Hijackthis file needs a look at.....

BigJay

BigJay

Kingsize Crunchie
Joined
Sep 13, 2004
Messages
615
Reaction score
10
Hi folks,
Just got a call from a mate, convinced he has a 'trojan worm'.
laughingsmiley.gif

Just managed to get him to download Hijackthis and he sent me the log.
Could the infinatly more enlightened out there, have a look and let me know anything i need to.

He has "lots of problems" when trying to surf, but that is as mutch I know for now.

Cheers in advance.

Logfile of HijackThis v1.99.1
Scan saved at 7:28:39 PM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winlogon.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Wanadoo\WanadooConnectionKit\atdialler1.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Rar$EX00.234\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dllprd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snobpornmovies.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F3 - REG:win.ini: run=C:\WINDOWS\inet20126\winlogon.exe
O2 - BHO: C:\WINDOWS\system32\zoPrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zoPrypt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20126\winlogon.exe
O4 - HKLM\..\Run: [AntiVerminser] C:\Program Files\AntiVerminser\AntiVerminser.exe /h
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20126\free.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [system] C:\Program Files\Common Files\system\lsass.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\cdrscimq3072.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20126\winlogon.exe
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winlogon.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\Wanadoo\WanadooConnectionKit\atdialler1.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {0EE24078-6503-1817-73AB-7F973D1CCB38} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {15779BD7-7E6A-561A-B631-5CCB78CBF6B4} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1A7881D3-6E9D-002C-61ED-0481204F95B2} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {4F0E9B32-8ADA-42E4-DA4E-5A5345806C5C} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {61D18F3B-F02B-2C08-1DDE-0BB376E59D33} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {7419A6B0-3AE4-5F9A-5AFF-57B6797ACFAA} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {762A10D2-7224-5B3E-65A7-183A30DDE73F} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.13/ttinst.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba1440.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1035C90-CBF4-426E-8956-DE4202FEC0A5}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Mfebibnb.dll (file missing)
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi67811.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ieupdate.exe (file missing)
O23 - Service: msupdatefs (Microsoft Updater FileSystem) - Unknown owner - C:\WINDOWS\system32\update13428241.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

I have seen a couple of 'naughty' lines.
I can't wait to tell him that, but he will blame his kids, no doubt.
 
Yep ... it is infested up to the eyeballs, where to start. :rolleyes:

You is gonna need more than just HJT to "fix" this little bugger ... Trojans, dialer's & a load of other crap.


The easy fix is ... Format it. :thumb:


Try "fixing" the following ...
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winlogon.exe
O2 - BHO: C:\WINDOWS\system32\zoPrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zoPrypt.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20126\winlogon.exe
O4 - HKLM\..\Run: [AntiVerminser] C:\Program Files\AntiVerminser\AntiVerminser.exe /h
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINDOWS\inet20126\free.exe
O4 - HKCU\..\Run: [system] C:\Program Files\Common Files\system\lsass.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\cdrscimq3072.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20126\winlogon.exe
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winlogon.exe
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\Wanadoo\WanadooConnectionKit\atdialler1.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {0EE24078-6503-1817-73AB-7F973D1CCB38} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {15779BD7-7E6A-561A-B631-5CCB78CBF6B4} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {1A7881D3-6E9D-002C-61ED-0481204F95B2} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {4F0E9B32-8ADA-42E4-DA4E-5A5345806C5C} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {61D18F3B-F02B-2C08-1DDE-0BB376E59D33} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {7419A6B0-3AE4-5F9A-5AFF-57B6797ACFAA} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {762A10D2-7224-5B3E-65A7-183A30DDE73F} - http://85.255.115.229/1/gdnFR1440.exe
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba1440.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1035C90-CBF4-426E-8956-DE4202FEC0A5}: NameServer = 195.92.195.95 195.92.195.94
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Mfebibnb.dll (file missing)
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi67811.exe (file missing)
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ieupdate.exe (file missing)
O23 - Service: msupdatefs (Microsoft Updater FileSystem) - Unknown owner - C:\WINDOWS\system32\update13428241.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)


Well, that's a start ... this PC is a Zombie ... I highly recommend formatting it ... don't call me unless that is done.

