dll "
    O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\David\LOCALS~1\Temp\insmac2k.dll "
    O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1 "
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
    O4 - HKCU\..\Run: [Scbu] C:\Documents and Settings\David\Application Data\ceum.exe
    O4 - HKCU\..\Run: [Stc] C:\WINDOWS\system32\?serinit.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
    O4 - HKCU\..\Run: [Junkbrowse] C:\DOCUME~1\David\APPLIC~1\CORNIN~1\stupidgrey.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
    O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c32.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1567.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D58D9AD-A8C8-4CEE-A153-4B245186E48C}: NameServer = 195.92.195.95 195.92.195.94
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4D58D9AD-A8C8-4CEE-A153-4B245186E48C}: NameServer = 195.92.195.95 195.92.195.94
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\guard.tmp (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
    stitch,
    #1
  2. 2005/09/26
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Hi Stitch - how are you keeping? Are those kids giving you any rest yet? :)

    It would help if you would post details of the problems this computer is experiencing.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2005/09/26
    stitch

    stitch Inactive Thread Starter

    Joined:
    2003/09/13
    Messages:
    302
    Likes Received:
    0
    Hi Pete
    kids are running me ragged as usual but still wouldnt be without them eh.

    The problem is everything is running slow, im just taking my friend through basic clean up to start with, and this was on my list of things to check, he seems to have alot running on start up as far as i can see, some of the items im not sure what they are, iv made a list so i can look them up, he is finding it dificult to stay on the net and msn keeps booting him, hes not running aol so that needs to go i think and he has no ipod, like i say just spring cleaning in autumn lol. just wanted to know if there was anything that could be cleaned away,thats all.
    .
    stich
    Thanks again
     
    stitch,
    #3
  5. 2005/09/26
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    I'm surprised this comp works at all...

    lots of baddies on that computer!
    run HJT again and check these & FIX:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yvqsiujbxazmplfq.uk/yihu...mJVumKsp9_.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.co.uk/
    O2 - BHO: (no name) - {274DCFDE-D9F6-ECDE-C624-CCB0F23F09AF} - C:\DOCUME~1\David\APPLIC~1\ELSETO~1\Second Grid.exe
    O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)
    O2 - BHO: (no name) - {BC633806-F691-FD17-E465-FD7AE4B00DC4} - C:\WINDOWS\system32\btafa.dll (file missing)
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (prob Creative registration reminder)
    O4 - HKLM\..\Run: [czwtyr] C:\WINDOWS\czwtyr.exe
    O4 - HKLM\..\Run: [glwjmgeb] c:\windows\system32\glwjmgeb.exe /install
    O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

    (Uninstall Bear Share, most versions of it have spyware)

    O4 - HKLM\..\Run: [v7iqj72s] C:\WINDOWS\system32\v7iqj72s.exe
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
    O4 - HKLM\..\Run: [SEND THIS SKIP INFO] C:\Documents and Settings\All Users\Application Data\Jumptypesendthis\Pilefour.exe
    O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
    O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\David\LOCALS~1\Temp\AcsInstall.dll "
    O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\David\LOCALS~1\Temp\insmac2k.dll "
    O4 - HKCU\..\Run: [Scbu] C:\Documents and Settings\David\Application Data\ceum.exe
    O4 - HKCU\..\Run: [Stc] C:\WINDOWS\system32\?serinit.exe
    O4 - HKCU\..\Run: [Junkbrowse] C:\DOCUME~1\David\APPLIC~1\CORNIN~1\stupidgrey.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/D.../bridge-c32.cab
    O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
    O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
    O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1567.exe
    O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\guard.tmp (file missing)
     
    TonyT,
    #4
  6. 2005/09/27
    stitch

    stitch Inactive Thread Starter

    Joined:
    2003/09/13
    Messages:
    302
    Likes Received:
    0
    Thanks Tony
    To be honest it doesnt suprise me that hes having problems, even with the basic disk cleanup it took over 2 hours to run lol he has never cleened of his cookies or anything, as for there been baddies in the log i presumed there was as soon as i saw it and i have never been able to figure them out yet thats why i asked you lot. Anyway will see to this lot then run another log and post it ok.
    Thanks for the advice
    Stitch
     
    stitch,
    #5
  7. 2005/09/27
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    note:
    start comp in Safe Mode w/out networking
    turn off system restore
    uninstall any wierd apps or unneeded apps via add-remove programs too
    delete all files & folders in
    C:\DOCUME~1\David\LOCAL Settings\Temp
    C:\DOCUME~1\David\LOCAL Settings\Temporary Internet files
    run hjt again and delete the stuff above
    now...restart comp in safe mode with networking
    update anti spyware & antivirus apps
    scan w/ those antispyware apps & antivirus
    reboot in normal mode
    run system for a few hrs & if OK, reenable system restore
     
    TonyT,
    #6
  8. 2005/09/27
    stitch

    stitch Inactive Thread Starter

    Joined:
    2003/09/13
    Messages:
    302
    Likes Received:
    0
    Right guys this is the new log, he never even had an anti virus up and running or fire wall lol. this log still looks busy but you tell me.
    Thanks again for your help
    stitch


    Logfile of HijackThis v1.99.1
    Scan saved at 17:49:45, on 27/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
    C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\SYMNET~1\SNDMon.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Documents and Settings\David\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dmiahfgferilpsg.info/yihu2P7d8IzcWkbC24voCCQms6nsy0_y8QGYRhBiJsHsIw7HCKbh3OmJVumKsp9_.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.co.uk/msntoday/msntoday.asp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe "
    O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe "
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D58D9AD-A8C8-4CEE-A153-4B245186E48C}: NameServer = 195.92.195.95 195.92.195.94
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4D58D9AD-A8C8-4CEE-A153-4B245186E48C}: NameServer = 195.92.195.95 195.92.195.94
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    stitch,
    #7
  9. 2005/09/28
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    TonyT,
    #8
  10. 2005/09/28
    stitch

    stitch Inactive Thread Starter

    Joined:
    2003/09/13
    Messages:
    302
    Likes Received:
    0
    Thanks Tony
    I had already made a list of what was in his start up but because i wasnt sure what they were i left them alone, thanks of the links will check them out
    Stitch
     
    stitch,
    #9
  11. 2005/09/28
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Newt,
    #10
  12. 2005/09/29
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    agreed!
    I had instructed to get rid of it and failed to notice that he didn't get rid of it. It sure is a strange url, the domain itself is unresolvable so is presently safe.
     
    TonyT,
    #11

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...