UID158.exe & Hijackthis trouble!

Discussion in 'Software Q&A' started by Mefistofeles, Oct 30, 2006.

Thread Status:
Not open for further replies.
  1. Mefistofeles

    Mefistofeles New Member

    Joined:
    Oct 24, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    Ever since yesterday, everytime I switch on my comupter, I get this messege.

    http://img125.imageshack.us/img125/9692/20061030204733gx4.jpg

    I use Intel Pentium 4 .. 1.7 Ghz processor, 512 MB DDR RAM, an 80 GB HDD, onboard Intel 845 graphics and a soundcard from Creative that supports 5.1 speakers.

    I'm using legit versions of Windows XP SP2 Edition and the Office 2007 beta.

    Here is my Hijackthis report.

    *********
    Logfile of HijackThis v1.99.1
    Scan saved at 3:20:19 PM, on 10/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5346.0005)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\system32\mat3.exe
    C:\windows\system32\mat2.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    D:\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\windows\System32\HPZipm12.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\windows\Explorer.EXE
    C:\WINDOWS\TEMP\EQF933.EXE
    C:\windows\system32\wscntfy.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
    C:\Program Files\Sify Broadband\BBImpSec.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Documents and Settings\Suraj Chandrakar\Desktop\Tombstone\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [PC Auto Shutdown] D:\PC Auto Shutdown\AutoShutdown.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
    O4 - HKLM\..\RunServices: [secures23] lup.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF02D878-0A2C-47B8-A95D-D3926C154163}: NameServer = 202.144.96.4,202.144.66.6
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
    O23 - Service: aDLCaE - Unknown owner - C:\windows\system32\mat3.exe
    O23 - Service: aDLCJDdsaE - Unknown owner - C:\windows\system32\mat2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ColdFusion MX 7 Application Server - Unknown owner - D:\CFusionMX7\runtime\bin\jrunsvc.exe (file missing)
    O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - D:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "D:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Nero 7\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\windows\System32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

    *********

    If you can, suggest what processes can be fixed from that report.
     
  2. kl_ravi

    kl_ravi New Member

    Joined:
    Dec 29, 2003
    Messages:
    247
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    ತುಮಕೂರು, ಕರ್ನಾಟಕ
    Fix the bold entries ...
     
  3. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    some infections there...copy-paste ur hijackthis log file at www.hijackthis.de and click analyze for details.
    generally speaking go in safe mode and scan ur pc with 1 good av (avast/avg) and 2 anti-spy (adaware + avg-anti-spyware)
     
  4. OP
    OP
    Mefistofeles

    Mefistofeles New Member

    Joined:
    Oct 24, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    K I'll do that .. thanks for your help both of you :) I cant really uninstall my current antivirus (Trend Micro Office Scan) coz it comes as a package setup alongwith my Sify Broadband connection. If I uninstall it, the Sify Client setup refuses to connect and asks to install Trend Micro first, which is automaticaly downloaded from Sify's servers.

    I cannot eliminate Autoshutdown, that's a software I'm in regular need of.

    Anyways I'll get avast checks and scans by anti-adware and anti-spyware and post my hijackthis long again. Thanks for the link too :D
     
  5. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    trendmicro is a GOOD av. no need to unistall it. u r safe with it. scan in safe mode for best results.
     
Thread Status:
Not open for further replies.

Share This Page