Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Outlook


  • Please log in to reply

#1
Greenster

Greenster

    New Member

  • Member
  • Pip
  • 7 posts
:tazz: Logfile of HijackThis v1.99.1
Scan saved at 01:08:14, on 09/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\Program Files\ntl\broadband medic\bin\mad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\1033\msohelp.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/Default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124502041605
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124502128840
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED22C890-8B7F-48EE-BA18-B12D0C41DF4C}: NameServer = 194.168.4.100 194.168.8.100
  • 0

Advertisements


#2
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Can you get the input page

Edited by Keith, 08 September 2005 - 08:22 PM.

  • 0

#3
Greenster

Greenster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
:tazz:
  • 0

#4
Greenster

Greenster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
:tazz:
  • 0

#5
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Howdy:

Rather than just sitting there whistling, have you checked what Keith asked for??

Murray
  • 0

#6
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Sorry Murray

I asked for pics and got account names so I put the whistles in

:tazz: :) :) :) :ph34r:

Thanks for looking out for me
  • 0

#7
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Keith:

I was seeing the Outlook account setup window.. Was that the one you wanted in there??

Murray
  • 0

#8
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Hello Murray,

That was OK, as it was mine, when I asked them to send theirs, it arrived with real name and e-mail address etc, so I removed them and explained to her why in chat.

Thanks again for picking up on it.

Keith
  • 0

#9
Greenster

Greenster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi keith, sorry I had to go last night, felt bad about it when you had been so helpful. are you about at the moment?
  • 0

#10
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Hello Greenster,

Probably wise to wait for the malware team to look through the Hijack This log, as malware would prevent any changes being made

Keith
  • 0

#11
Greenster

Greenster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks Keith, i have tried restoring system to a date when it was working, still not having any look. My ISP doesn't seem to care. Just trying a restore/repair again.

Thanks for your assistance
Greenster
  • 0

#12
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Have the malware team said anything
  • 0

#13
Greenster

Greenster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hi keith, thanks for reply. I don't think the malware team have come back to me. Would they reply on here?

Is live chat down at the moment?

Regards
Greenster
  • 0

#14
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
You will get the reply to your malware post

Live Chat is running now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP