Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

Hjt Log File


  • This topic is locked This topic is locked
8 replies to this topic

#1 darkgohan

darkgohan

    New Member

  • Authentic Member
  • Pip
  • 4 posts

Posted 11 November 2003 - 03:17 PM

Logfile of HijackThis v1.97.5
Scan saved at 1:11:50 PM, on 11/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Ursr] C:\Documents and Settings\Administrator\Application Data\uidc.exe
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: DigiChat Applet - http://host.digichat...s/Client_IE.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7365.2914583333
O16 - DPF: {9FC9C569-BBEE-491A-A57C-A5E3F048DA31} (Setup Object) - http://services.yumm...PlayerSetup.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

Advertisement


#2 Daemon

Daemon

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPipPip
  • 3,521 posts

Posted 11 November 2003 - 03:41 PM

With only HJT running, have it fix:

O4 - HKCU\..\Run: [Ursr] C:\Documents and Settings\Administrator\Application Data\uidc.exe

reboot, find and delete:

C:\Documents and Settings\Administrator\Application Data\uidc.exe

#3 darkgohan

darkgohan

    New Member

  • Authentic Member
  • Pip
  • 4 posts

Posted 11 November 2003 - 03:53 PM

thank you can you tell me how to locate the c document you noted,I am not good with p.c.s- tia

#4 Daemon

Daemon

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPipPip
  • 3,521 posts

Posted 11 November 2003 - 04:15 PM

Sure, Start>Programs>Accessories>Windows Explorer then click 'search' for the file

#5 darkgohan

darkgohan

    New Member

  • Authentic Member
  • Pip
  • 4 posts

Posted 11 November 2003 - 05:41 PM

I really appreciate your help,I could not have done this on my own.When i did the search as described nothing was found,is there something I am missing or ?The search found no results.

#6 Daemon

Daemon

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPipPip
  • 3,521 posts

Posted 11 November 2003 - 06:10 PM

Looks like it was cleared - has your problem been resolved?

#7 darkgohan

darkgohan

    New Member

  • Authentic Member
  • Pip
  • 4 posts

Posted 11 November 2003 - 06:26 PM

Thank you,was not sure if it was gone or I had just not located it,and yes I am pleased with this check up. Take care my friend

#8 Daemon

Daemon

    Retired Staff-Malware Expert

  • Authentic Member
  • PipPipPipPipPip
  • 3,521 posts

Posted 11 November 2003 - 06:56 PM

You're welcome - glad to help :D

#9 cnm

cnm

    -

  • Visiting Fellow
  • PipPipPipPip
  • 654 posts

Posted 11 November 2003 - 06:59 PM

Glad we could help. :)

If you need this topic reopened, please request this by sending
Email to Zero or
Email to cnm or
Email to Coyote
Choose only one of the above
Include your post user name and detail why you need it reopened with a valid link to your post, any bad links or emails that are not from the original poster will be deleted without response.

Others please start a New Topic.

Advertisement




Similar Topics: Hjt Log File     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users