home hardware prices news articles forums photos user reviews
Go Back   Tech Support Forums - TechIMO.com > PC Hardware and Tech > Technical Support
Ask a Tech Support Question (free)!

Another HiJackThis log

Reply
Get bargains at  »  Dealighted.com
 
Thread Tools Search this Thread
Currently Active Users: 1558
Discussions: 200,903, Posts: 2,378,877, Members: 246,272
Old October 7th, 2004, 06:35 PM   Digg it!   #1 (permalink)
Member
 
Join Date: Jun 2004
Location: London, England
Posts: 75
Another HiJackThis log Update: can't get into windows, asking for a forgotten passwor

Think a virus is in, t'was detected by AVG but can't find it on a scan, anything weird?:

Logfile of HijackThis v1.97.7
Scan saved at 22:39:31, on 07/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LeechGet 2004\LeechGet.exe
C:\WINNT\system32\CAPRPCSK.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
C:\WINNT\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.E XE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAPPSWK.E XE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\PROGRA~1\AIM95\aim.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator.TAN\My Documents\HiJackTHis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 194.117.133.54:8080
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CAPON] C:\WINNT\System32\Spool\Drivers\w32x86\3\CAPONN.EX E
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [LeechGet] "C:\Program Files\LeechGet 2004\LeechGet.exe" -intray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
O4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\WINNT\SYSTEM32\spool\drivers\w32x86\3\CAPPSWK.E XE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct0_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/game...ts/y/nt0_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.browserplugin.com/eroticA...bs/1764015.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...271ab95b94951b
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5CA42785-ABC3-11D2-9F81-00104B2225C5} (Immersion Web ActiveX Control) - http://www.immersion.com/plugins/ImmWeb.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://geotoo.mkm-wpe.net/activex/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...616.1832407407
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/ang...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - http://www.shockwave.com/content/com...c/CMonline.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = homepc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = homepc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = homepc
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = homepc

Last edited by willthegrinder : October 10th, 2004 at 02:51 PM. Reason: More problems
willthegrinder is offline   Reply With Quote
Old October 8th, 2004, 01:33 PM     #2 (permalink)
Member
 
Join Date: Jun 2004
Location: London, England
Posts: 75
any help???
willthegrinder is offline   Reply With Quote
Old October 8th, 2004, 02:19 PM     #3 (permalink)
I do Ouchy-Bleedy.
 
no1_vern's Avatar
 
Join Date: Apr 2002
Location: Albany, Ga.
Posts: 10,636
Hi will,
The only thing that jumps out at me is the program leechget.exe.

I suggest you use another AV scanner try:
http://www.pandasoftware.com/actives..._principal.htm

AND:

http://housecall.trendmicro.com/hous...start_corp.asp

Use them both. If neither find anything you are clean and can look for something else.
__________________
They say technology slows down for no one. I know it outruns my wallet. I figure its because my wallet isn't light enough yet.
no1_vern is online now   Reply With Quote
Old October 8th, 2004, 02:27 PM     #4 (permalink)
Ultimate Member
 
DanGrease's Avatar
 
Join Date: Aug 2003
Posts: 2,721
LeechGet is a freeware download managing program.
Its nothing malicious, so don't worry about that file.

-- Dan
DanGrease is offline   Reply With Quote
Old October 8th, 2004, 04:25 PM     #5 (permalink)
I do Ouchy-Bleedy.
 
no1_vern's Avatar
 
Join Date: Apr 2002
Location: Albany, Ga.
Posts: 10,636
Didnt know that Dan, thank for the info.
no1_vern is online now   Reply With Quote
Old October 10th, 2004, 02:33 PM     #6 (permalink)
Member
 
Join Date: Jun 2004
Location: London, England
Posts: 75
$$$

Woah, the computer is now totally screwed up.

Someone set it up for us originally, so that the password was typed n automatically when windows starts. We don't know the password.

now, windows starts and it comes up with a box telling me to press CTRL ALT DELETE to log in, then I have to put in the password, pressing cancel just brings me back to the thing saying press CTRL ALT DELETE

ive tried taking the password jumper off, but it didnt seem to work, ive tried putting it on one pin etc...

Now when the computer starts the black screen with white writing used to like say Alert cover was previously removed and more stuff then goto the black and white loading windows thing with the
|||||||||||||||||||||||||| type loading bar

now it just is:

_


and thats it (an underscore in the top left hand corner)
then it goes to the |||| loading bar


I'm thinking maybe giant anti spyware or something, an anti spyware program i recently installed is causing the ctrl alt delete box


Any ideas of whats going on/solution?

Last edited by willthegrinder : October 10th, 2004 at 02:49 PM. Reason: extra information
willthegrinder is offline   Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help w/ my Hijack This log BassFace Technical Support 9 August 9th, 2004 05:54 PM
Altnet.... Hickjack IE Gyurza Security and Privacy Issues 6 August 3rd, 2004 11:09 PM
Spyware on computer? Pete1 Networking and Internet 7 August 3rd, 2004 10:59 AM
Boss's computer infected, help me oh god :( Descent Security and Privacy Issues 8 July 9th, 2004 03:11 PM
PLEASE HELP ME laase12 Technical Support 12 June 30th, 2004 12:44 PM


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Most Active Discussions
Is It Just Me? (2799)
Is the PSU I received dead? (10)
Install XP pro and a Vista laptop ?.. (7)
California Passes Anti-Flat-HDTV Le.. (38)
A good PSU? (10)
Fox uses old news clips to inflate .. (33)
Foreign voltage (5)
New Computer wont recognize XP disc (7)
HIS HD5770 graphic card question (11)
Dept. of HS: NSA 'Helped' Develop V.. (12)
Print spooler problem (5)
EVGA 9800 gtx help with finding a g.. (6)
Ideal cheap graph card for PC-Gamin.. (13)
Mysterious Boot manager (9)
Recent Discussions
HIS HD5770 graphic card question (11)
Need hard disk drivers (3)
Cloning old drive to new drive (6)
Asus P4G8X Mobo (0)
Amptron monitor G17FP-Black (0)
windows vista security holes (0)
EVGA 9800 gtx help with finding a goo.. (6)
A good PSU? (10)
Install XP pro and a Vista laptop ?? (7)
Is the PSU I received dead? (10)
Ideal cheap graph card for PC-Gaming? (13)
HP Pavillion Laptop ze4220 won't turn.. (7)
Dept. of HS: NSA 'Helped' Develop Vis.. (12)
Foreign voltage (5)
Convert 5 pin Keyboard to USB (11)
Print spooler problem (5)
hybernate option (2)
Steam ID's, Gamertags etc... (1)
New Computer wont recognize XP disc (7)
World's largest Monopoly Game using G.. (328)
Modern Warfare 2: Who Bought It? (60)
[F@H SPAM 11/16/09] ! 1/2 months to r.. (28)
blender help (2)
Hard drive freezes boot (1)
Mysterious Boot manager (9)


All times are GMT -4. The time now is 02:25 AM.
TechIMO Copyright 2009 All Enthusiast, Inc.



1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28