PPRuNe Forums - View Single Post - Another HijackThis log...and more
Thread: Another HijackThis log...and more
View Single Post
Old 10th Mar 2005, 07:14
  #1 (permalink)  
Bern Oulli
 
Join Date: Nov 1999
Location: Wivenhoe, not too far from the Clacton VOR
Posts: 319
Likes: 0
Received 0 Likes on 0 Posts
Another HijackThis log...and more
Knowledgeable guys & gals. I have been asked to look at a friend's computer which has "started running rather slowly". 'Puter is an Intel 2.8 Mhz chip running Windows XP & SP2. 38Gb hard drive of which 24Gb are used. No partitions.
When it started taking so long to boot up (approx 1 hour!) he took to leaving it on and connected to the net all the time and has been for about 3 weeks. During that time, something disabled his anti-virus. The firewall is Win XP. I have:
Installed Adaware, CrapCleaner, Spybot, SpywareBlaster and AVG anti-virus.
What happened:
AVG tries to do a computer scan and locks up after scanning 9 objects in the registry.
Spybot refused to scan.
Adaware took all the previous night apparently and identified 90,450 objects!!! Is this a record? Was still quarantining them when I left last night.
CrapCleaner removed 1.5Gb of crap.
Ran HijackThis and the log sheet is in the next post (otherwise this post is "too long". If one of you geniuses could cast an eye over this and tell me what needs removing, I shall have a go at stage 2. Thanks in advance.

Logfile of HijackThis v1.99.0
Scan saved at 20:22:26, on 09/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\System32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\System32\\CTsvcCDA.EXE
C:\\WINDOWS\\System32\\NMSSvc.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Mixer.exe
C:\\Program Files\\Ahead\\InCD\\InCD.exe
C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
C:\\WINDOWS\\kdx\\KHost.exe
C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe
C:\\WINDOWS\\specialoffers4.exe
C:\\WINDOWS\\system32\\rundll32.exe
C:\\PROGRA~1\\soupqt\\vorouq.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\Program Files\\Bopfs\\Pzzfapg.exe
C:\\Program Files\\1xl709n9\\1xl709n9.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Microsoft Office\\Office\\OSA.EXE
C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe
C:\\PROGRA~1\\COMMON~2\\ADDRES~1\\winnet.exe
C:\\PROGRA~1\\soupqt\\quorov.exe
C:\\PROGRA~1\\COMMON~2\\ADDRES~1\\comwiz.exe
C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgupsvc.exe
C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgamsvr.exe
C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe
C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe
F:\\ForIan\\HijackThis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Window Title = Tiscali 10.0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\\Program Files\\TV Media\\TvmBho.dll
F2 - REG:system.ini: UserInit=C:\\WINDOWS\\System32\\Userinit.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\\PROGRA~1\\COMMON~2\\ADDRES~1\\cnbabe.dll
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\\WINDOWS\\BTGrab.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\\WINDOWS\\nem220.dll (file missing)
O2 - BHO: MSViewObj Class - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\\WINDOWS\\MSView.DLL
O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\\WINDOWS\\System32\\mpz300.dll
O2 - BHO: (no name) - {03AA0371-5280-4801-8D1A-E6505CA3107B} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: C:\\WINDOWS\\lbbho.dll - {03E630FC-D1AB-40A8-9364-3573DA0D2127} - C:\\WINDOWS\\lbbho.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\\Program Files\\MyWay\\myBar\\1.bin\\MYBAR.DLL
O2 - BHO: (no name) - {1677048F-F0EA-40D8-95B2-5D6A2463936E} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\\WINDOWS\\system32\\hiauygd.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Setup\\Setup.dll (file missing)
O2 - BHO: (no name) - {32E9E1B1-6EF9-4EFD-9897-55D428C19850} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {3C63C272-F2CB-44B0-9B79-9CEC4BBB8126} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {415BB6C1-5278-480C-A69C-81B9DFCFBE09} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\\Program Files\\NewDotNet\\newdotnet6_38.dll
O2 - BHO: (no name) - {534B130C-6231-4B97-840A-4A95CED800AB} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: (no name) - {56E2394F-9891-4F2A-9012-279E53B2CCA6} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: NetPal Class - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\\WINDOWS\\System32\\NetPal.dll (file missing)
