hijack this log-anyone to help please?

  wots it all about 14:11 30 May 05
Locked

Part one
Logfile of HijackThis v1.99.0
Scan saved at 13:52:10, on 30/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\5ac69tq9.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = click here*click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = click here*click here
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {11AE6604-818C-5674-D543-A5DD292CDB2A} - C:\WINDOWS\system32\nettc32.dll
O2 - BHO: (no name) - {251F1678-C6A5-89D9-D60F-44823539572A} - (no file)
O2 - BHO: (no name) - {36981703-1485-0313-13DD-7B92DCE8CA3E} - C:\WINDOWS\iebk32.dll
O2 - BHO: (no name) - {67C3D253-86E0-3455-99E5-3DD535E435E7} - C:\WINDOWS\ieon32.dll
O2 - BHO: (no name) - {976DFA7F-2E21-F47E-C5BB-B6C988EE98A5} - C:\WINDOWS\system32\iewb.dll
O2 - BHO: (no name) - {97AB2DB6-2797-5E66-F69B-1C10B62342C2} - C:\WINDOWS\mfczv32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F9AD27F1-50B4-A52F-10E5-9CAEB34A9715} - C:\WINDOWS\system32\atlcc32.dll

  wots it all about 14:21 30 May 05

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Grid Axis Global Free] C:\Documents and Settings\All Users\Application Data\Debug Dvd Grid Axis\corn log.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [5ac69tq9] C:\WINDOWS\System32\5ac69tq9.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Windows.hta
O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: BT - {9B4FA52B-1B82-41A4-A632-738F65490A0D} - click here (file missing) (HKCU)
O9 - Extra button: Homepage - {D8C37BFB-10B1-4C22-8624-44CA2FCD5AF5} - click here (file missing) (HKCU)

  wots it all about 14:22 30 May 05

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - click here
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - click here
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - click here
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - click here
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - click here
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - click here
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - click here
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - click here
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - click here
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - click here
O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} - click here
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - click here
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - click here
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CAE70A6-1031-4E12-AC57-14F22A028D27}: NameServer = 194.72.9.38 194.74.65.87
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\syspd32.exe (file missing)
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Miscrosoft Updates Service 4 - Unknown - C:\WINDOWS\System32\msupd4.exe
O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
O23 - Service: Windows Update Service - Unknown - C:\WINDOWS\System32\wuamgrd.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

  stalion 14:23 30 May 05

Hijack this log's now need to be posted here
click here
Regards

  Completealias 14:33 30 May 05

In this months pc advisor there is this

"you can now submit your hijack this log to an online analyser at click here they will send you back a formatted report telling you whats safe etc "

  Fruit Bat /\0/\ 14:43 30 May 05

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -click here
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - click here

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -click here

O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - click here

O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} -click here

With my limited knowledge these are definately nasty and should be fixed.

  Fruit Bat /\0/\ 15:00 30 May 05

Unfortunately the robotic anlysis is suspect and may get you to delete unnecessary items please use the link posted by stallion.

Your problems have been caused to some extent by messenger plus

  Completealias 15:13 30 May 05

Yes so it seems have just run through a logfile from my pc and it threw up a file to do with msn toolbar as dodgy and told me parts of avast were unnesscary ie the email scanner!

  pj123 16:04 30 May 05

Have a read through this thread.

click here

  Completealias 20:33 30 May 05

after reading the thread as posted by pj123 please ignore my link to the online analyser it seems like this isn't such a good thing after all

  Nellie2 21:55 30 May 05

I've had a quick scan over your log and you do have a few problems there, Lop and Huntbar amongst them.

It would be a good idea to post your hijack log at the link given by stalion, you could try this Huntbar removal tool before you do if you like

click here

And delete the version of hijack this that you have and update to version 1.99.1 available click here before you do post your log.

Good luck!

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

Best Christmas Agency Projects of 2016

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…