Good luck!
happywave.gif
 
Thanks Mucks!

Three sons in this house 20,18 and 14. So you can see the problem.

The pc is in a real mess, and its full to overflowing, so a format would be good, but the owner is a complete noob, and I would have to do everthing!

Ok so will remove all these, in safemode I presume. Then another HJT scan?
 
use hijackthis to remove them by checking the boxes. a reboot will be required.
I see nod32 as the virus scanner, is it current? if out of date and he has no
plans on paying to update it, then remove it, install anti-vir and let that rip.

if you are going to try and save the install, you will have a bit of work ahead of you. If there are multiple logons, you will need to disinfect each one.
install spybot search and destroy and let it clean up the assorted crap it finds,
then I would install crapcleaner and have it completely cleanout ALL the temporary directories.

for the antivirus run, I would install, update, then reboot into safe mode, command prompt, then start antivir manually from the command prompt, using a default install, the command will be:
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe

Now there are a bunch of nasties out there that reinstall themselves from hidden directories, also root kits, and some common ones that remove a common dll that alot of anit malwayre software uses.
you;ve got your hands full there, as Mucks said, it may be better to format c:
 
BigJay said:
Thanks Mucks!

Three sons in this house 20,18 and 14. So you can see the problem.

The pc is in a real mess, and its full to overflowing, so a format would be good, but the owner is a complete noob, and I would have to do everthing!

Ok so will remove all these, in safemode I presume. Then another HJT scan?
Click to expand...

Their pc their problem . Give them the information and offer advice . Let them clean it up . They'll learn some valuable lessons .
laughingsmiley.gif
 
Abarbarian said:
Their pc their problem . Give them the information and offer advice . Let them clean it up . They'll learn some valuable lessons .
laughingsmiley.gif
Click to expand...

If only.
The two eldest are away at uni mon to fri, and the 14 y.o. is only a occasional visitor. The man of the house, my mate, is usless at the pc. It took 3, 1 hour sessions to teach him to turn it on.

It's going to cost him a lot of cider to sort this out
nod.gif
 
ok guys, here is the new hjt log.....

Logfile of HijackThis v1.99.1
Scan saved at 6:41:46 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dllprd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snobpornmovies.com/ to v... Are you at least 18 years old
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: run=C:\WINDOWS\inet20126\winlogon.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winlogon.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1035C90-CBF4-426E-8956-DE4202FEC0A5}: NameServer = 195.92.195.94 195.92.195.95
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi67811.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ieupdate.exe (file missing)
O23 - Service: msupdatefs (Microsoft Updater FileSystem) - Unknown owner - C:\WINDOWS\system32\update13428241.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


How does this look now?

This PC is in a real mess!

I've found Smitfraud-C, mailbot, NAT, win32.Small.dp among many others. Not sure where to go from here to rescue the situation without a full format.

Can we save the day? Over to you lot.
 
Last edited:
It's still a mess, sad to say.

When you start HJT you'll get a choice. Choose 'save a logfile' then copy & paste the text here . Next, click 'analyze'. That'll show you what's bad.
 
zorrofox said:
It's still a mess, sad to say.

When you start HJT you'll get a choice. Choose 'save a logfile' then copy & paste the text here . Next, click 'analyze'. That'll show you what's bad.
Click to expand...
Up to a point it is a fair analysis, but in this case there are some items marked as "safe" that I would not like to see on my PC. ;)
 
muckshifter said:
Up to a point it is a fair analysis, but in this case there are some items marked as "safe" that I would not like to see on my PC. ;)
Click to expand...

I agree. Still, it's a place to start.
 
Back
Top