| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 87437 | 2008-02-21 05:15:00 | HijackThis Log - you got a minute Speedy? | nofam (9009) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 642374 | 2008-02-21 05:15:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:12:06 p.m., on 21/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\License_Manager\license_manager.exe C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Compaq_Owner\Desktop\New Folder\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ie.redirect.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdoclc.dll/dnserror.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://xtra.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ie.redirect.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = as.starware.com hdjr6KOv8w5wNNTa7WF9xwydnUXsL6eesmPT3PyAGeleZbyKJ8 nsNHRjudUj1QP32nPj88AdEsy7k/st7kv9gzWhHsJE/RkXku4r8CW9DbWMGFSPs0i1qXtn8a8YRFTWieK5LWjg6Z5im48 a+5+A80M467/0abfyxR8ljsFA4p6xSP59sAl82N8CMQyB3Q7Jos= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Xtra O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FF3255F-5099-4750-940B-E35F30F9021A} - C:\WINDOWS\system32\ciodmj.dll O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware347\bin\Starware347.dll O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA38D312-AC78-440F-83C4-BA12F102762B} - c:\windows\system32\bthcic.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Starware Jokes Toolbar - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware347\bin\Starware347.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [vx5hegzs8k7] C:\WINDOWS\system32\vx5hegzs8k7.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent O4 - HKCU\..\Run: [vx5hegzs8k7] C:\WINDOWS\system32\vx5hegzs8k7.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/229?2503b056d7a74a0b801c7b3e5f4a60a4 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/230?2503b056d7a74a0b801c7b3e5f4a60a4 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://xtra.co.nz O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: eumokpzl - C:\WINDOWS\SYSTEM32\bthcic.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8788 bytes |
nofam (9009) | ||
| 642375 | 2008-02-21 06:27:00 | Put HJT in its own folder first, then run it. Tick these then tick fix checked Close browser/s This looks like it belongs to moviepass which is adware c:\Program Files\License_Manager\license_manager.exe <-- Then delete its folder, after you reboot R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = as.starware.com O2 - BHO: (no name) - {1FF3255F-5099-4750-940B-E35F30F9021A} - C:\WINDOWS\system32\ciodmj.dll <-- delete this file after Looks like you've got this (www.symantec.com) Look for Starware 3.3.3.0. in add/remove programs, uninstall it. O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware347\bin\Starware347.dll O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {AA38D312-AC78-440F-83C4-BA12F102762B} - c:\windows\system32\bthcic.dll <- delete this file after O3 - Toolbar: Starware Jokes Toolbar - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware347\bin\Starware347.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime You've also got this (www.symantec.com) O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [vx5hegzs8k7] C:\WINDOWS\system32\vx5hegzs8k7.exe <-- delete this file after O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent O4 - HKCU\..\Run: [vx5hegzs8k7] C:\WINDOWS\system32\vx5hegzs8k7.exe <-- delete this file after O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: eumokpzl - C:\WINDOWS\SYSTEM32\bthcic.dll <--- delete this file after Get trojan remover in my sig, install it and update it. Click on scan. Then select all options under utilities menu Then uninstall ALL versions of Sun Java. Latest version is in my sig. |
Speedy Gonzales (78) | ||
| 642376 | 2008-02-21 07:37:00 | All done Speedy - ran Spyware Doctor while I was waiting for your reply, and it removed most the entries you mentioned . . . . . Have run trojan remover as you suggested too, but there's still no TCP/IP settings showing . What do you suggest next? |
nofam (9009) | ||
| 642377 | 2008-02-21 07:45:00 | Did you get the file PCtek posted ? (www.snapfiles.com) And did u select all options under utilities in trojan remover? Whats it on under the LAN properties / TCP/IP entry?? Is it on obtain an ip or use the following ip? Whatever its on, whats are the ips etc that are here? |
Speedy Gonzales (78) | ||
| 642378 | 2008-02-21 07:53:00 | Ran all options on TR utility menu . Yes, got the Winsockfix too thanks . Ran it after TR, rebooted again, but still nothing . Had the following TCP/IP set up when I first booted it this evening: 10 . 1 . 1 . 2 255 . 0 . 0 . 0 10 . 1 . 1 . 1 202 . 180 . 64 . 10 202 . 180 . 64 . 11 That wasn't working (I'm on a different ISP to them I think) so I set to DHCP - still nothing . That's when I noticed that the connection status window is completely blank . Usually if the IP is invalid, you at least get 0 . 0 . 0 . 0 or something . |
nofam (9009) | ||
| 642379 | 2008-02-21 07:57:00 | Do you go through Callplus?? The bottom ips belong to Callplus If not, who are you with now? |
Speedy Gonzales (78) | ||
| 642380 | 2008-02-21 08:05:00 | It's not my PC - I'm (trying!) to fix it for a friend. I'm with IHUG myself. I didn't think those DNS servers looked familiar! :) |
nofam (9009) | ||
| 642381 | 2008-02-21 08:13:00 | Try LSPfix then - direct link (www.cexx.org) If it finds anything wrong, let it fix it then reboot. See if it makes any diff If that doesnt work, reset/ unplug the ethernet cable for a min, plug it back in the modem/router whatever your mate has. Did you put that 10.1.1.2 in manually or is it on auto?? Is that a valid ip ?? For this modem/router? |
Speedy Gonzales (78) | ||
| 642382 | 2008-02-21 08:18:00 | If you have the computer at your place nofam are you trying to connect with their router or your own. If you are with ihug and they are with Call Plus you won't be able to connect with their login as your line is configured to only work with ihug accounts. |
Safari (3993) | ||
| 642383 | 2008-02-21 08:19:00 | Ok - progress . . . . On a hunch, I replaced the existing tcpip . sys with one from another xp home machine I have here, did a reboot and viola, it's now getting an IP . :) It's still running like a pig tho - now I can update Spyware Doctor and TR, I'll see if there's anything else lurking around . I wonder if it's because it's only got 192Mb RAM :yuck: Thanks for your help Speedy!! :thumbs: |
nofam (9009) | ||
| 1 2 | |||||