« previous next »
Pages: [1]   Go Down

Author Topic: Please have a look at this log file  (Read 3805 times)

0 Members and 1 Guest are viewing this topic.

rangefree69

  • Guest
Please have a look at this log file
« on: May 16, 2004, 12:29:49 PM »
Hi

Something weird is happening.  There is load of stuff in the startup when i run msconfig.  I have run adaware have removed plenty of items but still having problems.  Thinking that it may be something that is shown in this hijackthis log file.

Please help

Thanks

Logfile of HijackThis v1.97.7
Scan saved at 2:55:05 PM, on 5/16/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\JSTSC.EXE
C:\WINDOWS\SYSTEM\NSTSCHI.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.theage.com.au/
R3 - Default URLSearchHook is missing
F1 - win.ini: run=c:\windows\SYSTEM\cmmpu.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.theage.com.au"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\dqz1xf5h.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\dqz1xf5h.slt\prefs.js)
O2 - BHO: (no name) - {E5B2AA55-D394-4d51-BD6D-5D03385AF186} - C:\WINDOWS\SYSTEM\TH796E0SKSJH.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [bpcpost.exe] c:\windows\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AustraliaLove] c:\program files\dialers\australialove\australialove.exe /noconnect
O4 - HKLM\..\Run: [MixThis] C:\PROGRA~1\ROAMBA~1\Ping Mail.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [cctresa] C:\WINDOWS\SYSTEM\cctresa.exe
O4 - HKLM\..\Run: [ICODEUN] C:\WINDOWS\SYSTEM\ICODEUN.exe
O4 - HKLM\..\Run: [tlA] C:\WINDOWS\SYSTEM\tlA.exe
O4 - HKLM\..\Run: [SSIGN32M] C:\WINDOWS\SYSTEM\SSIGN32M.exe
O4 - HKLM\..\Run: [JSTSC] C:\WINDOWS\SYSTEM\JSTSC.exe
O4 - HKLM\..\Run: [NSTSCHI] C:\WINDOWS\SYSTEM\NSTSCHI.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WINZIP\WZQKPICK.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Symantec Shared\sevinst.exe

Logged

shgoh

  • Guest
Re:Please have a look at this log file
« Reply #1 on: May 16, 2004, 12:54:49 PM »
i'm not very sure....but then i found these entries unhealthy

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [AustraliaLove] c:\program files\dialers\australialove\australialove.exe /noconnect
O4 - HKLM\..\Run: [MixThis] C:\PROGRA~1\ROAMBA~1\Ping Mail.exe


have you try running spybot?

http://spybot.safer-networking.de/
« Last Edit: May 16, 2004, 12:56:14 PM by shgoh »
Logged

rangefree69

  • Guest
Re:Please have a look at this log file
« Reply #2 on: May 17, 2004, 08:10:21 AM »
Thanks

I am also a little worried about:

O4 - HKLM\..\Run: [bpcpost.exe] c:\windows\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [cctresa] C:\WINDOWS\SYSTEM\cctresa.exe
O4 - HKLM\..\Run: [ICODEUN] C:\WINDOWS\SYSTEM\ICODEUN.exe
O4 - HKLM\..\Run: [tlA] C:\WINDOWS\SYSTEM\tlA.exe
O4 - HKLM\..\Run: [SSIGN32M] C:\WINDOWS\SYSTEM\SSIGN32M.exe
O4 - HKLM\..\Run: [JSTSC] C:\WINDOWS\SYSTEM\JSTSC.exe
O4 - HKLM\..\Run: [NSTSCHI] C:\WINDOWS\SYSTEM\NSTSCHI.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Symantec Shared\sevinst.exe

Can anyone help with what these files are.  Why is sevinst.exe (a symentec file) associated with adobe gamma loader?

Oh I wish I knew this stuff.

Can anyone help please
Thanks
RF69
Logged

CoJo

  • Guest
Re:Please have a look at this log file
« Reply #3 on: May 17, 2004, 11:42:53 PM »
Hello... :)

http://computercops.biz/HijackThis.html

I use this to help me with my Hijack log...hope it helps you, too ;)

cojo
Logged
Pages: [1]   Go Up
« previous next »