PPRuNe Forums - View Single Post - Another HijackThis log...and more
Thread: Another HijackThis log...and more
View Single Post
Old 11th Mar 2005, 06:49
  #6 (permalink)  
Bern Oulli
 
Join Date: Nov 1999
Location: Wivenhoe, not too far from the Clacton VOR
Posts: 319
Likes: 0
Received 0 Likes on 0 Posts
Soft Top.
Many thanks for your time and the references. Been there and very useful they are. I agree that "C:\\Program Files\\1xl709n9\\1xl709n9.dll." looks exceedingly sus - no-one has any idea what it is. So on that basis I have identified loads of stuff to go and highlighted the definites in red and the probables in a tasteful pink.
In answer to your final question, no, it would not be a disaster - my friend was going to do it anyway and my initial innocent thought was to save him the hassle! Give it to me instead. Doh!

The double slashes do NOT appear in the original log. Pprune seems to be doubling them every time I copy and paste (and forget to disable smilies).

Edited 'cos my initial plan didn't work

Well, that didn\\\'t work. Said the edited post was too long (true!). So, here we are with the highlights.
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\System32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\System32\\CTsvcCDA.EXE
C:\\WINDOWS\\System32\\NMSSvc.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Mixer.exe
C:\\Program Files\\Ahead\\InCD\\InCD.exe
C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
C:\\WINDOWS\\kdx\\KHost.exe
C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe
C:\\WINDOWS\\specialoffers4.exe
C:\\WINDOWS\\system32\\rundll32.exe
C:\\PROGRA~1\\soupqt\\vorouq.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\Program Files\\Bopfs\\Pzzfapg.exe
C:\\Program Files\\1xl709n9\\1xl709n9.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Microsoft Office\\Office\\OSA.EXE
C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe
C:\\PROGRA~1\\COMMON~2\\ADDRES~1\\winnet.exe
C:\\PROGRA~1\\soupqt\\quorov.exe
C:\\PROGRA~1\\COMMON~2\\ADDRES~1\\comwiz.exe
C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgupsvc.exe
C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgamsvr.exe
C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe
C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe
F:\\ForIan\\HijackThis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Window Title = Tiscali 10.0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\\Program Files\\TV Media\\TvmBho.dll
F2 - REG:system.ini: UserInit=C:\\WINDOWS\\System32\\Userinit.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\\PROGRA~1\\COMMON~2\\ADDRES~1\\cnbabe.dll
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\\WINDOWS\\BTGrab.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\\WINDOWS\\nem220.dll (file missing)
O2 - BHO: MSViewObj Class - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\\WINDOWS\\MSView.DLL
O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\\WINDOWS\\System32\\mpz300.dll
O2 - BHO: (no name) - {03AA0371-5280-4801-8D1A-E6505CA3107B} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: C:\\WINDOWS\\lbbho.dll - {03E630FC-D1AB-40A8-9364-3573DA0D2127} - C:\\WINDOWS\\lbbho.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\\Program Files\\MyWay\\myBar\\1.bin\\MYBAR.DLL
O2 - BHO: (no name) - {1677048F-F0EA-40D8-95B2-5D6A2463936E} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\\WINDOWS\\system32\\hiauygd.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Setup\\Setup.dll (file missing)
O2 - BHO: (no name) - {32E9E1B1-6EF9-4EFD-9897-55D428C19850} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {3C63C272-F2CB-44B0-9B79-9CEC4BBB8126} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {415BB6C1-5278-480C-A69C-81B9DFCFBE09} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\\Program Files\\NewDotNet\\newdotnet6_38.dll
O2 - BHO: (no name) - {534B130C-6231-4B97-840A-4A95CED800AB} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: (no name) - {56E2394F-9891-4F2A-9012-279E53B2CCA6} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: NetPal Class - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\\WINDOWS\\System32\\NetPal.dll (file missing)
