|
|
#1
15th Aug 2007, 13:19
| |||
| |||
| Hi, evilFantasy how 'bout this one? Logfile of HijackThis v1.99.1 Scan saved at 4:19:10 PM, on 8/15/2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP Connections\6811507\Program\HP Connections.exe C:\Windows\System32\rundll32.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\mstsc.exe C:\Windows\system32\wuauclt.exe C:\Windows\explorer.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\Users\Ida\AppData\Local\Temp\Temp2_hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Ida\AppData\Local\Temp\low\COUPON~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Ida\AppData\Local\Temp\low\CouponBarIE.dl l O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe O4 - Global Startup: Powerword 2003.lnk = C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) |
|
#2
15th Aug 2007, 14:01
| |||
| |||
| Please do not begin a new diagnosis in an existing thread. You can start a new thread for a different HJT log. We have not gotten the last one fixed as far as I know. Is this from a machine running Vista? If not what OS is it? |
|
#3
15th Aug 2007, 14:02
| |||
| |||
| Also: HijackThis should be run from a permanent place on your hard drive. Please do this first: Go to C: and create a new permanent folder (call it hijackthis). Then put (or download - choose "save" not "run") the hijackthis.exe file in it (You must unzip it if it's zipped). You should now have C:\hijackthis\hijackthis.exe. Then run hijackthis by clicking this .exe file. By doing this, you will have backups if you accidentally remove the wrong item (running from a temporary folder these backups can easily get lost). |
|
#4
15th Aug 2007, 14:14
| ||||||||||||
| ||||||||||||
| What is the problem, you asked them to run hijackthis and that is what they have done.
__________________
 My System: Hybr!d
|
|
#5
15th Aug 2007, 14:16
| |||
| |||
| It is a different machine. It will be easier if they were in their own threads. |
|
#6
15th Aug 2007, 14:19
| |||
| |||
| *** Moved to it's own thread *** |
|
#7
15th Aug 2007, 14:21
| |||
| |||
| Thanks Dave, It would be too easy to suggest the wrong procedure on the wrong machine the other way. Working on new log now...... |
|
#8
15th Aug 2007, 14:43
| |||
| |||
| Why do you not have any Antivirus? Download Avast! Home Free Here Run scans as soon as possible. Go into add/remove programs and see if anything you know shouldn't be there has been installed that you can un-install. Like Toolbars. Entries to remove in HJT. Start HJT and select do a system scan only. Check mark these entries. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Ida\AppData\Local\Temp\low\COUPON~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Ida\AppData\Local\Temp\low\CouponBarIE.dl l remember to close all windows before clicking fix checked Then run CCleaner. Use the default options. If you do not have CCleaner please install it. Here Once CCleaner is open use the default options and click Analyze and it will show a log of what will be removed. Next click Run Cleaner to remove everything. Next on the upper left of CCleaner select the Issues tab. Next click Scan For Issues. Next click Fix selected issues. It will prompt you to make a backup. For the first run I would suggest doing so. If you don't have Spybot Search & Destroy please download/install it. Here Check for updates now and get any updates. Look for the Immunize feature in Spybot and use it. Do not use the Teatimer function. Run Spybot and let it fix what it finds. If it finds anything it can not fix let us know. Then please post a fresh HJT log. |
|
#9
15th Aug 2007, 14:53
| |||
| |||
| Hi again, well we do have Norton, but somehow it's not quite OK? I'm replacing the IT guy here. He's pi$$ed somehow with the upper management. The OS is XP, and 1 is Vista. Somehow, the network got screwed, then the printers....my goodness, it would be all day tomorrow. Thx guys for helping me out. |
|
#10
15th Aug 2007, 15:00
| |||
| |||
| You may want to tell management he has your network at a critical state in not having it secure!!!! Let us know if further advice is needed. |
 |
 |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Checking up | rsteenoven | Virus, Spyware & Security | 2 | 9th Jul 2008 13:14 |
| Oregonian checking in | JodyM | Introduce Yourself Here | 4 | 2nd Jul 2008 06:32 |
| Checking file system on c:?! | KanoakaVirus | Windows Operating Systems | 12 | 20th Mar 2008 10:26 |
| Checking in - introduction | spot | Introduce Yourself Here | 6 | 24th Feb 2008 18:34 |
| Just checking | rsteenoven | Virus, Spyware & Security | 4 | 3rd Feb 2008 11:58 |
| Thread Tools | |
| |
