Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

*Help Please*


  • Please log in to reply
2 replies to this topic

#1 Newhook

Newhook

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 07 September 2005 - 11:26 AM

Sorry for the 2 posts earlier using a lower version of Hijackthis. Here is the new log. Thanks for any help you can provide.

Logfile of HijackThis v1.99.1
Scan saved at 1:51:32 PM, on 9/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ShipConstructor2005\ARLLicenseServer.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\d3qs32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mfcde32.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ffqqp.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ffqqp.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ffqqp.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {073966FB-50D8-55DE-2E21-4EF25367618D} - C:\WINDOWS\iegk.dll
O2 - BHO: Class - {1C678C96-122A-87F8-5AFD-0FCEB8F0D790} - C:\WINDOWS\system32\netqz.dll
O2 - BHO: Class - {212369CB-F3F6-8742-D3D1-58CD02D51232} - C:\WINDOWS\crnb.dll
O2 - BHO: Class - {279FD406-3E66-6632-B92E-52FA0C47B825} - C:\WINDOWS\system32\addvo.dll
O2 - BHO: Class - {27E66E0E-10B1-AE94-6FA4-137B013EE875} - C:\WINDOWS\system32\sysub.dll
O2 - BHO: Class - {44B14A5D-EF05-8A73-645F-321A1D3DA204} - C:\WINDOWS\sdkqt32.dll
O2 - BHO: Class - {4CD058D5-624E-7C08-7E2E-A241EC81C5AE} - C:\WINDOWS\winqx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {5C75B853-1EC1-B898-A739-BE09D60085E9} - C:\WINDOWS\system32\addnf32.dll
O2 - BHO: Class - {6BFC5BA7-FCB6-8F85-8198-1DE00B600B82} - C:\WINDOWS\sysoy32.dll
O2 - BHO: Class - {729C8736-0F18-3F7A-E5BB-A9B57E2CDBEC} - C:\WINDOWS\system32\appvr.dll
O2 - BHO: Class - {816A50DB-569D-3BB1-E768-24983B6F81CB} - C:\WINDOWS\system32\javarr32.dll
O2 - BHO: Class - {8D1F5508-6A6E-5EA4-B010-5E880FBC9119} - C:\WINDOWS\javagb.dll
O2 - BHO: Class - {8D86E46F-B9DE-ADD7-1BA7-60042DD50BAA} - C:\WINDOWS\adduo32.dll
O2 - BHO: Class - {8F990BB6-92DA-5618-847A-5DD4057B1ECE} - C:\WINDOWS\system32\msrd.dll
O2 - BHO: Class - {A2598A44-8F51-2796-2B61-432067DEDB33} - C:\WINDOWS\mskm32.dll
O2 - BHO: Class - {B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} - C:\WINDOWS\appna.dll
O2 - BHO: Class - {BB0899DA-43C2-1433-7B7D-EF0D5E117308} - C:\WINDOWS\system32\appus.dll
O2 - BHO: Class - {C49EE5EC-58A6-E279-05B8-E5C66D906219} - C:\WINDOWS\system32\appql.dll
O2 - BHO: Class - {D1C70DA7-92D8-58EF-D6F7-21194D484E37} - C:\WINDOWS\system32\appkp32.dll
O2 - BHO: Class - {D8484CF4-5494-E17B-9906-2092764D6C73} - C:\WINDOWS\system32\appsf.dll
O2 - BHO: Class - {E1545A56-DE0C-2E0C-EE11-ABB18D6F1A8E} - C:\WINDOWS\ntob32.dll
O2 - BHO: Class - {E43F4B40-E371-59B7-F4A8-FF87ADFCEAF4} - C:\WINDOWS\ieef32.dll
O2 - BHO: Class - {FB29FD22-44EE-499C-C5FF-ECF26EE29F07} - C:\WINDOWS\appdx32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [d3qs32.exe] C:\WINDOWS\d3qs32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: E-Mail.lnk = ?
O4 - Startup: Timesheet 2005.xls.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...ture-KD34XBR960
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bridge.genoadesign.com
O17 - HKLM\Software\..\Telephony: DomainName = bridge.genoadesign.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bridge.genoadesign.com
O23 - Service: ARLLicenseServer - ARL - C:\Program Files\ShipConstructor2005\ARLLicenseServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

BC AdBot (Login to Remove)

 


#2 Mike1901

Mike1901

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 07 September 2005 - 11:48 AM

I'll take a look :thumbsup:

#3 Newhook

Newhook
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 08 September 2005 - 05:51 AM

Anyone get a chance to look at this??


Thanks a million




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users