hjt log help

Discussion in 'System Security & Infection Support' started by jabakuz, Mar 28, 2005.

  1. jabakuz

    jabakuz

    Joined:
    Mar 28, 2005
    Messages:
    2
    Likes Received:
    0
    Location:
    Australia
    could somebody please check my log. any help would be appreciated.

    Logfile of HijackThis v1.99.0
    Scan saved at 10:42:03 AM, on 28/03/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\VET\isafe.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\VET\VetMsg.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\VET\VetTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\atioglxx.exe
    C:\WINDOWS\System32\avtapi97.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Anthony\Desktop\temp\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\Anthony\Local Settings\Temp\Temporary Directory 15 for hijackthis.zip\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {76870A23-9677-59FB-CF21-20DE059A6ECA} - C:\DOCUME~1\Liz\APPLIC~1\CDROMS~1\Idoldefy.exe
    O2 - BHO: (no name) - {9114249C-F5E5-36A3-4480-169B869E0556} - (no file)
    O4 - HKLM\..\Run: [VetTray] C:\VET\VetTray.exe
    O4 - HKLM\..\Run: [48a523d8591b] C:\WINDOWS\System32\avtapi97.exe
    O4 - HKLM\..\Run: [manager trust web road] C:\Documents and Settings\All Users\Application Data\OOZEBIBMANAGERTRUST\ARMY GLOBAL.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\VET\isafe.exe
    O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\VET\VetMsg.exe


    --------------------------------------------------------------------------

    i am also having trouble with a lop bar, if anyone knows how to remove it pm me or reply to this post
     
    Last edited: Mar 28, 2005
    jabakuz, Mar 28, 2005
    #1
    1. Advertisements

  2. jabakuz

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Check these, click fix and reboot into Safe Mode. Run an updated version of AdAware while in Safe Mode to remove any nasties.
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {76870A23-9677-59FB-CF21-20DE059A6ECA} - C:\DOCUME~1\Liz\APPLIC~1\CDROMS~1\Idoldefy.exe
    O2 - BHO: (no name) - {9114249C-F5E5-36A3-4480-169B869E0556} - (no file)
    O4 - HKLM\..\Run: [VetTray] C:\VET\VetTray.exe
    O4 - HKLM\..\Run: [48a523d8591b] C:\WINDOWS\System32\avtapi97.exe
    O4 - HKLM\..\Run: [manager trust web road] C:\Documents and Settings\All Users\Application Data\OOZEBIBMANAGERTRUST\ARMY GLOBAL.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\VET\isafe.exe
    O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\VET\VetMsg.exe
     
    Fenis-Wolf, Mar 28, 2005
    #2
    1. Advertisements

  3. jabakuz

    jabakuz

    Joined:
    Mar 28, 2005
    Messages:
    2
    Likes Received:
    0
    Location:
    Australia
    thanks for the help
     
    jabakuz, Mar 31, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.