O2 - BHO: (no name) - {636FE0EF-8FC1-44AE-9B56-8CFBAFCFC335} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {676A9CA2-C24D-4A74-814F-02F31668D9BA} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {6B18FC3C-8E0B-4723-97C9-AC84B2B2AF5F} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {8C3AB9C0-1A8C-4B9A-AE26-ECCF2AA4E9FB} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {8EF56E90-0CA0-474D-B19B-1050C7D2283D} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\\WINDOWS\\wsem303.dll (file missing)
O2 - BHO: (no name) - {975245C9-E6CF-4D56-A240-4EE7F735FB1A} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {AB036FC0-DB98-4DF5-8249-9A992C1B165D} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {BC02E26E-7845-4913-AF07-2AC45F262D1E} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {C489AEB7-09ED-4E2C-9AFA-B40E22ADBE24} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {CE4D5004-2FC3-4D4A-94B1-B4DE56B17F02} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {D3107C32-2409-4427-A742-89FBC005D6C3} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {D53CA81D-0D5F-43BC-B6AB-5C1356DE987E} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {D8A9BC96-9B76-4C0B-BAFE-A7EFF1909509} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {D9576E3D-0817-4F93-89E5-DCE4FFA3FCCB} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {DE450EDD-75FB-4824-B93F-7CA65C4B5369} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {E062922F-AC3D-4670-8B59-AD305324C55B} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: BHObj Class - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\\WINDOWS\\nem218.dll (file missing)
O2 - BHO: SDWin32 Class - {FD899702-326F-4B46-9906-6BC5D4FADC0F} - C:\\WINDOWS\\system32\\vyosj.dll
O2 - BHO: (no name) - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - C:\\Program Files\\Lycos\\sst.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\\Program Files\\MyWay\\myBar\\1.bin\\MYBAR.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\\Program Files\\MBKWBar\\IEToolBar.dll
O4 - HKLM\\..\\Run: [UpdReg] C:\\WINDOWS\\Updreg.exe
O4 - HKLM\\..\\Run: [CTStartup] C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run
O4 - HKLM\\..\\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\\..\\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\\..\\Run: [winnet] C:\\PROGRA~1\\COMMON~2\\ADDRES~1\\Winnet.exe
O4 - HKLM\\..\\Run: [NeroCheck] C:\\WINDOWS\\system32\\NeroCheck.exe
O4 - HKLM\\..\\Run: [InCD] C:\\Program Files\\Ahead\\InCD\\InCD.exe
O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [SiSUSBRG] C:\\WINDOWS\\SiSUSBrg.exe
O4 - HKCU\\..\\Run: [MSMSGS] "C:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - HKCU\\..\\Run: [TV Media] C:\\Program Files\\TV Media\\Tvm.exe
O4 - HKCU\\..\\Run: [TaskTray] C:\\Program Files\\Creative\\TaskBar\\CTLTray.exe
O4 - HKCU\\..\\Run: [TaskBar] C:\\Program Files\\Creative\\TaskBar\\CTLTask.exe
O4 - HKCU\\..\\Run: [ContextUninstall] C:\\WINDOWS\\STUninstall.exe
O4 - HKCU\\..\\Run: [AVG7_Run] C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE
O4 - Startup: Microsoft Find Fast.lnk = C:\\Program Files\\Microsoft Office\\Office\\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\\Program Files\\Microsoft Office\\Office\\OSA.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: Add A Page Note - C:\\Program Files\\CommonName\\AddressBar\\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\\Program Files\\CommonName\\AddressBar\\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\\Program Files\\CommonName\\AddressBar\\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\\Program Files\\CommonName\\AddressBar\\navigate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\WINDOWS\\System32\\msjava.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\WINDOWS\\System32\\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .qt: C:\\Program Files\\Internet Explorer\\PLUGINS\\npqtplugin.dll
O12 - Plugin for .spop: C:\\Program Files\\Internet Explorer\\Plugins\\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmg...C_1_0_0_37.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all04.1and1.co.uk/app/stat...vex/msxml4.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
O23 - Service: Ati HotKey Poller - Unknown - C:\\WINDOWS\\System32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\\WINDOWS\\System32\\CTsvcCDA.EXE
O23 - Service: Intel(R) NMS - Intel Corporation - C:\\WINDOWS\\System32\\NMSSvc.exe
Bern Oulli is offline