O2 - BHO: (no name) - {636FE0EF-8FC1-44AE-9B56-8CFBAFCFC335} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {676A9CA2-C24D-4A74-814F-02F31668D9BA} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {6B18FC3C-8E0B-4723-97C9-AC84B2B2AF5F} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {8C3AB9C0-1A8C-4B9A-AE26-ECCF2AA4E9FB} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {8EF56E90-0CA0-474D-B19B-1050C7D2283D} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\\WINDOWS\\wsem303.dll (file missing)
O2 - BHO: (no name) - {975245C9-E6CF-4D56-A240-4EE7F735FB1A} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {AB036FC0-DB98-4DF5-8249-9A992C1B165D} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {BC02E26E-7845-4913-AF07-2AC45F262D1E} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {C489AEB7-09ED-4E2C-9AFA-B40E22ADBE24} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {CE4D5004-2FC3-4D4A-94B1-B4DE56B17F02} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {D3107C32-2409-4427-A742-89FBC005D6C3} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {D53CA81D-0D5F-43BC-B6AB-5C1356DE987E} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {D8A9BC96-9B76-4C0B-BAFE-A7EFF1909509} - C:\\Program Files\\1xl709n9\\1xl709n9.dll
O2 - BHO: (no name) - {D9576E3D-0817-4F93-89E5-DCE4FFA3FCCB} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {DE450EDD-75FB-4824-B93F-7CA65C4B5369} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: (no name) - {E062922F-AC3D-4670-8B59-AD305324C55B} - C:\\Program Files\\CSBB\\CSBB.dll (file missing)
O2 - BHO: BHObj Class - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\\WINDOWS\\nem218.dll (file missing)
O2 - BHO: SDWin32 Class - {FD899702-326F-4B46-9906-6BC5D4FADC0F} - C:\\WINDOWS\\system32\\vyosj.dll
O2 - BHO: (no name) - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - C:\\Program Files\\Lycos\\sst.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\\Program Files\\MyWay\\myBar\\1.bin\\MYBAR.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\\Program Files\\MBKWBar\\IEToolBar.dll
O4 - HKLM\\..\\Run: [UpdReg] C:\\WINDOWS\\Updreg.exe
O4 - HKLM\\..\\Run: [CTStartup] C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run
O4 - HKLM\\..\\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\\..\\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\\..\\Run: [winnet] C:\\PROGRA~1\\COMMON~2\\ADDRES~1\\Winnet.exe
O4 - HKLM\\..\\Run: [NeroCheck] C:\\WINDOWS\\system32\\NeroCheck.exe
O4 - HKLM\\..\\Run: [InCD] C:\\Program Files\\Ahead\\InCD\\InCD.exe
O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [SiSUSBRG] C:\\WINDOWS\\SiSUSBrg.exe
O4 - HKCU\\..\\Run: [MSMSGS] \\\\\"C:\\Program Files\\Messenger\\msmsgs.exe\\\\\" /background
O4 - HKCU\\..\\Run: [TV Media] C:\\Program Files\\TV Media\\Tvm.exe
O4 - HKCU\\..\\Run: [TaskTray] C:\\Program Files\\Creative\\TaskBar\\CTLTray.exe
O4 - HKCU\\..\\Run: [TaskBar] C:\\Program Files\\Creative\\TaskBar\\CTLTask.exe
O4 - HKCU\\..\\Run: [ContextUninstall] C:\\WINDOWS\\STUninstall.exe
O4 - HKCU\\..\\Run: [AVG7_Run] C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE
O4 - Startup: Microsoft Find Fast.lnk = C:\\Program Files\\Microsoft Office\\Office\\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\\Program Files\\Microsoft Office\\Office\\OSA.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: Add A Page Note - C:\\Program Files\\CommonName\\AddressBar\\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\\Program Files\\CommonName\\AddressBar\\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\\Program Files\\CommonName\\AddressBar\\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\\Program Files\\CommonName\\AddressBar\\navigate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\WINDOWS\\System32\\msjava.dll
O9 - Extra \\\\\\\'Tools\\\\\\\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\WINDOWS\\System32\\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \\\\\\\'Tools\\\\\\\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .qt: C:\\Program Files\\Internet Explorer\\PLUGINS\\npqtplugin.dll
O12 - Plugin for .spop: C:\\Program Files\\Internet Explorer\\Plugins\\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmg...C_1_0_0_37.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all04.1and1.co.uk/app/stat...vex/msxml4.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
O23 - Service: Ati HotKey Poller - Unknown - C:\\WINDOWS\\System32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\\WINDOWS\\System32\\CTsvcCDA.EXE
O23 - Service: Intel(R) NMS - Intel Corporation - C:\\WINDOWS\\System32\\NMSSvc.exe
Last edited by Bern Oulli; 11th Mar 2005 at 07:19.
Bern Oulli is offline